Problems with SSH-GSSAPI ticket authentication and NAT
Greg Hudson
ghudson at MIT.EDU
Thu Jan 3 09:36:55 EST 2013
On 01/03/2013 03:45 AM, nomike wrote:
> Is this bug fixed in recent glibc versions or is there a workaround in
> krb5? And do you have a bug# for that?
I don't have any reason to believe the bug is fixed in recent glibc
versions. I found:
https://bugzilla.redhat.com/show_bug.cgi?id=714823
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1057526
The specific bug is that getaddrinfo with AI_CANONNAME performs a PTR
lookup if hints has ai_family set or has the AI_ADDRCONFIG flag. In
krb5 1.10.2+, we work around the problem by not using ai_family or
AI_ADDRCONFIG. See also:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7124&user=guest&pass=guest
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6922&user=guest&pass=guest
(The earlier bug, #6922, was an attempt to work around the problem for
1.10 but was inadequately tested.)
More information about the Kerberos
mailing list