host name resolution, again (krb5-1.3-alpha1 is available)
hartmans at MIT.EDU
Fri Mar 14 21:19:04 EST 2003
I would certainly consider looking at patches to applications that did
a gethostbyname() or getaddrinfo() on the user-supplied name and took
both the hostname and address from that reply. The hostname should be
passed to GSSAPI and the address used for the connect.
I would object to patches that add additional dependences on reverse
resolution especially if the add dependence on reverse resolution
outside krb5_sname_to_princ for GSSAPI applications.
In general, doing this securely is hard and requires KDC support we do
not currently have.
More information about the krbdev