I want to have a UDP broadcast for the local subnet that looks for services on machines that won't necessarily have a hostname in any meaningful way (in other words, they'll have a hostname, but it's not going to be in any kind of DNS, so I'll be connecting by raw IP), and potentially a service directory that needs to be able to point to machines by IP address. What's the right way to do service principals in this case? Is service/129.168.1.5 a valid service principal? If not, do I need to reply to queries about these machines with the hostname they think they are, so the client can ask the KDC for a ticket with that hostname?
More concretely: - host a sends out a udp broadcast - host b replies, currently with its listen ip address and port - host a connects to b by ip:port or, alternatively: - host a contacts the directory - the directory sends a a list of ip addresses and ports - host a picks one and connects to ip:port Now, how to kerberize this? The directory is trivially kerberizable because it's at directory.example.com, but, what to return on queries, whether UDP broadcast or directory queries? Do I have to return the ip:port:hostname, so the client can form service/hostname@REALM and ask the KDC for a ticket? Thanks, Chris ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
