Patch to ignore service principals when accepting connexions.
Simo Sorce
ssorce at redhat.com
Thu Aug 26 08:26:20 EDT 2010
On Wed, 25 Aug 2010 21:33:07 -0400
Sam Hartman <hartmans at painless-security.com> wrote:
> I definitely agree that the forward/reverse resolution creates issues
> for acquire_cred. There's a kind of annoying Debian bug open on this
> where the name you end up with depends on whether you have A records
> or just AAAA records. Also, as you point out it is a source of
> failure.
>
> So, I would like to express support for a configuration knob to ignore
> the hostname and to look into what we can do about acceptor-side use
> of DNS.
In Heimdal there is a function called gsskrb5_set_dns_canonicalized()
that allows you to tell your library to not do any dns lookup.
It would be a nice to have.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list