[Date Prev][Date Next]
Re: Reverse Lookup Server SSL Certivicate CN
--On Wednesday, January 07, 2004 1:26 PM -0800 "Kurt D. Zeilenga"
This is unlike the behavior of my customary authentication mechanism,
kerberos, which performs a reverse lookup of the server's IP to locate
Kerberos is broken here.
I don't know that I believe this is what Kerberos does. It is true, you
can include IP addresses in K5 tickets, but it is not necessary. It is
also true that you can put in a rule where a kerberos connection is only
accepted when the forward and reverse lookups of a system match. Neither
of those, however, have to do with locating the kerberos principle...
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html