[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kerberos 4 problem
- To: Assar Westerlund <firstname.lastname@example.org>
- Subject: Re: kerberos 4 problem
- From: email@example.com (Johan Danielsson)
- Date: 01 Jun 2001 12:58:29 +0200
- Cc: "Lars Hansson" <firstname.lastname@example.org>, email@example.com
- In-Reply-To: Assar Westerlund's message of "31 May 2001 22:58:05 +0200"
- References: <firstname.lastname@example.org><email@example.com> <firstname.lastname@example.org><email@example.com>
- Sender: firstname.lastname@example.org
- User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7
Assar Westerlund <email@example.com> writes:
> Shouldn't it default to something reasonable, like the patch below?
Well I don't know. The problem with this is that with this change you
*always* get an ok looking principal, even if it doesn't exist. This
isn't a problem for the KDC, since it has a list of possible
principals to match against, but it is for other clients. Maybe the
KDC should do this?
Of course the best way would be if we could always use (secure) dns to
verify that hosts exist, but that's not likely to happen any time