[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IP address?

To: Jeffrey Hutzelman <jhutz@cmu.edu>
Subject: Re: IP address?
From: Michael B Allen <miallen@ioplex.com>
Date: Sat, 12 Apr 2008 19:46:35 -0400
Cc: heimdal-discuss@sics.se, Markus Moeller <huaraz@moeller.plus.com>, PaulLathrop <plathrop@digg.com>
In-Reply-To: <76ED02949BEABA81375780D7@sirius.fac.cs.cmu.edu>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Organization: IOPLEX Software
References: <47FFD351.4080105@digg.com><20080411174103.3deb6259.miallen@ioplex.com><5AD76B9552FE4027ACFD3FA66F0B4EE4@VAIOLaptop><76ED02949BEABA81375780D7@sirius.fac.cs.cmu.edu>
Reply-To: heimdal-discuss@sics.se, Michael B Allen <miallen@ioplex.com>

On Sat, 12 Apr 2008 19:34:33 -0400
Jeffrey Hutzelman <jhutz@cmu.edu> wrote:

> --On Saturday, April 12, 2008 12:53:56 PM +0100 Markus Moeller 
> <huaraz@moeller.plus.com> wrote:
> 
> > Michael,
> >
> > I don't think your statement:
> >
> > That's ingrained into the protocol.
> >
> > is correct. AFAIK it is nowhere in the Kerberos (nor ssh) protocol
> > defined that you have to use DNS names for the principals.
> 
> RFC4462 section 7.1 specifies the use of GSS-API host-based service names 
> for SSH.  If you read the language in that section and in RFC2743 section 
> 4.1, it is fairly clear that the use of fully-qualified domain names is 
> intended.
> 
> Kerberos itself certainly does not require the use of principal names of 
> any particular form, but applications using Kerberos, GSS-API, and/or SASL 
> generally do, because agreement on the correct principal name form is 
> required for interoperability.

For the sake of completeness I'll just add that Windows also uses
principals with NetBIOS names.

Mike

-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/

Follow-Ups:
- Re: IP address?
  - From: "Markus Moeller" <huaraz@moeller.plus.com>

References:
- IP address?
  - From: Paul Lathrop <plathrop@digg.com>
- Re: IP address?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: IP address?
  - From: "Markus Moeller" <huaraz@moeller.plus.com>
- Re: IP address?
  - From: Jeffrey Hutzelman <jhutz@cmu.edu>

Prev by Date: Re: IP address?
Next by Date: =?iso-8859-8-i?B?5+Ig5PTx5yDh9+Hs5CAu7Pjg+eXw5CDn+en05CDu4+Tp7uQ=?=
Prev by thread: Re: IP address?
Next by thread: Re: IP address?
Index(es):
- Date
- Thread