[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Turning off hostname canonicalisation
OK.
As implied by my question, I think it should be settable by "service".
I can imagine needing one setting to support the SPNEGO stuff for web,
but a different setting for kerberized telnet. Hope that doesn't make
it "really hard" to do right though.
On Sep 12, 2005, at 10:14 AM, Jeffrey Altman wrote:
> The answer is 'no'. Settings in [appdefaults] are not for reading by
> the Kerberos libraries. They are for reading by the application.
>
> Jeffrey Altman
>
>
> Henry B. Hotz wrote:
>
>> As another branch of this subject tree: The option being discussed is
>> for [libdefaults]. Will the parsing code pick it up in [appdeafaults]
>> as well? I would imagine that different app's might be coded
>> differently and might need different behavior to work correctly.
>>
>> On Sep 12, 2005, at 9:02 AM, krbdev-request@mit.edu wrote:
>>
>>> Without
>>> canonicalisation I would need to create keytab for app.test.com and
>>> distribute to every system, which can be painful in a bigger
>>> environment. So
>>> I see a need to keep canonicalisation on a service by service case
>>> and not
>>> as a global switch.
>>
>> ----------------------------------------------------------------------
>> --
>> ----
>> The opinions expressed in this message are mine,
>> not those of Caltech, JPL, NASA, or the US Government.
>> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
>>
>> _______________________________________________
>> krbdev mailing list krbdev@mit.edu
>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu