[1536] in Kerberos
Re: Is it OK to use a CNAME for the kerberos master?
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Thu Aug 29 16:30:00 1991
Date: Thu, 29 Aug 91 15:51:59 -0400
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
To: haynes@cats.ucsc.edu <haynes@cats.UCSC.EDU>
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: haynes@cats.ucsc.edu's message of Thu, 29 Aug 91 09:51:09 PDT,
Reply-To: tytso@ATHENA.MIT.EDU
I can't think of any problems you would have if you made Kerberos a
CNAME. Applications just need to know where the KDC is, and there has
never been any assumption about the DNS being secure for this purpose.
If someone screws up the CNAME or address lookup, all you will get is a
denial of service.
- Ted
