Andreas, On Thu, Jan 24, 2002 at 05:42:10PM -0200, Andreas Hasenack wrote: > I'm suddenly a little bit confused about host and services > principals.
> For example, for OpenLDAP I have a principal called > [EMAIL PROTECTED] But, for openssh, I found out > that I had to have a [EMAIL PROTECTED] principal > instead of something like [EMAIL PROTECTED] > This is defined by the service/application, right? I don't know the exact derivation of the use of host/* principals, but my experience is that the host/host.domain principal is used for authenticating a user to a /server/ rather than to a /service/; that is to say, it's the principal used for authenticating shell access on the server. On my systems, host/host.domain is used by ssh, by telnet, and by login (pam_krb5). I think rlogin uses a different principal name, perhaps for historical reasons, but I don't have rlogin installed anywhere anyways... Steve Langasek postmodern programmer
