capaths questions

Douglas E. Engert deengert at
Tue May 18 12:40:21 EDT 2004

Nicolas Williams wrote:

> It's actually quite simple since most folk will get by with a default
> rule allowing for any transited path and those who don't will generally
> have a few such rules.

This is a big security hole if they accept any path, in effect that
are not testing the transited path! 

The point is that they should only accept one (or a few) trusted paths. 


 Douglas E. Engert  <DEEngert at>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the krbdev mailing list