Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement DNS hostname canonicalization #50

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Commits on Apr 12, 2024

  1. Implement DNS hostname canonicalization

    Optionally resolve hostname via CNAME recrord to its canonical form
    (A or AAAA record). Optionally use reverse DNS query.
    
    Such code is necessary on Windows platforms where SSPI (unlike MIT
    Kerberos[1]) does not implement such operation and it is applications'
    responsibility[2] to take care of CNAME resolution. However, the code
    seems universal enough to put it into the library rather than in every
    single program using requests_gssapi.
    
    Warning: Usage of insecure DNS queries is explicitly forbidden in
    RFC 4120[3] and may result in the risk of man-in-the-middle attack.
    
    [1] https://github.com/krb5/krb5/blob/ec71ac1cabbb3926f8ffaf71e1ad007e4e56e0e5/src/lib/krb5/os/sn2princ.c#L99
    [2] https://learn.microsoft.com/en-us/previous-versions/office/sharepoint-server-2010/gg502606(v=office.14)?redirectedfrom=MSDN#kerberos-authentication-and-dns-cnames
    [3] https://datatracker.ietf.org/doc/html/rfc4120
    steelman committed Apr 12, 2024
    Configuration menu
    Copy the full SHA
    e526fb5 View commit details
    Browse the repository at this point in the history