On Thu, 24 Jan 2002, Steve Langasek wrote: > Andreas, > > On Thu, Jan 24, 2002 at 05:42:10PM -0200, Andreas Hasenack wrote: > > I'm suddenly a little bit confused about host and services > > principals. > > > For example, for OpenLDAP I have a principal called > > [EMAIL PROTECTED] But, for openssh, I found out > > that I had to have a [EMAIL PROTECTED] principal > > instead of something like [EMAIL PROTECTED] > > > This is defined by the service/application, right? > > I don't know the exact derivation of the use of host/* principals, but my > experience is that the host/host.domain principal is used for > authenticating a user to a /server/ rather than to a /service/; that is to > say, it's the principal used for authenticating shell access on the > server. On my systems, host/host.domain is used by ssh, by telnet, and > by login (pam_krb5). I think rlogin uses a different principal name, > perhaps for historical reasons, but I don't have rlogin installed anywhere > anyways... >
- rlogin uses host/host.domain - Booker C. Bense