Re: krb5-realm.com
From: Jacques A. Vidrine (nectar@FreeBSD.org)
Date: 02/02/03
- Previous message: Jacques A. Vidrine: "Re: SSHD suddenly takes SIX MINUTES to authenticate"
- In reply to: bas: "krb5-realm.com"
- Next in thread: Avleen Vig: "Re: krb5-realm.com"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 1 Feb 2003 21:56:17 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: bas <steendijk@xs4all.nl>
On Sat, Feb 01, 2003 at 11:01:39AM +0100, bas wrote:
> isnt it a bad thing if every sshd on the world ends up contacting
> krb5-realm.com by default? is this also true for newer versions of sshd
> (with kerberos disabled)? i mean it may make the owners of
> krb5-realm.com powerful beings. sounds a bit .NET to me.
Well it could conceivably cause breakage (as described), but nothing
worse. The krb5-realm.com domain administrator cannot possibly
leverage the situation in order to subvert authentication.
Cheers,
-- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: David Schultz: "Many login.conf accounting and authentication options broken"
- Previous message: Jacques A. Vidrine: "Re: SSHD suddenly takes SIX MINUTES to authenticate"
- In reply to: bas: "krb5-realm.com"
- Next in thread: Avleen Vig: "Re: krb5-realm.com"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
