update comment

author Ken Raeburn <raeburn@mit.edu>

Fri, 8 Mar 2002 23:11:26 +0000 (23:11 +0000)

committer Ken Raeburn <raeburn@mit.edu>

Fri, 8 Mar 2002 23:11:26 +0000 (23:11 +0000)
author Ken Raeburn <raeburn@mit.edu>
Fri, 8 Mar 2002 23:11:26 +0000 (23:11 +0000)
committer Ken Raeburn <raeburn@mit.edu>
Fri, 8 Mar 2002 23:11:26 +0000 (23:11 +0000)
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c

index dee36247a5141218a06844a89db3c16233a5823d..e2fd62d27fb7b538be31a9c0f8ec44a0718a6009 100644 (file)
--- a/src/appl/bsd/login.c
+++ b/src/appl/bsd/login.c
@@ -818,7 +818,8 @@ static int verify_krb_v4_tgt (realm)
      memcpy ((char *) &addr, (char *)hp->h_addr, sizeof (addr));
      /* Do we have rcmd.<host> keys? */
  #if 0 /* Be paranoid.  If srvtab exists, assume it must contain the
-        right key.  */
+        right key.  The more paranoid mode also helps avoid a
+        possible DNS spoofing issue.  */
      have_keys = read_service_key (rcmd_str, phost, realm, 0, KEYFILE, key)
         ? 0 : 1;
      memset (key, 0, sizeof (key));
author	Ken Raeburn <raeburn@mit.edu>
	Fri, 8 Mar 2002 23:11:26 +0000 (23:11 +0000)
committer	Ken Raeburn <raeburn@mit.edu>
	Fri, 8 Mar 2002 23:11:26 +0000 (23:11 +0000)