[924] in Kerberos-V5-bugs
Re: Resolver is not used on SunOS (possibly others?)
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Tue Nov 1 22:57:04 1994
To: Ted Lemon <mellon@ipd.wellsfargo.com>
Cc: krb5-bugs@MIT.EDU
Date: Tue, 01 Nov 1994 22:56:49 EST
From: Marc Horowitz <marc@MIT.EDU>
>> I'm running SunOS 4.1.3 on several systems here, and have found that
>> if some systems are patched to support DNS hostname resolution and
>> some aren't, kerberos authentication between differently configured
>> systems fails.
I think this is probably due to misconfiguration of one set of systems
or the other, not just different configuration. I'd look into this
before suggesting changing the krb5 master sources. I have users who
daily run krb5 clients on machines with no dns to servers which do
have dns in libc.
>> I've fixed this locally by linking all the kerberos binaries with
>> /usr/lib/libresolv.a.
I dislike this patch. In some environments I've seen, some machines
have dns in the libc and some don't, but executeables are shared
between the two, in order that the host's preferred name resolution
mechanism be used.
For example, I have a sparcbook laptop. I have a libc with dns for
when I'm on a reasonable network, and a libc without for when I'm
standalone or connected via a slip line (where dns is slow and
sometimes finicky). I have one set of kerberos executables which work
either way, since they just use whatever shared libc is present.
>> I think that in general libresolv.a isn't present on systems that
>> support DNS in libc, though, and that if it is, linking to it won't be
>> destructive.
Are you really, really, sure? What about solaris, which has a
run-time config file which determines when to use dns and when not to?
I don't know what will happen if you link in libresolv.so explicitly.
Marc
