[Bug 571572] Re: krb5 prefers the reverse pointer no matter what for locating service tickets.

Mark Pröhl 571572 at bugs.launchpad.net
Mon Nov 19 11:54:44 UTC 2012 

Hi,

we are seeing the same problems with msktutil
(http://code.google.com/p/msktutil/issues/detail?id=11)

I seems to me that this issue is already fixed in the source packages. I
did a rebuild of  libkrb5-3_1.10+dfsg~beta1-2ubuntu0.3 with these
sources:

  http://archive.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.10+dfsg~beta1-2ubuntu0.3.dsc
  http://archive.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.10+dfsg~beta1.orig.tar.gz
  http://archive.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.10+dfsg~beta1-2ubuntu0.3.debian.tar.gz

With this rebuild package no reverse lookups are done for service
principal canonicalization while the binary version from ubuntu
repositories still seems to have this bug

Can anyone tell me when this will be officially fixed in Ubuntu 12.04.1

Cheers,

Mark Pröhl


** Bug watch added: code.google.com/p/msktutil/issues #11
   http://code.google.com/p/msktutil/issues/detail?id=11

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/571572

Title:
  krb5 prefers the reverse pointer no matter what for locating service
  tickets.

Status in “krb5” package in Ubuntu:
  Confirmed

Bug description:
  I'm trying to upgrade workstations to lucid an fails to access our
  kerberos enabled websites. It reveals that the krb5 implementation in
  lucid now tries to resolve the "reverse dns" and aquire a tikket for
  <service>/<reverse dns> instead of <service>/<what the user typed in
  the first place>.

  The latter behavior is what the MS environment does and is what Ubuntu
  has done (i think) until Lucid. A diff of the sourcecode from hardy
  revealse that we now hint the getaddrinfo with AI_CANONNAME which it
  didnt before.

  Applying below patch enables the old behaviour.

  --- krb5-1.8.1+dfsg/src/lib/krb5/os/sn2princ.c.orig	2010-04-29 09:04:11.401567914 +0200
  +++ krb5-1.8.1+dfsg/src/lib/krb5/os/sn2princ.c	2010-04-29 09:04:21.762191834 +0200
  @@ -112,7 +112,7 @@
   
               memset(&hints, 0, sizeof(hints));
               hints.ai_family = AF_INET;
  -            hints.ai_flags = AI_CANONNAME;
  +//            hints.ai_flags = AI_CANONNAME;
           try_getaddrinfo_again:
               err = getaddrinfo(hostname, 0, &hints, &ai);
               if (err) {

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/571572/+subscriptions

More information about the foundations-bugs mailing list