Ticket addresses w.r.t. forwarded tickets.
Sam Hartman
hartmans at MIT.EDU
Tue Dec 6 10:20:00 EST 2005
>>>>> "Roland" == Roland Dowdeswell <Roland.Dowdeswell at MorganStanley.com> writes:
Roland> The problem with the current mechanism for putting
Roland> addresses in forwarded tickets is that it is not likely to
Roland> put the correct addresses in for `interesting' setups.
Roland> The current mechanism is to use the forward lookup of the
Roland> hostname, there is no guarantee that the forward lookup of
Roland> an address to which you connect will be the address from
Roland> which the remote host would attempt to contact the KDC.
Roland> The remote host may not even be able to contact the KDC
Roland> from that address.
We do understand this. This is one of the many reasons we default to
addressless tickets, forward addressless tickets from addressless
tickets and why RFC 4120 recommends against addresses in tickets.
--Sam
More information about the krbdev
mailing list