[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: domain/realm-mapping

Holger van Lengerich <gimli@uni-paderborn.de> writes:
> I set up a Heimdal KDC 0.2d on Solaris 2.6. Allmost everything works
> fine. Even kerberized NFS (Sun SEAM 1.0) authenticates against my Heimdal
> KDC. ;-) Thanks for the great work!

Cool, I have never tried Suns kerberized NFS.

> My only Problem is the domain <-> realm mapping. As hostnames are resolved
> against NIS/YP, Heimdal-Clients gets unqualified hostnames, even if the FQDN
> was supplied as parameter. 

Heimdal does a gethostbyname() to figure out the FQDN of a host.
There's basically no other way.

> Is there a way to get Heimdal using FQDN's instead of crippled hostnames?

a. changing your YP-names to FQDN.  But as you said in other mails,
that might not be practical for you.

b. adding aliases with FQDN in your YP databases.  That should mean
that the applications that care very much to only get a non-FQDN
should work just as now and Heimdal will look through the list of
aliases and find the FQDN.

What b) solve your problems?  If so, can you try it and tell me if it
works for you?

> BTW: Is there a recommended mechism to regularly change service-keys. 

There's currently no good way of doing that.  I'm implementing `ktutil