[29033] in Kerberos
Is "SPN advertisement" or well-known SPNs a security hole?
daemon@ATHENA.MIT.EDU (Srinivas Kakde)
Mon Jan 14 17:26:37 2008
Date: Mon, 14 Jan 2008 13:57:55 -0800 (PST)
From: Srinivas Kakde <srinivas.kakde@yahoo.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Message-ID: <422369.96913.qm@web46012.mail.sp1.yahoo.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
There is an old posting to samba-technical
http://lists.samba.org/archive/samba-technical/2007-July/054354.html
This message says: From a security standpoint, allowing the server to specify its
service principal is a "bad idea".
Why it a bad idea?
I am writing to the Kerberos list because I think the answer would be interesting to all developers of Kerberized applications not just to people who watch samba-technical.
Thank you.
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
