Victor Sudakov <[email protected]> writes: > Russ Allbery wrote:
>> If you add an explicit domain_realm mapping for each IP address to the >> [domain_realm] section of your krb5.conf file, it will probably work, but >> it's generally a much better idea to use real host names (possibly in some >> private domain ending in .local or some similar marker). > I see. Do I need a real DNS or perhaps /etc/hosts will do? I share > /etc/hosts as a NIS map. /etc/hosts should be fine. > And another question. If a Kerberos-enabled server has several > principals in its keytab, how exactly does it decide which one to > use? It uses whatever one the client uses, in general. There are some services that limit what principals they'll accept to only that one principal that matches what the service thinks is the local hostname, but given how many problems this causes, an increasing number of services will accept any principal found in the system keytab. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
