[2429] in Kerberos-V5-bugs
Re: krb5-libs/170: What I'm doing
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sun Nov 10 16:35:09 1996
To: Sam Hartman <hartmans@MIT.EDU>
Cc: krb5-bugs@MIT.EDU, krb5-bugs-redist@MIT.EDU, fastcart@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 10 Nov 1996 16:34:34 -0500
In-Reply-To: Sam Hartman's message of Sun, 10 Nov 1996 02:28:56 -0500
There is one minor problem with my proposal to adopt Ted's
solution: it doesn't actually work for telnet, which was the primary
program I was trying to fix.
Basically, the problem is that telnet will try to connect to
all the IP addresses for a machine once it receives a response to the
gethostbyname request. Unfortunately, if I cannonicalize a hostname
before connecting, I will only try connecting to one of the IP
addresses.
Because any real solution to the problem will require some
actual thought and discussion, it would be inappropriate to work on at
this point in the release process. Instead, I will solve the problem
for the special case of telnet. I will do this by doing a
gethostbyaddr after connecting to the remote system. If I am
successful, then I will save the hostname from this call to be used
for Kerberos authentication. Otherwise, I will use the hostname that
I received from the earlier gethostbyname call. In all the situations
jhawk and I thought of, this worked at least as well as the current
scheme. Also, I beleive it is similar to a patch adopted by SIPB for
SIPB Athena.
--Samn
