[2103] in Kerberos-V5-bugs
Re: Canonical host names in a NIS/DNS network
daemon@ATHENA.MIT.EDU (David Slack)
Mon Jul 22 13:28:08 1996
Date: Mon, 22 Jul 1996 11:27:47 -0600
From: David Slack <slack@elendil.cc.utah.edu>
To: tytso@MIT.EDU
Cc: krb5-bugs@MIT.EDU
In-Reply-To: <9607121912.AA21656@dcl.MIT.EDU>
Reply-To: slack@cc.utah.edu
On Fri, 12 July 1996, Theodore Y. Ts'o wrote:
> Date: Thu, 11 Jul 1996 11:24:36 -0600
> From: David Slack <slack@elendil.cc.utah.edu>
>
> The problem arises in deciding what the name of a machines
> ticket should be. If we contact a machine from a host not on nis, the
> canonical name is machine_name.cc.utah.edu. If we contact a machine
> from a host within the nis network, the canonical name is simply
> machine_name. This problem is complicated by the fact that a
> significant number of our Suns running nis exist on multiple networks
> and have multiple interfaces. A machine might be called any number of
> different names depending on who is calling from where.
>
> I consider this a bug in NIS. The "cannonical name" means the name that
> is *canonical*. That is, a name which is unique to a host, and which
> has meaning anywhere in the Internet, which means that it fully
> qualified. gethostbyname() under NIS is broken (i.e. behaves
> differently than the API as defined by Berkeley) in that it doesn't
> return the fully qualfied domain name.
We finally figured out how to fix it by replacing references
to gethostbyname() with res_gethostbyname(), which will ONLY do a DNS
lookup, no hosts, no NIS. It seems to be working well so far. Thank
you for the help on this.
We have another problem: although Kerberos 5 works great, we
would like to service Kerberos 4 requests as well. There is very
little documentation on this. We did do the configure with the
--with-krb4 option, and the kdc responds to Kerberos 4 requests, but
our Kerberos 4 clients always report that we have given an incorrect
password. We know its looking at the database because if we enter a
name not in the database, it says so.
Any suggestions? Thanks again for your help.
-- David Slack <slack@cc.utah.edu>
University of Utah Computer Center - Network Operations
