Provided by: shishi-doc_1.0.0-2_all bug

NAME

       shishi_realm_for_server_dns - API function

SYNOPSIS

       #include <shishi.h>

       char * shishi_realm_for_server_dns(Shishi * handle, char * server);

ARGUMENTS

       Shishi * handle
                   Shishi library handle create by shishi_init().

       char * server
                   hostname to find realm for.

DESCRIPTION

       Find      realm     for     a     host     using     DNS     lookups,     according     to
       draft-ietf-krb-wg-krb-dns-locate-03.txt.  Since DNS lookups may be spoofed, relying on the
       realm  information  may  result in a redirection attack.  In a single-realm scenario, this
       only achieves a denial of service, but with cross-realm trust it may  redirect  you  to  a
       compromised  realm.   For  this  reason, Shishi prints a warning, suggesting that the user
       should add the proper 'server-realm' configuration tokens instead.

       To illustrate the DNS information used, here is an extract from a zone file for the domain
       ASDF.COM:

       _kerberos.asdf.com.              IN       TXT     "ASDF.COM" _kerberos.mrkserver.asdf.com.
       IN        TXT       "MARKETING.ASDF.COM"   _kerberos.salesserver.asdf.com.   IN        TXT
       "SALES.ASDF.COM"

       Let  us  suppose  that  in  this  case,  a  client  wishes  to  use  a service on the host
       foo.asdf.com.  It would first query:

       _kerberos.foo.asdf.com. IN TXT

       Finding no match, it would then query:

       _kerberos.asdf.com. IN TXT

RETURN VALUE

       Returns realm for host, or NULL if not found.

REPORTING BUGS

       Report bugs to <bug-shishi@gnu.org>.

COPYRIGHT

       Copyright © 2002-2010 Simon Josefsson.
       Copying and distribution of this file, with or without modification, are permitted in  any
       medium without royalty provided the copyright notice and this notice are preserved.

SEE ALSO

       The  full  documentation  for  shishi  is maintained as a Texinfo manual.  If the info and
       shishi programs are properly installed at your site, the command

              info shishi

       should give you access to the complete manual.