host name resolution, again (krb5-1.3-alpha1 is available)
Nathan Neulinger
nneul at umr.edu
Fri Mar 14 21:05:10 EST 2003
A similar issue exists with other gssapi code. Makes it pretty difficult
to do any kerberos functionality with dns-rotated hostnames.
I've been able to hack around it for telnet (all keys installed on all
the machines sharing the same name), but haven't figured out a way to
make it work with ssh yet, and haven't even bothered with ftp.
-- Nathan
On Fri, 2003-03-14 at 19:55, Donn Cave wrote:
> We have a long standing problem here with the GSSAPI ftp application,
> when it resolves the remote host name once each for the connection
> and the credentials request respectively. This means that it's liable
> to get different answers if DNS doesn't return the same IP first twice
> in a row, and then it gets a key for the wrong host.
>
> I was getting ready to look at 1.3 and perhaps re-submit this bug,
> but now I find that 1.3's telnet fails the same way, apparently on
> purpose as the gethostbyaddr() was just removed from commands.c.
> So maybe it doesn't make sense to just keep reporting it as a bug,
> if there's some rationale at work here that makes this a feature.
> Is there?
>
> It isn't exactly a question of whether to do a reverse lookup -
> krb5_sname_to_principal is going to do one anyway.
>
> Thanks,
> Donn Cave, University Computing Services, University of Washington
> donn at u.washington.edu
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
--
------------------------------------------------------------
Nathan Neulinger EMail: nneul at umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
More information about the krbdev
mailing list