The Kerberos Consortium has a paper on integrating Kerberos into an application; see http://www.kerberos.org/software/appskerberos.pdf .
I believe that the lucid behavior is correct according to MIT's documentation: what should be happening is that * with rdns=true (default), both forward and reverse resolution is performed and the reverse name is used * With rdns=false, forward resolution is performed including alias resolution--that is cnames turn into the pointed-to value not the entered value. That behavior seems consistent with the code. If you believe that things aren't working that way, then I can attempt to reproduce. As I understand your patch, it would (on some platforms including all Ubuntu platforms) cause the rdns=false behavior to actually skip resolution and just use the entered name not resolving cnames. It's possible there was a bug in previous releases of MIT Kerberos and this was the behavior. I also understand that the behavior surrounding Kerberos and DNS is kind of complicated and not entirely desirable. The paper I pointed you at includes discussions of problems with the current behavior and eventual goals. It also recommends ways applications can avoid forward/reverse DNS resolution if they wish to do so. -- krb5 prefers the reverse pointer no matter what for locating service tickets. https://bugs.launchpad.net/bugs/571572 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
