[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IP address?
On Fri, 11 Apr 2008 14:08:33 -0700
Paul Lathrop <plathrop@digg.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> This may be a stupid question, but I'm trying to wrap my head around how
> this works. In a Kerberos environment, can you use IP addresses instead
> of host names? For instance, if I enable GSSAPI in ssh, can I do
> something like:
>
> ssh 192.168.1.1
>
> and have Kerberos request a ticket for host/192.168.1.1@MY.REALM ?
Hi Paul,
I don't think that would work. Even if you created a principal with an
IP in the name, I think some clients would try to convert the IP to a
name or wouldn't even try to do kerberos if the target looked like an IP.
Kerberos clients need a name to initiate authentication. That name is
usually built from the target hostname. That's ingrained into the
protocol.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/