bug: krb5_get_host_realm() no longer uses DNS
Greg Hudson
ghudson at MIT.EDU
Mon May 17 18:38:48 EDT 2010
On Mon, 2010-05-17 at 18:21 -0400, Nicolas Williams wrote:
> Method #1: Use gss_compare_name() to compare a name obtained by calling
> gss_import_name() on "host@<hostname>" to the acceptor name
> returned by gss_inquire_context().
One of the reasons not to specify a desired name in an acceptor is that
you don't know the hostname used by the client (because of aliases).
Neither method #1 nor method #2 will work if you don't have a <hostname>
value. You really just want to verify the "host" part.
More information about the Kerberos
mailing list