[32365] in Kerberos
Re: bug: krb5_get_host_realm() no longer uses DNS
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon May 17 18:38:55 2010
From: Greg Hudson <ghudson@mit.edu>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
In-Reply-To: <20100517222104.GH9429@oracle.com>
Date: Mon, 17 May 2010 18:38:48 -0400
Message-ID: <1274135928.2419.249.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, 2010-05-17 at 18:21 -0400, Nicolas Williams wrote:
> Method #1: Use gss_compare_name() to compare a name obtained by calling
> gss_import_name() on "host@<hostname>" to the acceptor name
> returned by gss_inquire_context().
One of the reasons not to specify a desired name in an acceptor is that
you don't know the hostname used by the client (because of aliases).
Neither method #1 nor method #2 will work if you don't have a <hostname>
value. You really just want to verify the "host" part.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
