[1823] in Kerberos-V5-bugs
Re: krb5_sname_to_principal comments lie
daemon@ATHENA.MIT.EDU (John Hawkinson)
Thu Feb 29 03:35:11 1996
Date: Thu, 29 Feb 96 03:34:53 -0500
To: eichin@cyGNUs.COM
Cc: krb5-bugs@MIT.EDU
In-Reply-To: "[1822] in Kerberos-V5-bugs"
From: John Hawkinson <jhawk@MIT.EDU>
> Since we're vulnerable if this code ever talks to a real DNS (a
> properly configured system should be looking in /etc/hosts first and
> *really* had better find it's own name in there) might it be best to
> remove this misleading comment?
It's worth noting that bind 4.9.3 RELEASE's resolver will not consult
/etc/hosts if it can contact a nameserver. Arguably it is broken, but
it is (& more importantly, will be) used by enough people and vendors
that it may be worth catering to... (somehow).
--jhawk
