[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kerberos 4 problem

To: Assar Westerlund <assar@sics.se>
Subject: Re: kerberos 4 problem
From: joda@pdc.kth.se (Johan Danielsson)
Date: 01 Jun 2001 12:58:29 +0200
Cc: "Lars Hansson" <lars@unet.net.ph>, heimdal-discuss@sics.se
In-Reply-To: Assar Westerlund's message of "31 May 2001 22:58:05 +0200"
References: <2873.172.16.0.35.991202790.squirrel@www2.unet.net.ph><5lwv6xlhwb.fsf@assaris.sics.se> <xofn17tbju0.fsf@blubb.pdc.kth.se><5lzobtck2q.fsf@assaris.sics.se>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

Assar Westerlund <assar@sics.se> writes:

> Shouldn't it default to something reasonable, like the patch below?

Well I don't know. The problem with this is that with this change you
*always* get an ok looking principal, even if it doesn't exist. This
isn't a problem for the KDC, since it has a list of possible
principals to match against, but it is for other clients. Maybe the
KDC should do this?

Of course the best way would be if we could always use (secure) dns to
verify that hosts exist, but that's not likely to happen any time
soon.

/Johan

Follow-Ups:
- Re: kerberos 4 problem
  - From: Nicolas Williams <Nicolas.Williams@ubsw.com>
- Re: kerberos 4 problem
  - From: Assar Westerlund <assar@sics.se>

Next by Date: Re: kerberos 4 problem
Next by thread: Re: kerberos 4 problem
Index(es):
- Date
- Thread