WWW-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: wikisrc/kerberos
Module Name: wikisrc
Committed By: riastradh
Date: Mon Jun 5 23:50:44 UTC 2023
Modified Files:
wikisrc/kerberos: system.mdwn
Log Message:
kerberos/system: Simplify and fix instructions for NetBSD.
Using ~/.krb5/config sidesteps issues with pam_krb5 or anything like
it.
Setting as-is:match_domain=netbsd.org:
1. plugs the CNAME-chasing vulnerability
(https://github.com/heimdal/heimdal/issues/1130); and
2. is necessary for wiki.n.o which has a CNAME to www46.n.o but uses
service principal HTTP/wiki.netbsd.org%NETBSD.ORG@localhost, so it simply
doesn't work with CNAME-chasing.
However, this limits the canonicalization rule to netbsd.org in case
the user relies on kerberized services in other Kerberos realms that
foolishly rely on the CNAME-chasing vulnerability.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 wikisrc/kerberos/system.mdwn
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index