[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.23. What is a "key salt"? "kvno"?
Next Document: 1.25. What is "user to user" authentication?
-
Search the FAQ Archives
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.23. What is a "key salt"? "kvno"?
Next Document: 1.25. What is "user to user" authentication?
1.24. Does Kerberos support multi-homed machines?
In both Kerberos 4 and Kerberos 5, a machine's network address is part of the ticket information. This address is used as an additional check to make sure the ticket hasn't been stolen and is being used on another machine. In Kerberos 4, there was room for only one IP address in the ticket, which did not work with multihomed machines. KTH krb4 includes some hacks to make it work with Kerberos 4. Kerberos 5 supports multiple IP addresses in a ticket, thus allowing Kerberos 5 tickets to deal with multi-homed machines. However, doing so requires careful configuration of your DNS server. Question 2.14 explains this in further detail.
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.23. What is a "key salt"? "kvno"?
Next Document: 1.25. What is "user to user" authentication?
Single Page
[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update December 05 2008 @ 00:11 AM