noble (3) shishi_realm_for_server_dns.3.gz

Provided by: shishi-doc_1.0.3-2.1build2_all bug

NAME
       shishi_realm_for_server_dns - API function


SYNOPSIS
       #include <shishi.h>

       char * shishi_realm_for_server_dns(Shishi * handle, char * server);


ARGUMENTS
       Shishi * handle
                   Shishi library handle created by shishi_init().

       char * server
                   Hostname to find realm for.


DESCRIPTION
       Finds    the    realm    for    a    host    server    using    DNS   lookup,   as   is   prescribed   in
       "draft-ietf-krb-wg-krb-dns-locate-03.txt".

       Since DNS lookup can be spoofed, relying on the realm information may result in a redirection attack.  In
       a  single-realm  scenario,  this only achieves a denial of service, but with trust across multiple realms
       the attack may redirect you to a compromised realm.  For this reason, Shishi prints a warning, suggesting
       that the user should instead add a proper 'server-realm' configuration token.

       To illustrate the DNS information used, here is an extract from a zone file for the domain ASDF.COM:

       _kerberos.asdf.com.               IN     TXT       "ASDF.COM"  _kerberos.mrkserver.asdf.com.    IN    TXT
       "MARKETING.ASDF.COM" _kerberos.salesserver.asdf.com. IN   TXT     "SALES.ASDF.COM"

       Let us suppose that in this case, a client wishes to use a service on the host "foo.asdf.com".  It  would
       first query for

       _kerberos.foo.asdf.com.  IN TXT

       Finding no match, it would then query for

       _kerberos.asdf.com.      IN TXT

       With the resource records stated above, the latter query returns a positive answer.


RETURN VALUE
       Returns realm for the indicated host, or NULL if no relevant TXT record could be found.


REPORTING BUGS
       Report  bugs  to <bug-shishi@gnu.org>.  GNU Shishi home page: http://www.gnu.org/software/shishi/ General
       help using GNU software: http://www.gnu.org/gethelp/


       Copyright © 2002-2022 Simon Josefsson.
       Copying and distribution of this file, with or without modification, are permitted in any medium  without
       royalty provided the copyright notice and this notice are preserved.


SEE ALSO
       The full documentation for shishi is maintained as a Texinfo manual.  If the info and shishi programs are
       properly installed at your site, the command

              info shishi

       should give you access to the complete manual.