Is "SPN advertisement" or well-known SPNs a security hole?

Srinivas Kakde srinivas.kakde at yahoo.com
Mon Jan 14 16:57:55 EST 2008


Hello,



There is an old posting to samba-technical



http://lists.samba.org/archive/samba-technical/2007-July/054354.html



This message says: From a security standpoint, allowing the server to specify its  
service principal is a "bad idea".

Why it a bad idea?  



I am writing to the Kerberos list because I think the answer would be interesting to all developers of Kerberized applications not just to people who watch  samba-technical.


Thank you.













      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping




More information about the Kerberos mailing list