Implementing IETF Draft on DNS use in Kerberos

Derek Atkins warlord at MIT.EDU
Fri Jul 19 23:10:00 EDT 2002

Sam Hartman <hartmans at MIT.EDU> writes:

> Yes.  Note however a security problem exists when the DNS support is
> used for determining something other than the local realm.

True.  Hopefully DNSSEC will mitigate this threat (if/when it gets
deployed ;)

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the krbdev mailing list