On Wed, 19 Jun 2002 21:42:40 +0000 (UTC), [EMAIL PROTECTED] (Sam Hartman) wrote:
> >Note that not using addresses seems to be the recommended direction >within the Kerberos working group. At least there was significant >consensus that we wanted to move away from addresses at a meeting we >had last February. > >________________________________________________ >Kerberos mailing list [EMAIL PROTECTED] >http://mailman.mit.edu/mailman/listinfo/kerberos > I have also heard that it is possible to add the option "noaddresses = true" in the libdefaults section of the %SYSTEMROOT%\krb5.ini file (I'm referring to NT, NT/2000)- This seems to work in our environment where our PC clients are running a krb5 v1.1.1 client. Similarly, our KDCs are running the same version in a Solaris environment. Are there any security concerns with bypassing addresses altogether? I expect not, but just want to check with the experts to be sure. thanks in advance, Steven McElwee, Duke University ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
