[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reverse Lookup Server SSL Certivicate CN

--On Wednesday, January 07, 2004 1:26 PM -0800 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:

This is unlike the behavior of my customary authentication mechanism,
kerberos, which performs a reverse lookup of the server's IP to locate
it's principal.

Kerberos is broken here.

I don't know that I believe this is what Kerberos does. It is true, you can include IP addresses in K5 tickets, but it is not necessary. It is also true that you can put in a rule where a kerberos connection is only accepted when the forward and reverse lookups of a system match. Neither of those, however, have to do with locating the kerberos principle...


Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html