Reading kerberos-adm from DNS: when will MIT-krb support this?
Adam Megacz
megacz at cs.berkeley.edu
Tue Apr 1 12:54:25 EDT 2008
Hi, would it be possible for the Kerberos maintainers to consider the
patch below for inclusion in the main libkadm5 distribution?
- a
Adam Megacz <megacz at cs.berkeley.edu> writes:
> Ken Raeburn <raeburn at mit.edu> writes:
>>> I believe the future has already arrived. Current MIT code should
>>> be capable of finding and using records like this:
>>>
>>> spam% dig _kerberos-adm._tcp.umich.edu srv
>>
>> This is used for the password-changing service, but unfortunately the
>> RPC code used for the kadmin program still looks up admin_server, and
>> uses the first IP address found when looking up that hostname. No
>> DNS, one hostname, one address, no service-location plugin support,
>> no IPv6. These do need to be fixed....
>
> This should help.
>
> - a
>
>
> diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
> index bb87f88..48b1792 100644
> --- a/src/lib/kadm5/alt_prof.c
> +++ b/src/lib/kadm5/alt_prof.c
> @@ -416,10 +416,31 @@ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv,
> params.admin_server = strdup(params_in->admin_server);
> if (params.admin_server)
> params.mask |= KADM5_CONFIG_ADMIN_SERVER;
> - } else if (aprofile &&
> - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
> - params.admin_server = svalue;
> - params.mask |= KADM5_CONFIG_ADMIN_SERVER;
> + } else if (aprofile) {
> + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
> + params.admin_server = svalue;
> + params.mask |= KADM5_CONFIG_ADMIN_SERVER;
> + } else {
> + struct addrlist addrlist;
> + int i;
> + krb5_data drealm;
> + drealm.data = (void*)params.realm;
> + drealm.length = strlen(params.realm);
> + if (!krb5int_locate_server(context, &drealm, &addrlist, 0,
> + "admin_server", "_kerberos-adm", 1,
> + DEFAULT_KPASSWD_PORT, 0, 0)) {
> + for (i=0;i<addrlist.naddrs;i++ ) {
> + struct addrinfo *a = addrlist.addrs[i];
> + if (a->ai_family == AF_INET) {
> + params.admin_server = strdup(inet_ntoa(sa2sin(a->ai_addr)->sin_addr));
> + params.kadmind_port = ntohs(sa2sin (a->ai_addr)->sin_port);
> + params.mask |= KADM5_CONFIG_ADMIN_SERVER;
> + params.mask |= KADM5_CONFIG_KADMIND_PORT;
> + break;
> + }
> + }
> + }
> + }
> }
> if (params.mask & KADM5_CONFIG_ADMIN_SERVER) {
> char *p;
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
More information about the Kerberos
mailing list