spelling
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19196 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -1101,16 +1101,16 @@ name of the TGS of the target realm.
|
|||||||
Both of these two requirements are not required by the standard to be
|
Both of these two requirements are not required by the standard to be
|
||||||
checked by the client if it have external information what the
|
checked by the client if it have external information what the
|
||||||
certificate the KDC is supposed to be used. So its in the interst of
|
certificate the KDC is supposed to be used. So its in the interst of
|
||||||
minium amount of configuration on the clients they should be included.
|
minimum amount of configuration on the clients they should be included.
|
||||||
|
|
||||||
Remember that if client would accept any certificate as the KDC's
|
Remember that if client would accept any certificate as the KDC's
|
||||||
certificate, the client could be fooled into trusting something that
|
certificate, the client could be fooled into trusting something that
|
||||||
isn't a KDC and thus expose the user to giving away information (like
|
isn't a KDC and thus expose the user to giving away information (like
|
||||||
password or other private information) that it is supposed to secret.
|
password or other private information) that it is supposed to secret.
|
||||||
|
|
||||||
Also, if the extension certificate have a nameConstraints extention
|
Also, if the certificate have a nameConstraints extention with a
|
||||||
with a Generalname with dNSName or iPAdress it must match the hostname
|
Generalname with dNSName or iPAdress it must match the hostname or
|
||||||
or adress of the KDC.
|
adress of the KDC.
|
||||||
|
|
||||||
@subsection Client certificate
|
@subsection Client certificate
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user