Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 1.23. What is a "key salt"? "kvno"? Next Document: 1.25. What is "user to user" authentication? See reader questions & answers on this topic! - Help others by sharing your knowledge In both Kerberos 4 and Kerberos 5, a machine's network address is part of the ticket information. This address is used as an additional check to make sure the ticket hasn't been stolen and is being used on another machine. In Kerberos 4, there was room for only one IP address in the ticket, which did not work with multihomed machines. KTH krb4 includes some hacks to make it work with Kerberos 4. Kerberos 5 supports multiple IP addresses in a ticket, thus allowing Kerberos 5 tickets to deal with multi-homed machines. However, doing so requires careful configuration of your DNS server. Question 2.14 explains this in further detail. User Contributions:Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 1.23. What is a "key salt"? "kvno"? Next Document: 1.25. What is "user to user" authentication? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: