Subject: Re: ut oh..
To: Michael Graff <firstname.lastname@example.org>
From: Bill Sommerfeld <email@example.com>
Date: 03/22/1996 22:23:44
> How is this less secure than the usual problems with DNS?
If the telnet client does the krb_mk_req to the intended service, and
is doing mutual authentication correctly, then spoofing the A record
won't get you anywhere -- the mutual authentication will fail and the
client should drop the connection.
You'll connect to a bogus server, but the server won't be able to
learn the session key you use for the authentication exchange, so it
won't be able to successfully authenticate itself back to the client..
> It does print the host name. You would suggest printing, for example,
> rcmd.isua2@IASTATE.EDU for the user?
It's better than nothing.
I'd rather it construct the principal name of the server using only
information provided by the user or from trusted local configuration
files. Anything returned by gethostby* doesn't count as trusted.
Alternatively, if the name generated from the command line argument
doesn't match the one generated from gethostbyfoo, you could print
both names and ask the user which one is intended...