Why do "strict acceptor checking"?
Roland C. Dowdeswell
elric at imrryr.org
Tue Oct 8 05:50:36 EDT 2024
On Mon, Oct 07, 2024 at 08:23:28PM -0400, Ken Hornstein via Kerberos wrote:
>
> However, this has made me wonder: why do this at all? What is the
> possible security gain here? It's not the default in the code; you have
> to explicitly write code to enable this behavior. But I can't really
> think of a case where NOT having strict acceptor checking is a security
> problem; I could maybe squint and envision some kind of weird hosted
> server setup where it might matter, but I'm not sure that is ever done
> in the real world. I will admit it is entirely possible I am missing
> something; if I am, I'd sure like to understand what I am missing.
I have always operated under the theory that one should make sure that
the keytab accepts exactly the set of principals that are required.
This is something that is under the ultimate control of the system
administrator. When an application turns on strict acceptor checking,
they remove this configrability from the system administrator which I
think makes the system much less flexible.
--
Roland C. Dowdeswell https://Imrryr.ORG/
More information about the Kerberos
mailing list