[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Server unknown" error

On Feb 16, 2006, at 8:05 , Gilles wrote:

> But, is it always the case for client-server applications, that the
> principal name (or part of it) is hard-coded?  I just thought that
> it might have been given as a configurable option (like the "-p"
> option to e.g. "kadmin"), or is there some good reason for not doing
> so?

Yes, it's necessary, because clients and servers *must* agree on the  
name to use o they won't be able to talk to each other.  The easiest  
way to do this is to use a well-known service name (e.g. "ldap") and  
the canonical fully-qualified server name.

kadmin's -p is for the *user's* credentials, which are a matter of  
site policy; the *server* credential is "kadmin/admin" and is (again)  
not changeable.

brandon s. allbery     [linux,solaris,freebsd,perl]       
system administrator  [openafs,heimdal,too many hats]   
electrical and computer engineering, carnegie mellon university