[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IP address?

On Fri, 11 Apr 2008 14:08:33 -0700
Paul Lathrop <plathrop@digg.com> wrote:

> Hash: SHA1
> Hi,
> This may be a stupid question, but I'm trying to wrap my head around how
> this works. In a Kerberos environment, can you use IP addresses instead
> of host names? For instance, if I enable GSSAPI in ssh, can I do
> something like:
> ssh
> and have Kerberos request a ticket for host/ ?

Hi Paul,

I don't think that would work. Even if you created a principal with an
IP in the name, I think some clients would try to convert the IP to a
name or wouldn't even try to do kerberos if the target looked like an IP.

Kerberos clients need a name to initiate authentication. That name is
usually built from the target hostname. That's ingrained into the


Michael B Allen
PHP Active Directory SPNEGO SSO