host name resolution, again (krb5-1.3-alpha1 is available)

Sam Hartman hartmans at MIT.EDU
Fri Mar 14 21:19:04 EST 2003

I would certainly consider looking at patches to applications that did
a gethostbyname() or getaddrinfo() on the user-supplied name and took
both the hostname and address from that reply.  The hostname should be
passed to GSSAPI and the address used for the connect.

I would object to patches that add additional dependences on reverse
resolution especially if the add dependence on reverse resolution
outside krb5_sname_to_princ for GSSAPI applications.

In general, doing this securely is hard and requires KDC support we do
not currently have.

More information about the krbdev mailing list