Andrea Cirulli wrote:
> Hi all,
> I setted up kerberos on a big environment, let's say 1300 servers. We have
> one Master Kerberos and 16 Slaves. We have this problem: the environment is
> commercial so we are a little bit constrained, we are not allowed to use DNS
> nor any kind of host centralization.

Why not? DNS needs to be part of your basic infrastructure. 1300 servers
is unmanagable without it.

> We are facing with the problem that
> some server can have the same hostname. My question is there is a way to
> have multiple key (host principal) having two server with the same hostname.

It's most unlikely that this will work, nor do you want this to work.

> For example, let's say we have two server called host_pippo, on the kdc side
> we create host/host_pippo@REALM. This principal can be used for both the
> hosts with hostname host_pippo. Is there any workaround to discriminate
> server with the same hostname?

How are you going to do that? You should never allow a host with the
same name in a domain. You could use the IP addresses I guess but what's
the point of that?

> I know that kerberos without DNS managing thounsands of systems can be
> dangerous but we have no choice :-(, so any valid workaround would be
> helpful :-D

How about explaining why you cannot use DNS?


> Thanks in advance.