[343] in Kerberos
converting a hostname into its realm
daemon@TELECOM.MIT.EDU (probe@ATHENA.MIT.EDU)
Mon Apr 4 14:21:54 1988
From: probe@ATHENA.MIT.EDU
To: jtkohl@ATHENA.MIT.EDU
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: John T Kohl's message of Mon, 4 Apr 88 14:05:58 EDT <8804041805.AA12219@ELRIC.MIT.EDU>
Reply-To: Richard Basch <probe@ATHENA.MIT.EDU>
A domain such as .MIT.EDU could theoretically contain several Kerberos
realms. How do you provide for such a thing in the translation table
that you suggest?
For instance: ACHILLES.MIT.EDU might be in the realm TELECOM.MIT.EDU
whereas ODIE.MIT.EDU could be in the realm ATHENA.MIT.EDU.
I have not fully thought this out to the same extent that John has given
his idea, but how would a query to the remote machine sound? For
instance, if you open a connection to the remote machine on some
arbitrary port (ie krb_query tcp/ip), you would get information about
its Kerberos facilities. If this fails, you could then fall back onto a
table.
-Richard Basch
