Implementing IETF Draft on DNS use in Kerberos

Sam Hartman hartmans at MIT.EDU
Tue Jul 16 15:52:01 EDT 2002

>>>>> "Jeffrey" == Jeffrey Altman <jaltman at> writes:

    Jeffrey> As described in the draft there are security
    Jeffrey> considerations to be aware of.  While there are no new
    Jeffrey> attacks it does provide an avenue for those attacks to be
    Jeffrey> performed at an additional location.

    Jeffrey> Having a flag in krb5.conf is fine provided that if there
    Jeffrey> is no krb5.conf that the DNS SRV and DNS TXT lookups be
    Jeffrey> used.

I think a lot of us would argue that the right default is yes for SRV
and no for txt.  Especially if we're going to move to cross-realm

More information about the krbdev mailing list