bug: krb5_get_host_realm() no longer uses DNS

Greg Hudson ghudson at MIT.EDU
Mon May 17 18:38:48 EDT 2010


On Mon, 2010-05-17 at 18:21 -0400, Nicolas Williams wrote:
> Method #1: Use gss_compare_name() to compare a name obtained by calling
>            gss_import_name() on "host@<hostname>" to the acceptor name
> 	   returned by gss_inquire_context().

One of the reasons not to specify a desired name in an acceptor is that
you don't know the hostname used by the client (because of aliases).
Neither method #1 nor method #2 will work if you don't have a <hostname>
value.  You really just want to verify the "host" part.





More information about the Kerberos mailing list