[16597] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #8935] git commit

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Tue Aug 4 17:59:10 2020

From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: 
Message-ID: <rt-4.4.4-107722-1596578328-813.8935-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8935":;
Date: Tue, 04 Aug 2020 17:58:49 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu


Tue Aug 04 17:58:48 2020: Request 8935 was acted upon.
 Transaction: Ticket created by ghudson@mit.edu
       Queue: krb5
     Subject: git commit
       Owner: ghudson@mit.edu
  Requestors: 
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8935 >



Don't create hostbased principals in new KDBs

Unix-like platforms do not provide a simple method to find the
fully-qualified local hostname as the machine is expected to appear to
other hosts.  Canonicalizing the gethostname() result with
getaddrinfo() usually works, but potentially uses DNS.  Now that
dns_canonicalize_hostname=true is no longer the default, KDB creation
would generally create the wrong host-based principals.

kadmin/hostname is unnecessary because the client software can also
use kadmin/admin, and kiprop/hostname is one of several principals
that must be created for incremental propagation.

https://github.com/krb5/krb5/commit/ac2b693d0ec464e0bcda4953acd79f201169f396
Author: Greg Hudson <ghudson@mit.edu>
Commit: ac2b693d0ec464e0bcda4953acd79f201169f396
Branch: master
 src/kadmin/dbutil/kadm5_create.c                 |   52 ++-------------------
 src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c |   35 +--------------
 src/tests/dejagnu/krb-standalone/kadmin.exp      |    7 ++-
 src/tests/t_iprop.py                             |    1 +
 src/tests/t_kadmin_acl.py                        |    1 +
 5 files changed, 12 insertions(+), 84 deletions(-)

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
home help back first fref pref prev next nref lref last post