[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kerberos 4 problem

Assar Westerlund <assar@sics.se> writes:

> Shouldn't it default to something reasonable, like the patch below?

Well I don't know. The problem with this is that with this change you
*always* get an ok looking principal, even if it doesn't exist. This
isn't a problem for the KDC, since it has a list of possible
principals to match against, but it is for other clients. Maybe the
KDC should do this?

Of course the best way would be if we could always use (secure) dns to
verify that hosts exist, but that's not likely to happen any time