On Sat, Feb 01, 2003 at 11:01:39AM +0100, bas wrote:
> isnt it a bad thing if every sshd on the world ends up contacting
> krb5-realm.com by default? is this also true for newer versions of sshd
> (with kerberos disabled)? i mean it may make the owners of
> krb5-realm.com powerful beings. sounds a bit .NET to me.

Well it could conceivably cause breakage (as described), but nothing
worse. The krb5-realm.com domain administrator cannot possibly
leverage the situation in order to subvert authentication.

Cheers,

-- 
Jacques A. Vidrine <nectarcelabo.org>          http://www.celabo.org/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrineverio.net     .  nectarFreeBSD.org  .          nectarkth.se
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]