krb5 address checks and loopback connections

Sam Hartman hartmans at MIT.EDU
Tue Jul 9 11:24:11 EDT 2002

Well, the obvious reason not to implement this is the anti-spoofing
concerns you have already discussed.  On Linux there is spoof
protection, but many other OSes do not have this protection.

We could also get around this problem in the tests by changing the
default to issue addressless tickets.  We are going to make that
change for clarifications and certainly for extensions, so we might as
well make that soon.

More information about the krbdev mailing list