delegating principal creation to a web process
Russ Allbery
rra at stanford.edu
Thu Mar 20 14:54:58 EDT 2008
Simon Wilkinson <simon at sxw.org.uk> writes:
> It's not clear from your description how you check that the script is
> creating the 'correct' account name for a particular user - nor how you
> protect against denial of service attacks, or attacks which create
> 'magic' account names (root, <blah>/ admin, anything else your site has
> in a wildcard)
http://www.eyrie.org/~eagle/software/kadmin-remctl/ may be helpful in that
respect.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list