Date: Sat, 1 Feb 2003 21:56:17 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: bas <steendijk@xs4all.nl> Cc: freebsd-security@FreeBSD.ORG Subject: Re: krb5-realm.com Message-ID: <20030202035617.GB14640@opus.celabo.org> In-Reply-To: <3E3B9B03.6ACE7B96@xs4all.nl> References: <v04210102ba60a5a98b9c@[192.168.1.27]> <3E3B1D71.21CFBD42@ursine.com> <20030201015129.GA27949@rfc822.net> <20030131181815.A42597@greg.cex.ca> <3E3B9B03.6ACE7B96@xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Feb 01, 2003 at 11:01:39AM +0100, bas wrote: > isnt it a bad thing if every sshd on the world ends up contacting > krb5-realm.com by default? is this also true for newer versions of sshd > (with kerberos disabled)? i mean it may make the owners of > krb5-realm.com powerful beings. sounds a bit .NET to me. Well it could conceivably cause breakage (as described), but nothing worse. The krb5-realm.com domain administrator cannot possibly leverage the situation in order to subvert authentication. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030202035617.GB14640>