On Tue, 2011-08-09 at 03:56 -0400, Chris Hecker wrote: > Is service/129.168.1.5 a valid service principal?
Sure. It's not a principal that krb5_sname_to_principal() will generally return, but if you're creating principal names yourself, there's nothing invalid about that form. Of course, you'd have to make sure to key those hosts accordingly. I'm not sure what to recommend for you since I'm not sure what about the servers, if anything, you want to authenticate to the client. If the client doesn't care very much what server it's talking to (as long as it's within the realm at all) then there aren't a lot of constraints on what the server principal should be. They just need to be unique so that hosts can't impersonate clients to each other, and something the client can figure out or be informed of. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
