Donn, Thanks for the reply. I did some testing after I sent the message for help. I set nsswitch.conf to look at DNS first, added the "seach my.domain" statement to /etc/resolv.conf, used fullly qualified pricipals and told users to use the "host" part of the fully qualified names as an "alias." Works like a champ. -bacolod Donn Cave <[EMAIL PROTECTED]> wrote: | I have come across a usability issue where users of a network I plan | to implement Kerberos on are currently accustomed to host aliases. | i.e: typing 'ftp foo' instead of 'ftp foo.my.long.host.name.com.' | | Anyone have advice on how to get around using fully qualified hostnames | for Kerberos host principals?
On the contrary, you certainly should use fully qualified hostnames for Kerberos host principals. That also should work, that is, you should be able to type 'ftp foo' and it should be automatically expanded to the full domain name. If it isn't, the reason is likely the short comes before the full name in /etc/hosts. The same is true of "alias" names in the DNS CNAME sense, that they should just work in current implementations (though perhaps not forever, if I read the draft right.) Donn Cave, [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos --------------------------------- Do you Yahoo!? Yahoo! Tax Center - File online, calculators, forms, and more ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
