RFC: Turning off reverse hostname resolution by default in 1.10

Nico Williams nico at cryptonector.com
Wed Jul 6 14:10:59 EDT 2011


I would also recommend finding a way to get rid of the forward
resolution as well.  That's more difficult because
krb5_sname_to_principal() lacks context that might be helpful to
hostbased principal canonicalization.  One approach might be to add a
new form(s) of that function that accepts additional contextual
arguments then start using it instead of the old function.

In any case, +1 from me.



More information about the Kerberos mailing list