Package: krb5 Severity: wishlist
Please enable DNS realm lookups in the call to ./configure (--enable-dns-for-realm). This enables lookups of the realm a host belongs to via _kerberos.<host> IN TXT records. Doing so would enable easier and more consistent configuration in complex environments since DNS would replace a hard-to-maintain domain_realm section in krb5.conf. There are some security implications to this (see the paragraph 'dns_lookup_realm' on the corresponding configuration option in http://web.mit.edu/Kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-admin.html#libdefaults). Since both, the compilation option and the configuration option must be enabled and the default for the configuration option is "false/off" I think those security problems from enabling the compilation option are neglegible. -- System Information: Debian Release: 6.0.1 APT prefers stable APT policy: (1050, 'stable'), (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 2.6.32.27 (SMP w/16 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
