Comment 4 for bug 571572
Revision history for this message
| Sam Hartman (hartmans) wrote Re: [Bug 571572] Re: krb5 prefers the reverse pointer no matter what for locating service tickets. | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
The Kerberos Consortium has a paper on integrating Kerberos into an
application; see http://
I believe that the lucid behavior is correct according to MIT's
documentation: what should be happening is that
* with rdns=true (default), both forward and reverse resolution is
performed and the reverse name is used
* With rdns=false, forward resolution is performed including alias
resolution--that is cnames turn into the pointed-to value not the
entered value.
That behavior seems consistent with the code. If you believe that
things aren't working that way, then I can attempt to reproduce.
As I understand your patch, it would (on some platforms including all
Ubuntu platforms) cause the rdns=false behavior to actually skip
resolution and just use the entered name not resolving cnames.
It's possible there was a bug in previous releases of MIT Kerberos and
this was the behavior.
I also understand that the behavior surrounding Kerberos and DNS is kind
of complicated and not entirely desirable. The paper I pointed you at
includes discussions of problems with the current behavior and eventual
goals. It also recommends ways applications can avoid forward/reverse
DNS resolution if they wish to do so.