Provided by: shishi-doc_1.0.2-6build1_all 
NAME
shishi_realm_for_server_dns - API function
SYNOPSIS
#include <shishi.h>
char * shishi_realm_for_server_dns(Shishi * handle, char * server);
ARGUMENTS
Shishi * handle
Shishi library handle create by shishi_init().
char * server
hostname to find realm for.
DESCRIPTION
Find realm for a host using DNS lookups, according to
draft-ietf-krb-wg-krb-dns-locate-03.txt. Since DNS lookups may be spoofed, relying on the
realm information may result in a redirection attack. In a single-realm scenario, this
only achieves a denial of service, but with cross-realm trust it may redirect you to a
compromised realm. For this reason, Shishi prints a warning, suggesting that the user
should add the proper 'server-realm' configuration tokens instead.
To illustrate the DNS information used, here is an extract from a zone file for the domain
ASDF.COM:
_kerberos.asdf.com. IN TXT "ASDF.COM" _kerberos.mrkserver.asdf.com.
IN TXT "MARKETING.ASDF.COM" _kerberos.salesserver.asdf.com. IN TXT
"SALES.ASDF.COM"
Let us suppose that in this case, a client wishes to use a service on the host
foo.asdf.com. It would first query:
_kerberos.foo.asdf.com. IN TXT
Finding no match, it would then query:
_kerberos.asdf.com. IN TXT
RETURN VALUE
Returns realm for host, or NULL if not found.
REPORTING BUGS
Report bugs to <bug-shishi@gnu.org>.
COPYRIGHT
Copyright © 2002-2010 Simon Josefsson.
Copying and distribution of this file, with or without modification, are permitted in any
medium without royalty provided the copyright notice and this notice are preserved.
SEE ALSO
The full documentation for shishi is maintained as a Texinfo manual. If the info and
shishi programs are properly installed at your site, the command
info shishi
should give you access to the complete manual.