m***@freezone.co.uk
2004-01-02 08:00:10 UTC
If I try connecting to services running on the local machine using
"localhost", instead of the machine's hostname, Kerberos authentication
fails because the principal, "host/localhost" (or "ldap/localhost")
doesn't exist. On a mobile system running a slave kdc and LDAP server,
I sometimes have to connect using "localhost", when no other network
interfaces are available.
I perceive two solutions to this problem: 1) create a "host/localhost"
(or "ldap/localhost) principal and install it in every machine's
keytab. 2) change the reverse lookup of 127.0.0.1 from "localhost" to
the machine's hostname.
Are there any security issues with the first solution? Is either
solution advisable?
Thanks,
Jack
________________________________________________
Kerberos mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
"localhost", instead of the machine's hostname, Kerberos authentication
fails because the principal, "host/localhost" (or "ldap/localhost")
doesn't exist. On a mobile system running a slave kdc and LDAP server,
I sometimes have to connect using "localhost", when no other network
interfaces are available.
I perceive two solutions to this problem: 1) create a "host/localhost"
(or "ldap/localhost) principal and install it in every machine's
keytab. 2) change the reverse lookup of 127.0.0.1 from "localhost" to
the machine's hostname.
Are there any security issues with the first solution? Is either
solution advisable?
Thanks,
Jack
________________________________________________
Kerberos mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos