[16158] in Kerberos_V5_Development
Re: Patch to ignore service principals when accepting connexions.
daemon@ATHENA.MIT.EDU (Sam Hartman)
Wed Aug 25 21:33:29 2010
From: Sam Hartman <hartmans@painless-security.com>
To: "Roland C. Dowdeswell" <elric@imrryr.org>
Date: Wed, 25 Aug 2010 21:33:07 -0400
In-Reply-To: <20100826011842.GB21190@mournblade.imrryr.org> (Roland
C. Dowdeswell's message of "Thu, 26 Aug 2010 02:18:42 +0100")
Message-ID: <tsleidmupik.fsf@mit.edu>
MIME-Version: 1.0
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
I definitely agree that the forward/reverse resolution creates issues
for acquire_cred. There's a kind of annoying Debian bug open on this
where the name you end up with depends on whether you have A records or
just AAAA records. Also, as you point out it is a source of failure.
So, I would like to express support for a configuration knob to ignore
the hostname and to look into what we can do about acceptor-side use of
DNS.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
