Wallet: a few questions on ACLs (and other animals)

Mantas Mikulėnas grawity at gmail.com
Thu Jun 14 17:50:51 EDT 2012

On Fri, Jun 15, 2012 at 12:19 AM, Russ Allbery <rra at stanford.edu> wrote:
> Jan-Piet Mens <jpmens.dns at gmail.com> writes:
>>    Related: Is it possible to configure the wallet servername via a DNS
>>    SRV/TXT record?  (Haven't checked the source code -- sorry.)
> Not currently.  It's a little tricky to use a SRV record for this since
> wallet doesn't have its own port (it just uses remctl), and normally SRV
> records are tied to services with unique port assignments.  I could just
> make up some TXT record convention, but I feel weird about that.

Just like there are _kerberos._udp and _kerberos-master._udp sharing
daemons and ports, I see no reason there couldn't be a _wallet._tcp
SRV record.

> There are also security issues with trusting DNS if you don't have DNSSEC
> configured.

How are they different from trusting DNS to correctly resolve a
statically configured server?

Mantas Mikulėnas

More information about the Kerberos mailing list