Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
shishi_realm_for_server_dns(3)	    shishi	shishi_realm_for_server_dns(3)

NAME
       shishi_realm_for_server_dns - API function

SYNOPSIS
       #include	<shishi.h>

       char * shishi_realm_for_server_dns(Shishi * handle, char	* server);

ARGUMENTS
       Shishi *	handle
		   Shishi library handle create	by shishi_init().

       char * server
		   hostname to find realm for.

DESCRIPTION
       Find   realm   for   a	host   using   DNS   lookups,	according   to
       draft-ietf-krb-wg-krb-dns-locate-03.txt.	  Since	 DNS  lookups  may  be
       spoofed,	 relying  on the realm information may result in a redirection
       attack.	In a single-realm scenario, this only  achieves	 a  denial  of
       service,	 but  with  cross-realm	trust it may redirect you to a compro-
       mised realm.  For this reason, Shishi prints a warning, suggesting that
       the  user should	add the	proper 'server-realm' configuration tokens in-
       stead.

       To illustrate the DNS information used, here is an extract from a  zone
       file for	the domain ASDF.COM:

       _kerberos.asdf.com.		 IN	   TXT	     "ASDF.COM"	 _ker-
       beros.mrkserver.asdf.com.   IN	   TXT	   "MARKETING.ASDF.COM"	 _ker-
       beros.salesserver.asdf.com. IN	   TXT	   "SALES.ASDF.COM"

       Let  us	suppose	that in	this case, a client wishes to use a service on
       the host	foo.asdf.com.  It would	first query:

       _kerberos.foo.asdf.com. IN TXT

       Finding no match, it would then query:

       _kerberos.asdf.com. IN TXT

RETURN VALUE
       Returns realm for host, or NULL if not found.

REPORTING BUGS
       Report bugs to <bug-shishi@gnu.org>.

COPYRIGHT
       Copyright (C) 2002-2010 Simon Josefsson.
       Copying and distribution	of this	file, with  or	without	 modification,
       are  permitted in any medium without royalty provided the copyright no-
       tice and	this notice are	preserved.

SEE ALSO
       The full	documentation for shishi is maintained as  a  Texinfo  manual.
       If  the	info  and shishi programs are properly installed at your site,
       the command

	      info shishi

       should give you access to the complete manual.

shishi				     1.0.2	shishi_realm_for_server_dns(3)

NAME | SYNOPSIS | ARGUMENTS | DESCRIPTION | RETURN VALUE | REPORTING BUGS | COPYRIGHT | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=shishi_realm_for_server_dns&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help