NAME¶
shishi_realm_for_server_dns - API function
SYNOPSIS¶
#include <shishi.h>
char * shishi_realm_for_server_dns(Shishi * handle, char *
server);
ARGUMENTS¶
- Shishi * handle
- Shishi library handle create by shishi_init().
- char * server
- hostname to find realm for.
DESCRIPTION¶
Find realm for a host using DNS lookups, according to
draft-ietf-krb-wg-krb-dns-locate-03.txt. Since DNS lookups may be spoofed,
relying on the realm information may result in a redirection attack. In a
single-realm scenario, this only achieves a denial of service, but with
cross-realm trust it may redirect you to a compromised realm. For this reason,
Shishi prints a warning, suggesting that the user should add the proper
'server-realm' configuration tokens instead.
To illustrate the DNS information used, here is an extract from a zone file for
the domain ASDF.COM:
_kerberos.asdf.com. IN TXT "ASDF.COM" _kerberos.mrkserver.asdf.com. IN
TXT "MARKETING.ASDF.COM" _kerberos.salesserver.asdf.com. IN TXT
"SALES.ASDF.COM"
Let us suppose that in this case, a client wishes to use a service on the host
foo.asdf.com. It would first query:
_kerberos.foo.asdf.com. IN TXT
Finding no match, it would then query:
_kerberos.asdf.com. IN TXT
RETURN VALUE¶
Returns realm for host, or NULL if not found.
REPORTING BUGS¶
Report bugs to <bug-shishi@gnu.org>.
COPYRIGHT¶
Copyright © 2002-2010 Simon Josefsson.
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice and this
notice are preserved.
SEE ALSO¶
The full documentation for
shishi is maintained as a Texinfo manual. If
the
info and
shishi programs are properly installed at your
site, the command
- info shishi
should give you access to the complete manual.