[930] in Kerberos-V5-bugs
Re: Resolver is not used on SunOS (possibly others?)
daemon@ATHENA.MIT.EDU (Ted Lemon)
Wed Nov 2 18:51:49 1994
To: "Theodore Ts'o" <tytso@MIT.EDU>
Cc: Marc Horowitz <marc@MIT.EDU>, krb5-bugs@MIT.EDU
In-Reply-To: Your message of "Wed, 02 Nov 1994 00:10:26 +0500."
<9411020510.AA07789@dcl.MIT.EDU>
Date: Wed, 02 Nov 1994 15:51:16 -0800
From: Ted Lemon <mellon@ipd.wellsfargo.com>
> The main requirement is that gethostbyname() and gethostbyaddr() must
> return fully qualified domain names. With /etc/hosts, this means that
> the hostname on each line must be the fully qualified domain name. With
> NIS/YP, I think you're stuck, since I don't think NIS/YP supports that.
Right. This is exactly the problem I ran into. You could argue that
it makes sense to just require people to use FQDNs in their /etc/hosts
file, but this violates the principle of least surprise. Somebody
who's not a net.wizard might not notice stuff like this, and might
simply conclude that the software was flakey (in fact, that's exactly
the reaction I got here!).
Marc makes the point that it may be desirable to use Kerberos without
DNS in some cases. I don't really buy this - even if you don't want
to use DNS in general, using it for the Kerberos authentication
doesn't seem like a big hit - you have to go out on the net anyway. I
use DNS over SLIP on my home machine and have never noticed a
performance problem. When you're standalone, Kerberos won't work
anyway - there's no server to authenticate with. If it's a big enough
issue, why not keep an unofficial DNS secondary on the mobile system?
I don't really have an answer for the Solaris problem. This sort of
problem is exactly why we generally don't use Solaris here. Does
anybody know if Solaris has a libresolv.a, and if it exhibits the same
behaviour as the default libc?
As an end user, I haven't seen enough of what's going on to make any
judgements about what The Right Thing is. If the general feeling is
that using linking to libresolv.a if it's there is not a good default
behaviour, I can submit a new patch that uses a --with-libresolv
argument to configure. Just let me know which version you prefer.
_MelloN_
--
Ted Lemon Wells Fargo Bank, Information Protection Division
mellon@ipd.wellsfargo.com +1 415 477 5045
