From owner-freebsd-security Tue Feb 4 18:47:56 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5E6F37B401 for ; Tue, 4 Feb 2003 18:47:53 -0800 (PST) Received: from guava.silverwraith.com (66-214-182-79.la-cbi.charterpipeline.net [66.214.182.79]) by mx1.FreeBSD.org (Postfix) with SMTP id 36B9443F3F for ; Tue, 4 Feb 2003 18:47:53 -0800 (PST) (envelope-from avleen@guava.silverwraith.com) Received: (qmail 37954 invoked by uid 1001); 5 Feb 2003 02:47:52 -0000 Date: Tue, 4 Feb 2003 18:47:52 -0800 From: Avleen Vig To: freebsd-security@freebsd.org Subject: Re: krb5-realm.com Message-ID: <20030205024752.GD37185@silverwraith.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Feb 03, 2003 at 03:34:12AM -0800, Jacques A. Vidrine wrote: > > isnt it a bad thing if every sshd on the world ends up contacting > > krb5-realm.com by default? is this also true for newer versions of > > sshd > > (with kerberos disabled)? i mean it may make the owners of > > krb5-realm.com powerful beings. sounds a bit .NET to me. > > Well it could conceivably cause breakage (as described), but nothing > worse. The krb5-realm.com domain administrator cannot possibly > leverage the situation in order to subvert authentication. And for what it is worth, neither would I want to :-) As I said in an earlier email, I do my best to make sure the NS is availible at all times. Unfortuantely sometimes outages happen and they cannot be avoided. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message