Bug 622802 - krb5 does not resolve
krb5 does not resolve
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: cifs-utils (Show other bugs)
13
All Linux
low Severity medium
: ---
: ---
Assigned To: Jeff Layton
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-10 09:04 EDT by Marcus Moeller
Modified: 2014-06-18 03:40 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-10 09:31:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
debug log as requested (48.25 KB, text/plain)
2010-08-10 09:32 EDT, Marcus Moeller
no flags Details

  None (edit)
Description Marcus Moeller 2010-08-10 09:04:47 EDT
Description of problem:
If a dfs root is given in form of:

//mydomain/dfs/...

a dns lookup should be done, followed by spn ticket retrieval on the fastest of the determined addresses.

Atm it simply does not work as cifs/mydomain@... is not a valid spn.
Comment 1 Jeff Layton 2010-08-10 09:31:58 EDT
(In reply to comment #0)
> Description of problem:
> If a dfs root is given in form of:
> 
> //mydomain/dfs/...
> 
> a dns lookup should be done, followed by spn ticket retrieval on the fastest of
> the determined addresses.

Actually no, that shouldn't be done, at least not by default. What should happen is that the DFS referral should contain a valid hostname that can be used as a SPN.

If you want to trust DNS in the way you suggest, you can use the '-t' flag with cifs.upcall. See the cifs.upcall manpage for more info.

I'm going to go ahead and close this as NOTABUG. Please reopen if I've misunderstood the problem or you have further questions.
Comment 2 Marcus Moeller 2010-08-10 09:32:11 EDT
Created attachment 437876 [details]
debug log as requested
Comment 3 Marcus Moeller 2010-08-10 09:33:24 EDT
192.168..50.100 is a sanitizing bug and should say 192.168.50.100

Note You need to log in before you can comment on or make changes to this bug.