Provided by: shishi-doc_1.0.3-1_all bug

NAME
       shishi_realm_for_server_dns - API function


SYNOPSIS
       #include <shishi.h>

       char * shishi_realm_for_server_dns(Shishi * handle, char * server);


ARGUMENTS
       Shishi * handle
                   Shishi library handle created by shishi_init().

       char * server
                   Hostname to find realm for.


DESCRIPTION
       Finds   the   realm   for   a   host   server  using  DNS  lookup,  as  is  prescribed  in
       "draft-ietf-krb-wg-krb-dns-locate-03.txt".

       Since DNS lookup can be spoofed,  relying  on  the  realm  information  may  result  in  a
       redirection  attack.   In a single-realm scenario, this only achieves a denial of service,
       but with trust across multiple realms the attack may redirect you to a compromised  realm.
       For  this  reason,  Shishi prints a warning, suggesting that the user should instead add a
       proper 'server-realm' configuration token.

       To illustrate the DNS information used, here is an extract from a zone file for the domain
       ASDF.COM:

       _kerberos.asdf.com.             IN   TXT     "ASDF.COM" _kerberos.mrkserver.asdf.com.   IN
       TXT     "MARKETING.ASDF.COM" _kerberos.salesserver.asdf.com. IN   TXT     "SALES.ASDF.COM"

       Let us suppose that in  this  case,  a  client  wishes  to  use  a  service  on  the  host
       "foo.asdf.com".  It would first query for

       _kerberos.foo.asdf.com.  IN TXT

       Finding no match, it would then query for

       _kerberos.asdf.com.      IN TXT

       With the resource records stated above, the latter query returns a positive answer.


RETURN VALUE
       Returns realm for the indicated host, or NULL if no relevant TXT record could be found.


REPORTING BUGS
       Report      bugs      to      <bug-shishi@gnu.org>.      GNU     Shishi     home     page:
       http://www.gnu.org/software/shishi/     General     help     using      GNU      software:
       http://www.gnu.org/gethelp/


COPYRIGHT
       Copyright © 2002-2022 Simon Josefsson.
       Copying  and distribution of this file, with or without modification, are permitted in any
       medium without royalty provided the copyright notice and this notice are preserved.


SEE ALSO
       The full documentation for shishi is maintained as a Texinfo  manual.   If  the  info  and
       shishi programs are properly installed at your site, the command

              info shishi

       should give you access to the complete manual.