>> However, this has made me wonder: why do this at all? What is the >> possible security gain here? It's not the default in the code; you have >> to explicitly write code to enable this behavior. But I can't really >> think of a case where NOT having strict acceptor checking is a security >> problem; I could maybe squint and envision some kind of weird hosted >> server setup where it might matter, but I'm not sure that is ever done >> in the real world. I will admit it is entirely possible I am missing >> something; if I am, I'd sure like to understand what I am missing. > >I have always operated under the theory that one should make sure that >the keytab accepts exactly the set of principals that are required. >This is something that is under the ultimate control of the system >administrator. When an application turns on strict acceptor checking, >they remove this configrability from the system administrator which I >think makes the system much less flexible.
I'm completely with you, but clearly plenty of application writers do not agree with this sentiment! So I'm wondering what I am missing. --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
