Subject: Re: ut oh..
To: Bill Sommerfeld <>
From: Michael Graff <>
List: tech-net
Date: 03/22/1996 09:57:31
>This is a *bad* idea.
>This introduces a vulnerability to name-server based spoofing.

How is this less secure than the usual problems with DNS?

>I would strongly suggest that you print the server principal name you
>actually end up using if the client pulls this stunt..

It does print the host name.  You would suggest printing, for example,
rcmd.isua2@IASTATE.EDU for the user?

explorer@packrat:~> telnet -ax isua
Connected to
Escape character is '^]'.
[ Trying KERBEROS4 ... ]
[ Kerberos V4 accepts you ]
[ Kerberos V4 challenge successful ]


Michael Graff <>        NetBSD is the way to go!
PGP key on a key-server near you!         Netshade the world!
	Censorship is as pointless as a football bat.