Kerberos Digest, Vol 9, Issue 25
Kumaresh
kumaresh_ind at gmx.net
Thu Sep 25 12:27:58 EDT 2003
> >>>>> "Jacques" == Jacques A Vidrine <nectar at celabo.org> writes:
>
> Jacques> On Tue, Sep 23, 2003 at 07:31:49PM +0100, Markus Moeller
wrote:
> >> Here is a patch on top of Simons gssapi patch for openssh 3.6.1p2
to
> >> support multihomed systems.
>
> Jacques> A simpler approach is to pass GSS_C_NO_NAME to
gss_acquire_cred. This
> Jacques> will allow any name present in the keytab.
>
> Yes, and I'd like to see that as a configurable option. That would
> even be a reasonable default if you gss_display_name the name and make
> sure it starts with host.
Passing GSS_C_NO_NAME will NOT compare the name in server and client
credentials, if I am correct. If so, is this not bad in security point of
view?
Thanks,
Kumar
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003
More information about the Kerberos
mailing list