Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 1.9. What is the format of principals? Next Document: 1.11. What is ASN.1? See reader questions & answers on this topic! - Help others by sharing your knowledge In theory, the realm name is arbitrary. You can call your realm whatever you want. However, in practice a Kerberos realm is named by uppercasing the DNS domain name associated with the hosts in the to-be named realm. In other words, if your hosts are all in the foo.org domain, you might call your Kerberos realm FOO.ORG. If you wish to have more than one Kerberos realm associated with the same DNS domain name, the convention is to create realms that are in the same hierarchy of your DNS domain name. For example, if you wish to have two Kerberos realms in the DNS domain foo.org for Human Resources and Sales, you might create the Kerberos realms HR.FOO.ORG and SALES.FOO.ORG. The convention to use uppercase for realms names arose out of the desire to easily distinguish between DNS domain names (which are actually case-insensitive) and Kerberos realms. The Kerberos realm name is case sensitive (the realm foo.org is different than the realm FOO.ORG). You are not required to have an uppercase Kerberos realm, but I would strongly advise it. It is worth noting that the recent revisions to the Kerberos standard have specified that uppercase realm names are preferred and lowercase realm names have been depreciated. User Contributions:Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 1.9. What is the format of principals? Next Document: 1.11. What is ASN.1? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: