bugzilla-daemon at bugzilla.mindrot.org
2008-Aug-08 00:09 UTC
[Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=928 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Blocks| |1481 --- Comment #4 from Damien Miller <djm at mindrot.org> 2008-08-08 10:09:45 --- What are the risks to a server of having this option enabled? -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching someone on the CC list of the bug. You are watching the reporter.
bugzilla-daemon at bugzilla.mindrot.org
2008-Aug-09 14:45 UTC
[Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=928 --- Comment #5 from Markus Moeller <huaraz at moeller.plus.com> 2008-08-10 00:45:39 --- I don't see any additional risk to the server. Markus -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching someone on the CC list of the bug. You are watching the reporter.
bugzilla-daemon at bugzilla.mindrot.org
2008-Aug-09 14:58 UTC
[Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=928 --- Comment #6 from Simon Wilkinson <simon at sxw.org.uk> 2008-08-10 00:58:27 --- The potential risk (with my patch, which is the correct way to implement this with modern Kerberos libraries) is that it allows any principal contained within the system keytab to be used, rather than just the host/hostname one. However, Kerberos administrators already have to ensure that principals contained within the system keytab have the same, high, level of trust ascribed to them, so I don't believe that there is any practical increase in risk caused by applying this patch. Simon. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching someone on the CC list of the bug. You are watching the reporter.
Possibly Parallel Threads
- [Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
- [Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
- [Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
- GSSAPI, Kerberos and multihomed hosts
- [Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts