krb5_sname_to_principal or LDAP/SASL/GSSAPI and reverse DNS

Derek Atkins warlord at MIT.EDU
Tue Apr 8 17:09:19 EDT 2003

John Hascall <john at> writes:

> I would be interested in hearing more about #3 (how does
> hostname canonicalization == no security?)

DNS spoofing.  I spoof the PTR lookup to a machine that I own.
I now act as a Man-in-the-middle.

> John


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the krbdev mailing list