Bug 60090
| Summary: | krb5 doesn't perform SRV server lookups | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Need Real Name <gordont> |
| Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.1 | CC: | jjneely |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 1.3.1-7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-01-08 23:11:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Nalin, Just got SRV records at NCSU and this bug is still present in Fedora Core 1. I have verified that the fix above does infact work and is the proper bug. Would like to go this way rather than be forced to "randomize" my krb5.conf. *sigh* Jack, a fix for configure which gets --netlib and --enable-dns to play together nicely should be in the current fc2 package (see mail to krb5-bugs in November, the specific change is krb5-1.3.1-dns.patch). The current plan is to add it to any future errata or updates for krb5 for older releases. I guess I should mark this as resolved in rawhide, then. |
Description of problem: When I tried doing a kinit on a principal in a realm (which has the proper SRV records set up) that was not configured in my /etc/krb5.conf (dns_lookup_realm = false, dns_lookup_kdc = true), it failed to find the KDC. Version-Release number of selected component (if applicable): 1.2.2-12 How reproducible: Always Steps to Reproduce: 1. kinit foo.KRB5.CONF Actual Results: $ kinit foo.KRB5.CONF kinit(v5): Cannot find KDC for requested realm while getting initial credentials $ Expected Results: $ kinit foo.KRB5.CONF Password for foo.KRB5.CONF: $ Additional info: The cuplrit is a strange interaction when specifying the --netlib=-lresolv to the configure process. It seems to leave undefined KRB5_DNS_LOOKUP, KRB5_DNS_LOOKUP_KDC, and KRB5_DNS_LOOKUP_REALM. In fact, the libkrb5.so.3.0 doesn't have any symbols for doing the DNS lookups (_krb5_use_dns_kdc, _krb5_use_dns_real, krb5_locate_srv_dns). The following patch seems to work for me: --- krb5.spec.orig Tue Feb 19 13:19:06 2002 +++ krb5.spec Tue Feb 19 13:19:17 2002 @@ -468,7 +468,6 @@ --localstatedir=%{_var}/kerberos \ --with-krb4 \ --enable-dns --enable-dns-for-kdc --enable-dns-for-realm \ - --with-netlib=-lresolv \ --with-tcl=%{_prefix} \ %{_target_platform} make LDCOMBINE='%{__cc} -shared -Wl,-soname=lib$(LIB)$(SHLIBSEXT) $(CFLAGS)' The --netlib isn't strictly needed as it will automatically look for the resolver functions in -lresolv if they are not found in libc.