Proposed Behavior change: don't fail when krb5_sname_to_principal cannot canonicalize input
tlyu at MIT.EDU
Fri Oct 14 14:21:19 EDT 2011
Greg Hudson <ghudson at MIT.EDU> writes:
> I'm not really opposed to this, although one could argue that
> host/foo.searchdomain is a better guess than host/foo in the absence of
> DNS (when foo contains no dots). But that assumes we can find out the
> search domain (which might be easier than we used to think, but we don't
> have a facility for it at the moment) and begs the question of what
> happens when there are multiple search domains.
Is there any way to securely deal with multiple search domains?
More information about the krbdev