KRB.EQUIV(5)KRB.EQUIV(5)NAME
/etc/kerberosIV/krb.equiv - Kerberos host equivalency file
DESCRIPTION
The krb.equiv file contains a list of IP addresses that
are to be considered being the same host for Kerberos pur-
poses. This allows multi-homed hosts to be authenticated
when the ticket address and the source address of the
packet do not match. Normally authentication of a Ker-
beros request will fail when the source address in the
request packet and the source address in the IP packet do
not match.
The krb.equiv file contains two or more IP addresses rep-
resenting all the addresses of one host per line. If both
the ticket address and the source address of the packet
match on one line they are assumed to belong to the same
host
It is also possible to specify one or more
address/masklength pairs and the keyword ``dns'' on a
line. If the claimed IP address of a host is in one of
the supplied ranges, the domain name system will be
trusted for a list of IP addresses belonging to the host.
For example:
130.237.223.3 192.16.126.3 # alv alv1
130.237.223.4 192.16.126.4 # byse byse1
130.237.228.152 192.16.126.9 192.35.82.10 # topsy topsy1 topsy2
10.1.1.0/24 DNS # Trust the DNS for CS subnet
The krb.equiv file is necessary on the Kerberos server and
any host that provides a service that is authenticated by
Kerberos.
SEE ALSOkrb.conf(5), krb.realms(5)MIT Project Athena Kerberos Version 4.0 1