Hi Philroc, If you have routing and firewalls set up to allow access to your virtual machines from whatever client machines you have, then there is no reason why a virtual machine cannot act as a server or a client. I have done this in the past. Though not your specific example.
The instructions of your link say your service principal contains the fully qualified domain name of your machine. So if your putative domain name is MYCOMPANY.COM, and your server is called 'centos1', your service principal is HTTP/[email protected]. If your putative domain name is CENTOS1.MYCOMPANY.COM, and your server is called 'alex', your service principal is HTTP/[email protected]. If this does not make sense you probably should read up on principal names in kerberos. The fully qualified domain name is a URL pointing to your machine, that is the name resolves to an IP address. You can achieve the URL being resolved in a number of ways: 1. The simple way is to add entries to the 'hosts" files of your server and client machines with a bogus fully qualified domain name as an alias for your machine eg assuming centos1 is the name of your machine: centos1.mycompany.com centos1 10.100.200.1 (or whatever your machine's IP address is. If you do not know what an IP address is then read up on it). You can do this in windows and unix. Note, you usually need the long name as the first entry, and I think it is good practice to have the short name as an alias. 2. Set up a DNS server that your clients and server can reference that serves similar 'bogus' addresses to that above, and defer to a senior DNS server to serve other addresses such as other company machines and general web addresses. If you do not understand this paragraph refer back to 1. I hope that helps and gets you started. Jeremy [email protected] wrote: > Hello, > > I am currently running a Spring application on Centos in a VirtualBox VM > hosted on Windows 7 and am trying to implement Kerberos ActiveDirectory > pre-authentication as in this example: > > http://blog.springsource.org/2009/09/28/spring-security-kerberos/ > > I would like to create a Kerberos service principal, using a "virtual" full > qualified domain name, eg > > HTTP/[email protected] > > By "virtual", I mean that the "centos1.mycompany.com" is not known by the > company DNS or ActiveDirectory, > because it only exists within the VM. > > I have the following questions: > > - can you use Kerberos to authenticate users connecting to a web application > running in a virtual machine? > > - will the above service principal work, although the machine's hostname only > exists within the VM? > > - is "centos1.mycompany.com" a good service principal, or do I need to create > an SP such as > > "web.centos1.mycompany.com"? > > Many thanks. > > Best regards, > > Philroc > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
