delegating principal creation to a web process

Russ Allbery rra at stanford.edu
Thu Mar 20 14:54:58 EDT 2008


Simon Wilkinson <simon at sxw.org.uk> writes:

> It's not clear from your description how you check that the script is
> creating the 'correct' account name for a particular user - nor how you
> protect against denial of service attacks, or attacks which create
> 'magic' account names (root, <blah>/ admin, anything else your site has
> in a wildcard)

http://www.eyrie.org/~eagle/software/kadmin-remctl/ may be helpful in that
respect.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list