[17305] in Kerberos_V5_Development
Re: Proposed Behavior change: don't fail when krb5_sname_to_principal
daemon@ATHENA.MIT.EDU (Tom Yu)
Fri Oct 14 14:21:24 2011
To: Greg Hudson <ghudson@mit.edu>
From: Tom Yu <tlyu@mit.edu>
Date: Fri, 14 Oct 2011 14:21:19 -0400
In-Reply-To: <4E987C27.5030406@mit.edu> (Greg Hudson's message of "Fri,
14 Oct 2011 14:15:03 -0400")
Message-ID: <ldvr52fsacg.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: Sam Hartman <hartmans@mit.edu>, "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Greg Hudson <ghudson@MIT.EDU> writes:
> I'm not really opposed to this, although one could argue that
> host/foo.searchdomain is a better guess than host/foo in the absence of
> DNS (when foo contains no dots). But that assumes we can find out the
> search domain (which might be easier than we used to think, but we don't
> have a facility for it at the moment) and begs the question of what
> happens when there are multiple search domains.
Is there any way to securely deal with multiple search domains?
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
