[344] in Kerberos
Re: converting a hostname into its realm
daemon@TELECOM.MIT.EDU (Dave Curry)
Mon Apr 4 14:29:59 1988
From: davy@INTREPID.ECN.PURDUE.EDU (Dave Curry)
To: John T Kohl <jtkohl@ATHENA.MIT.EDU>
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Your message of Mon, 04 Apr 88 14:05:58 EDT.
From: John T Kohl <jtkohl@athena.mit.edu>
Date: Mon, 4 Apr 88 14:05:58 EDT
Subject: converting a hostname into its realm
An open question is whether the table should be compiled into the
library function or disk-resident in a configuration file. (The latter
is much more flexible, but may be prone to spoofing. comments?)
One lesson we learned here at Purdue, and still get bitten by with
several old pieces of software: *never*, *ever* compile hostnames into
a piece of code unless you have a real need to do so (which is very
seldom).
Especially with a library routine, you'll be recompiling the world
every time something in your host configuration changes, or you add a
new realm (well, a new real whose name != domain name). That's pretty
gross, and you'll get sick of it fast. The voice of experience
talking here.
It should be reasonably easy to make the file un-prone to spoofing.
(No symbolic links, link count = 1, correct owner and mode, you could
even store a checksum in the binary and update it like "ps" updates
itself, if you had to.)
--Dave Curry
