[1065] in Kerberos_V5_Development
Re: full explanation of proposed krb5_sname_to_princ change
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Mon Apr 15 14:12:59 1996
Date: Mon, 15 Apr 1996 14:12:55 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Sam Hartman <hartmans@MIT.EDU>
Cc: "Theodore Ts'o" <tytso@MIT.EDU>, Sam Hartman <hartmans@MIT.EDU>,
krbdev@MIT.EDU
In-Reply-To: Sam Hartman's message of 13 Apr 1996 14:52:39 -0400,
<tsl4tqo553c.fsf@tertius.mit.edu>
Well, here's a straw-man proposal to deal with the problem that you've
mentioned.
If after passing the result returned by hostname canonicalization
function does not "reasonably" match the input name (where reasonable
means allowing for case differences and tacking on of the default
realm), the pair of (user-input-hostname, canonicalized-hostname) must
appear on either a system-wide default list, or a per-user list of
acceptable hostname cannonicalizations. If the canonicalized hostname
isn't on the "OK" list, then rlogin will abort with an error. There
will be an option to override this error condition.
This is not a particular pretty solution, but it does solve the problem
that you raised. Secure DNS is a much more elegant solution....
- Ted
