logo_kerberos.gif

Release Meeting Minutes/2011-06-21

From K5Wiki
< Release Meeting Minutes
Revision as of 14:12, 21 June 2011 by TomYu (talk | contribs) (New page: {{minutes|2011}} Will Fiveash, Thomas Hardjono, Greg Hudson, Carlos Garay, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu [ PAD stuff. Josh Howlett's messages to krb-wg... ] ;Si...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Will Fiveash, Thomas Hardjono, Greg Hudson, Carlos Garay, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu

[ PAD stuff. Josh Howlett's messages to krb-wg... ]

Simo
Problems in glibc related to getaddrinfo(). Tried to log into a host via ssh but kept requesting wrong principal. Tried turning off rdns (in libdefaults) etc. Finally ran gdb to discover that getaddrinfo() does PTR record lookup (when AF_INET and AI_CANONNAME).
Tom
Does it do likewise with AF_INET6?
Simo
unknown
Greg
No idea why we use AF_INET in sn2princ?
Tom
Bug workaround? [ unknown ] getaddrinfo() seems very unportable after 10+ years...
Greg
No real other choice for IPv6. No obvious notes from Ken Raeburn on this situation.
Tom
Drop getaddrinfo() completely?
Greg
We want to have domain name appended in case the user doesn't type the FQDN. Alias resolution.
Tom
Another knob to turn off forward resolution?
Greg
Reading resolv.conf to emulate domain search list seems problematic. Long-term, KDC should set a flag "trust me for aliases".
Simo
Shorter term?
Greg
I'll ask Ken why we use AF_INET in sn2princ.
Simo
OK as first step. Maybe don't set AI_CANONNAME at all?
Greg
Maybe. In any case don't overload rdns, because the getaddrinfo() is intended to do a forward resolution.
Tom
Maybe another knob for forward DNS.

[ Tom will set up some test case DNS records in kerberos.org domain. ]

...