From owner-freebsd-security Tue Feb 4 18:47:16 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 36CF737B694 for ; Tue, 4 Feb 2003 18:47:10 -0800 (PST) Received: from guava.silverwraith.com (66-214-182-79.la-cbi.charterpipeline.net [66.214.182.79]) by mx1.FreeBSD.org (Postfix) with SMTP id DA87E43F85 for ; Tue, 4 Feb 2003 18:47:09 -0800 (PST) (envelope-from avleen@guava.silverwraith.com) Received: (qmail 37936 invoked by uid 1001); 5 Feb 2003 02:47:09 -0000 Date: Tue, 4 Feb 2003 18:47:09 -0800 From: Avleen Vig To: freebsd-security@freebsd.org Subject: Re: krb5-realm.com Message-ID: <20030205024709.GC37185@silverwraith.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Feb 01, 2003 at 11:01:39AM +0100, bas wrote: > isnt it a bad thing if every sshd on the world ends up contacting > krb5-realm.com by default? is this also true for newer versions of > sshd > (with kerberos disabled)? i mean it may make the owners of > krb5-realm.com powerful beings. sounds a bit .NET to me. Well it could conceivably cause breakage (as described), but nothing worse. The krb5-realm.com domain administrator cannot possibly leverage the situation in order to subvert authentication. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message