[Bug 571572] Re: krb5 prefers the reverse pointer no matter what for locating service tickets.
William
571572 at bugs.launchpad.net
Wed Feb 27 09:42:06 UTC 2013
Precise
option rdns not set
requesting sharepointsite.testdomain with firefox with the following option set in about:config
network.negotiate-auth.trusted-uris "https://, http://"
klist
==========================================================================================================
Default principal: testuser at EXAMPLE.COM
Valid starting Expires Service principal
27/02/2013 09:09 27/02/2013 19:09 krbtgt/EXAMPLE.COM at EXAMPLE.COM
renew until 28/02/2013 09:09
27/02/2013 09:10 27/02/2013 19:09 HTTP/searchsite.testdomain@
renew until 28/02/2013 09:09
27/02/2013 09:10 27/02/2013 19:09 HTTP/searchsite.testdomain at EXAMPLE.COM
renew until 28/02/2013 09:09
==========================================================================================================
option rdns=false
klist
==========================================================================================================
Default principal: testuser at EXAMPLE.COM
Valid starting Expires Service principal
27/02/2013 09:18 27/02/2013 19:18 krbtgt/EXAMPLE.COM at EXAMPLE.COM
renew until 28/02/2013 09:18
27/02/2013 09:19 27/02/2013 19:18 HTTP/searchsite.testdomain@
renew until 28/02/2013 09:18
27/02/2013 09:19 27/02/2013 19:18 HTTP/searchsite.testdomain at EXAMPLE.COM
renew until 28/02/2013 09:18
==========================================================================================================
no sso
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Rebuilding kerberos for precise
apt-get build-dep libkrb5-3
apt-get source libkrb5-3
edit src/lib/krb5/os/sn2princ.c
//hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
hints.ai_flags = AI_CANONNAME;
rebuild:
fakeroot debian/rules binary
dpkg -i ../libkrb5-3.........deb
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
retest precise
option rdns not set
requesting sharepointsite.testdomain with firefox with the following option set in about:config
network.negotiate-auth.trusted-uris "https://, http://"
klist
==========================================================================================================
Default principal: testuser at EXAMPLE.COM
Valid starting Expires Service principal
27/02/2013 09:30 27/02/2013 19:30 krbtgt/EXAMPLE.COM at EXAMPLE.COM
renew until 28/02/2013 09:30
27/02/2013 09:30 27/02/2013 19:30 HTTP/searchsite.testdomain@
renew until 28/02/2013 09:30
27/02/2013 09:30 27/02/2013 19:30 HTTP/searchsite.testdomain at EXAMPLE.COM
renew until 28/02/2013 09:30
==========================================================================================================
option rdns=false
klist
==========================================================================================================
Default principal: testuser at EXAMPLE.COM
Valid starting Expires Service principal
27/02/2013 09:34 27/02/2013 19:35 krbtgt/EXAMPLE.COM at EXAMPLE.COM
renew until 28/02/2013 09:34
27/02/2013 09:35 27/02/2013 19:35 HTTP/sharepointsite.testdomain@
renew until 28/02/2013 09:34
27/02/2013 09:35 27/02/2013 19:35 HTTP/sharepointsite.testdomain at EXAMPLE.COM
renew until 28/02/2013 09:34
==========================================================================================================
sso works
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/571572
Title:
krb5 prefers the reverse pointer no matter what for locating service
tickets.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/571572/+subscriptions
More information about the Ubuntu-server-bugs
mailing list