[krbdev.mit.edu #6513] krb-1.7 kadmind not logging IP address of requests
Ed Ravin via RT
rt-comment at krbdev.mit.edu
Tue Jun 16 18:08:45 EDT 2009
Using NetBSD 5.0 on Intel. Upgraded from krb5-1.6.3 with patches to
krb5-1.7. kadmind logging now looks like this:
Jun 16 16:35:36 juggler.panix.com kadmind[14915](Notice): chpw request from <unprintable> for elr at PANIX.COM: success
Looked a little deeper - it's this code in src/kadmin/server/schpw.c
that is kicking in:
if (getnameinfo(ss2sa(&ss), salen,
addrbuf, sizeof(addrbuf), NULL, 0,
NI_NUMERICHOST | NI_NUMERICSERV) != 0)
strlcpy(addrbuf, "<unprintable>", sizeof(addrbuf));
And the return code from getnameinfo was 4 (name resolution failure).
I'm confused by this code, which appears in several spots in krb5 - it
seems to disable logging of source IP addresses of requests if there's
a local resolution error? Why not just show the IP address and leave it
at that?
My build process gave these flags to ./configure (same as what we used for
previous versions):
configflags="\
--prefix=/pkg/$PRODUCT \
--mandir=/pkg/$PRODUCT/man \
CFLAGS='-fstack-protector -D_FORTIFY_SOURCE=2' \
--sysconfdir=/etc/kerberosV \
--localstatedir=/var \
--libdir=/pkg/$PRODUCT/kerblib \
--enable-shared \
"
krb5-config info:
-I/pkg/krb5-1.7/include
-L/pkg/krb5-1.7/kerblib -R/pkg/krb5-1.7/kerblib -lkrb5 -lk5crypto -lcom_err -lresolv
Thanks,
-- Ed
More information about the krb5-bugs
mailing list