Daniel Henninger <[EMAIL PROTECTED]> writes: >> The domain to realm mapping, if spoofed, can trick a client program >> into authenticating to the wrong realm. If the appropriate principals >> exist in that other realm (perhaps set up by a less than scrupulous >> administrator), and the address record lookup is similarly spoofed (or >> the traffic is intercepted, or anything similar), then the client would >> quietly authenticate (successfully) to the wrong server, the user would >> send his private data, etc. > > Eww... Ok, I'm removing them.
Note that it's not the presence of the DNS TXT records that creates the risk; it's the willingness to use TXT records by the client. The MIT clients won't use them by default. All removing the TXT records will do is prevent people in your realm or talking to your realm from having things actually work if they do try turning on the option and don't have the appropriate data in their config files. (And if someone does try it, and someone else is spoofing answers, it won't matter whether you've got the TXT records or not.) But that small disincentive, making the TXT record option less useful, may still be worthwhile, if that fits with your security model. Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
