This is a discussion on Re: Problem with duplication of hostname - Kerberos ; Andrea Cirulli wrote: > Hi all, > > I setted up kerberos on a big environment, let's say 1300 servers. We have > one Master Kerberos and 16 Slaves. We have this problem: the environment is > commercial so we ...
Andrea Cirulli wrote:
> Hi all,
> I setted up kerberos on a big environment, let's say 1300 servers. We have
> one Master Kerberos and 16 Slaves. We have this problem: the environment is
> commercial so we are a little bit constrained, we are not allowed to use DNS
> nor any kind of host centralization.
Why not? DNS needs to be part of your basic infrastructure. 1300 servers
is unmanagable without it.
> We are facing with the problem that
> some server can have the same hostname. My question is there is a way to
> have multiple key (host principal) having two server with the same hostname.
It's most unlikely that this will work, nor do you want this to work.
> For example, let's say we have two server called host_pippo, on the kdc side
> we create host/host_pippo@REALM. This principal can be used for both the
> hosts with hostname host_pippo. Is there any workaround to discriminate
> server with the same hostname?
How are you going to do that? You should never allow a host with the
same name in a domain. You could use the IP addresses I guess but what's
the point of that?
> I know that kerberos without DNS managing thounsands of systems can be
> dangerous but we have no choice :-(, so any valid workaround would be
> helpful :-D
How about explaining why you cannot use DNS?
> Thanks in advance.