.\" DO NOT MODIFY THIS FILE!  It was generated by gdoc.
.TH "shishi_realm_for_server_dns" 3 "1.0.3" "shishi" "shishi"
.SH NAME
shishi_realm_for_server_dns \- API function
.SH SYNOPSIS
.B #include <shishi.h>
.sp
.BI "char * shishi_realm_for_server_dns(Shishi * " handle ", char * " server ");"
.SH ARGUMENTS
.IP "Shishi * handle" 12
Shishi library handle created by \fBshishi_init()\fP.
.IP "char * server" 12
Hostname to find realm for.
.SH "DESCRIPTION"
Finds the realm for a host \fIserver\fP using DNS lookup, as is
prescribed in "draft\-ietf\-krb\-wg\-krb\-dns\-locate\-03.txt".

Since DNS lookup can be spoofed, relying on the realm information
may result in a redirection attack.  In a single\-realm scenario,
this only achieves a denial of service, but with trust across
multiple realms the attack may redirect you to a compromised realm.
For this reason, Shishi prints a warning, suggesting that the user
should instead add a proper 'server\-realm' configuration token.

To illustrate the DNS information used, here is an extract from a
zone file for the domain ASDF.COM:

_kerberos.asdf.com.             IN   TXT     "ASDF.COM"
_kerberos.mrkserver.asdf.com.   IN   TXT     "MARKETING.ASDF.COM"
_kerberos.salesserver.asdf.com. IN   TXT     "SALES.ASDF.COM"

Let us suppose that in this case, a client wishes to use a service
on the host "foo.asdf.com".  It would first query for

_kerberos.foo.asdf.com.  IN TXT

Finding no match, it would then query for

_kerberos.asdf.com.      IN TXT

With the resource records stated above, the latter query returns
a positive answer.
.SH "RETURN VALUE"
Returns realm for the indicated host, or \fBNULL\fP
if no relevant TXT record could be found.
.SH "REPORTING BUGS"
Report bugs to <bug-shishi@gnu.org>.
GNU Shishi home page: http://www.gnu.org/software/shishi/
General help using GNU software: http://www.gnu.org/gethelp/
.SH COPYRIGHT
Copyright \(co 2002-2022 Simon Josefsson.
.br
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
.SH "SEE ALSO"
The full documentation for
.B shishi
is maintained as a Texinfo manual.  If the
.B info
and
.B shishi
programs are properly installed at your site, the command
.IP
.B info shishi
.PP
should give you access to the complete manual.