[Bug 571572] Re: krb5 prefers the reverse pointer no matter what for locating service tickets.
Sam Hartman
hartmans at debian.org
Thu Apr 29 20:23:01 BST 2010
>>>>> "Jesper" == Jesper Krogh <jesper at krogh.cc> writes:
Jesper> Hi Russ. I cannot say anything about what other are
Jesper> Would a patch that makes the behaviour configurable be
Jesper> acceptable?
I think that this patch should be accepted only if upstream is
interested in the patch. Given that upstream accepted rdns (something I
thought was kind of dubious at the time), a patch to completely disable
dns processing seems reasonable.
Apple's Kerberos maintainer argues that this behavior really needs to be
configured on a per-realm basis. Unfortunately, because of the way
krb5_sname_to_principal interacts with referrals makes this kind of
tricky. If I were upstream I'd require the design of the patch to be
forward-compatible to an eventual model where it was
configured/auto-detected on a per-realm basis and the behavior of any
configuration knobs you add to be documented well enough so that people
would understand how they will behave in the future, but beyond that
would accept the patch.
So, if upstream agrees with me here, you'd have to do somewhat more
design work up front, but the actual patch would be simple.
I'm certainly happy to accept such a patch into Debian as soon as
upstream accepts it and to encourage Ubuntu to accept it.
I don't have the time facilitate the discussion between you and
upstream; I wish I did. my recommendation for interacting with upstream
is to bring up the issue on krbdev at mit.edu and to include the URI of
this bug report.
Kerberos DNS behavior is complicated enough that having Ubuntu or Debian
diverge from upstream seems undesirable, so I think involving upstream
in the discussion is important.
--Sam
--
krb5 prefers the reverse pointer no matter what for locating service tickets.
https://bugs.launchpad.net/bugs/571572
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list