So, I know Kerberos picks the realm in which to find a key based on the hostname - the mapping is based on the hostname. I also know Kerberos uses a host's FQDN - reverse lookup on IP, so if my host has only one IP, it has only one FQDN. I hoped maybe Kerberos grabbed a key using the FQDN, but picked the realm using the hostname in the request. So I created an alias "blue.tint". My server's FQDN is "blue.shade". I hoped connecting to "blue.shade" would use the key "snstv/[EMAIL PROTECTED]", while connecting to "blue.tint" would use the key "inscr/[EMAIL PROTECTED]". It doesn't work this way. Wisely, I guess. But why can't I specify a mapping to realm using all of the sought principal? snstv/* -> SHADE, inscr/* -> TINT?
So my question is, short of giving a host two IP addresses, can I get it using keys from two different realms? Or is this just silly?
Thanks!
Jack
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
