[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reverse Lookup Server SSL Certivicate CN

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, ms419@freezone.co.uk
Subject: Re: Reverse Lookup Server SSL Certivicate CN
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 07 Jan 2004 15:02:59 -0800
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <6.0.0.22.0.20040107132218.0410be50@127.0.0.1>
References: <03DBBD20-40EE-11D8-87A2-000A95C71776@freezone.co.uk> <6.0.0.22.0.20040107132218.0410be50@127.0.0.1>

--On Wednesday, January 07, 2004 1:26 PM -0800 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:

This is unlike the behavior of my customary authentication mechanism,
kerberos, which performs a reverse lookup of the server's IP to locate
it's principal.

Kerberos is broken here.

I don't know that I believe this is what Kerberos does. It is true, you can include IP addresses in K5 tickets, but it is not necessary. It is also true that you can put in a rule where a kerberos connection is only accepted when the forward and reverse lookups of a system match. Neither of those, however, have to do with locating the kerberos principle...

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: Reverse Lookup Server SSL Certivicate CN
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Reverse Lookup Server SSL Certivicate CN
  - From: ms419@freezone.co.uk
- Re: Reverse Lookup Server SSL Certivicate CN
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Replication problem
Next by Date: RE: Do you have suggestions for LDAP book ?
Index(es):
- Chronological
- Thread