[24046] in Kerberos
Security risk with '_kerberos.FQDN'? (Was: One DNS domain - three
daemon@ATHENA.MIT.EDU (Turbo Fredriksson)
Tue Jun 7 06:03:17 2005
To: kerberos@mit.edu
From: Turbo Fredriksson <turbo@bayour.com>
Date: Tue, 07 Jun 2005 12:01:39 +0200
In-Reply-To: <03da384d3e81ff59dfba25887b640766@mit.edu> (Ken Raeburn's
message of "Mon, 6 Jun 2005 16:14:14 -0400")
Message-ID: <87wtp6xz7g.fsf_-_@pumba.bayour.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Errors-To: kerberos-bounces@mit.edu
Quoting Ken Raeburn <raeburn@mit.edu>:
> There is also an option "dns_lookup_realm" in the "libdefaults"
> section of the config file which, if turned on, will cause a DNS TXT
> record _kerberos.<FQDN> to be checked and, if it's found, the result
> used as the realm name for the host <FQDN>. However, this option is
> turned off by default as it introduces a security risk.
Could you please elaborate or point me to a page that explains this?
I've never heard of it before (I haven't been paying attention to
this list for the last couple of months :).
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
