[32972] in Kerberos
Re: ssh to IP literal
daemon@ATHENA.MIT.EDU (Victor Sudakov)
Sun Dec 19 12:39:38 2010
From: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Date: Sun, 19 Dec 2010 16:25:30 +0000 (UTC)
Message-ID: <ielblq$2uaj$1@relay.tomsk.ru>
X-Complaints-To: noc@sibptus.tomsk.ru
X-Comment-To: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Russ Allbery wrote:
[dd]
> If you add an explicit domain_realm mapping for each IP address to the
> [domain_realm] section of your krb5.conf file, it will probably work, but
> it's generally a much better idea to use real host names (possibly in some
> private domain ending in .local or some similar marker).
I see. Do I need a real DNS or perhaps /etc/hosts will do? I share
/etc/hosts as a NIS map.
And another question. If a Kerberos-enabled server has several
principals in its keytab, how exactly does it decide which one to
use?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
