[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IP address?

To: <heimdal-discuss@sics.se>, "Michael B Allen" <miallen@ioplex.com>, "Jeffrey Hutzelman" <jhutz@cmu.edu>
Subject: Re: IP address?
From: "Markus Moeller" <huaraz@moeller.plus.com>
Date: Sun, 13 Apr 2008 12:36:27 +0100
Cc: <heimdal-discuss@sics.se>, "Paul Lathrop" <plathrop@digg.com>
In-Reply-To: <20080412194635.b52c3065.miallen@ioplex.com>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <47FFD351.4080105@digg.com><20080411174103.3deb6259.miallen@ioplex.com><5AD76B9552FE4027ACFD3FA66F0B4EE4@VAIOLaptop><76ED02949BEABA81375780D7@sirius.fac.cs.cmu.edu> <20080412194635.b52c3065.miallen@ioplex.com>
Reply-To: heimdal-discuss@sics.se, "Markus Moeller" <huaraz@moeller.plus.com>

Thank you for the clarification.

Markus

----- Original Message ----- 
From: "Michael B Allen" <miallen@ioplex.com>
To: "Jeffrey Hutzelman" <jhutz@cmu.edu>
Cc: <heimdal-discuss@sics.se>; "Markus Moeller" <huaraz@moeller.plus.com>; 
"Paul Lathrop" <plathrop@digg.com>
Sent: Sunday, April 13, 2008 12:46 AM
Subject: Re: IP address?


> On Sat, 12 Apr 2008 19:34:33 -0400
> Jeffrey Hutzelman <jhutz@cmu.edu> wrote:
>
>> --On Saturday, April 12, 2008 12:53:56 PM +0100 Markus Moeller
>> <huaraz@moeller.plus.com> wrote:
>>
>> > Michael,
>> >
>> > I don't think your statement:
>> >
>> > That's ingrained into the protocol.
>> >
>> > is correct. AFAIK it is nowhere in the Kerberos (nor ssh) protocol
>> > defined that you have to use DNS names for the principals.
>>
>> RFC4462 section 7.1 specifies the use of GSS-API host-based service names
>> for SSH.  If you read the language in that section and in RFC2743 section
>> 4.1, it is fairly clear that the use of fully-qualified domain names is
>> intended.
>>
>> Kerberos itself certainly does not require the use of principal names of
>> any particular form, but applications using Kerberos, GSS-API, and/or 
>> SASL
>> generally do, because agreement on the correct principal name form is
>> required for interoperability.
>
> For the sake of completeness I'll just add that Windows also uses
> principals with NetBIOS names.
>
> Mike
>
> -- 
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/
>

References:
- IP address?
  - From: Paul Lathrop <plathrop@digg.com>
- Re: IP address?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: IP address?
  - From: "Markus Moeller" <huaraz@moeller.plus.com>
- Re: IP address?
  - From: Jeffrey Hutzelman <jhutz@cmu.edu>
- Re: IP address?
  - From: Michael B Allen <miallen@ioplex.com>

Prev by Date: =?iso-8859-8-i?B?5+Ig5PTx5yDh9+Hs5CAu7Pjg+eXw5CDn+en05CDu4+Tp7uQ=?=
Next by Date: PKINIT and login
Prev by thread: Re: IP address?
Next by thread: PKINIT and login
Index(es):
- Date
- Thread