Wallet: a few questions on ACLs (and other animals)
Mantas Mikulėnas
grawity at gmail.com
Thu Jun 14 17:50:51 EDT 2012
On Fri, Jun 15, 2012 at 12:19 AM, Russ Allbery <rra at stanford.edu> wrote:
> Jan-Piet Mens <jpmens.dns at gmail.com> writes:
>> Related: Is it possible to configure the wallet servername via a DNS
>> SRV/TXT record? (Haven't checked the source code -- sorry.)
>
> Not currently. It's a little tricky to use a SRV record for this since
> wallet doesn't have its own port (it just uses remctl), and normally SRV
> records are tied to services with unique port assignments. I could just
> make up some TXT record convention, but I feel weird about that.
Just like there are _kerberos._udp and _kerberos-master._udp sharing
daemons and ports, I see no reason there couldn't be a _wallet._tcp
SRV record.
> There are also security issues with trusting DNS if you don't have DNSSEC
> configured.
How are they different from trusting DNS to correctly resolve a
statically configured server?
--
Mantas Mikulėnas
More information about the Kerberos
mailing list