Null realms and servers
Derek Atkins
warlord at MIT.EDU
Wed Dec 20 09:51:14 EST 2006
Nicolas Williams <Nicolas.Williams at sun.com> writes:
>> How do you determine the base domain for a realm hierarchy?
>> E.g. what kind of algorithm do you use to decide whether
>> w.x.y.z maps to Y.Z or X.Y.Z? For example, how would you
>> handle myhost.oxford.ac.uk? Or even myhost.mydept.oxford.ac.uk?
>> Obviously you wouldn't want this to map to domain AC.UK.
>
> The algorithm is:
>
> domain = fqdn;
> while (domain.label_count > 2) {
> domain = pop_label(domain);
> realm = domain2realm(domain); /* for ASCII: toupper() */
> if (lookup_kdcs(realm) > 0)
> break;
> realm = NULL;
> }
>
> return (realm);
>
> This does depend on having FQDNs, which means we still have to solve the
> secure hostname canonicalization problem. (More on that in a separate
> thread, some other time.)
Ahh, there's the "lookup_kdcs()" step. That makes sense, and
answers the question. At each step in the FQDN you perform an
active check to see if there's a realm at that level.
> Nico
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the krbdev
mailing list