RFC: Turning off reverse hostname resolution by default in 1.10
Nico Williams
nico at cryptonector.com
Wed Jul 6 14:10:59 EDT 2011
I would also recommend finding a way to get rid of the forward
resolution as well. That's more difficult because
krb5_sname_to_principal() lacks context that might be helpful to
hostbased principal canonicalization. One approach might be to add a
new form(s) of that function that accepts additional contextual
arguments then start using it instead of the old function.
In any case, +1 from me.
More information about the Kerberos
mailing list