Ubuntu
krb5 package

libkrb5-dev version 1.10-beta1 has broken RDNS support

Bug #1260845 reported by Nathan Rosenblum
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
krb5 (Ubuntu)
New
Undecided
Unassigned

Bug Description

The libkrb5-dev package provided for Precise is missing a critical bugfix in 1.10.2+ maintenance versions of MIT's Kerberos distribution which allows reverse DNS service principal name canonicalization to be disabled. The upstream ticket is here:

http://krbdev.mit.edu/rt/Ticket/Display.html?id=7124

In prior versions of libkrb5-dev, including the one currently available for Precise, the libkrb5.conf option `rdns=false` will have no effect.

Revision history for this message
Taylor Yu (tlyu) wrote :

This is probably the same as bug 571572.

Technically the upstream patch is a workaround for a glibc bug. This is probably deserving of an SRU for Precise.

Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

Which versions in Ubuntu are affected, please? Also, please see https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/571572/comments/17

Right now I'm not clear on what needs to be patched where, with the details of the interaction with libc and how this varies between releases, to actually upload anything. If somebody could clarify the situation with specific required minimal patches in Ubuntu and a correct fix in Trusty if required (or confirmation that Trusty is not affected), and there is consensus that this is accurate, then we can get this done. Details in the comment I linked above, and https://wiki.ubuntu.com/StableReleaseUpdates#Procedure. Without a detailed technical clarification of the situation covering Ubuntu releases, this bug will languish.

I'm marking this bug as a duplicate of bug 571572 as I assume that it's the same issue. If this is wrong, please explain and I can undo the duplicate mark. Otherwise, please continue discussion in the other bug. Thanks!

Revision history for this message
Nathan Rosenblum (nater-n) wrote :

Sorry about the delayed response. I'll answer your questions in the other bug.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.