[2502] in Kerberos-V5-bugs
Re: pending/233: telnet patch
daemon@ATHENA.MIT.EDU (John Hawkinson)
Sat Nov 23 00:53:23 1996
Date: Sat, 23 Nov 1996 00:53:16 -0500
To: krb5-bugs@MIT.EDU
Cc: krb5-prs@rt-11.mit.edu
In-Reply-To: "[2501] in Kerberos-V5-bugs"
From: John Hawkinson <jhawk@MIT.EDU>
> The `-1' doesn't work on a 64-bit system (NetBSD/alpha).
This is fine (modulo the lack of INADDR_NONE under 4.3BSD).
> Also, it's nice to display the host name even if the person typed in
> an IP address.
This is not. This patch isn't going to be committed because telnet
already reverse-resolves the IP address later on, at least in some cases.
Nevertheless, reverse-resolution of IP addresses specified to telnet
is in general a bad idea, for a number of reasons:
1) It is not a program's business to reverse-resolve its
arguments.
2) The only reason to display an IP address
in the case of a hostname being entered is because
a hostname can map to multiple IP addresses and it is
important to know which one is connected to.
3) In the event of a infrastructure failure (for instance,
a case where DNS has to time out in a painful fashion),
a user may enter an IP address. They should not be burdened
with a slow response time due to reverse-resolution.
Some of these are seemingly obviated by the necessity of reverse-resolution
in the case of Kerberos authentication; I will be submitting code to
allow user-specification of the principal to authenticate as (-P) to
alleviate this problem.
--jhawk
