Bug 622802 - krb5 does not resolve
Summary: krb5 does not resolve
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: cifs-utils
Version: 13
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jeff Layton
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-10 13:04 UTC by Marcus Moeller
Modified: 2014-06-18 07:40 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-08-10 13:31:58 UTC
Type: ---


Attachments (Terms of Use)
debug log as requested (48.25 KB, text/plain)
2010-08-10 13:32 UTC, Marcus Moeller
no flags Details

Description Marcus Moeller 2010-08-10 13:04:47 UTC
Description of problem:
If a dfs root is given in form of:

//mydomain/dfs/...

a dns lookup should be done, followed by spn ticket retrieval on the fastest of the determined addresses.

Atm it simply does not work as cifs/mydomain@... is not a valid spn.

Comment 1 Jeff Layton 2010-08-10 13:31:58 UTC
(In reply to comment #0)
> Description of problem:
> If a dfs root is given in form of:
> 
> //mydomain/dfs/...
> 
> a dns lookup should be done, followed by spn ticket retrieval on the fastest of
> the determined addresses.

Actually no, that shouldn't be done, at least not by default. What should happen is that the DFS referral should contain a valid hostname that can be used as a SPN.

If you want to trust DNS in the way you suggest, you can use the '-t' flag with cifs.upcall. See the cifs.upcall manpage for more info.

I'm going to go ahead and close this as NOTABUG. Please reopen if I've misunderstood the problem or you have further questions.

Comment 2 Marcus Moeller 2010-08-10 13:32:11 UTC
Created attachment 437876 [details]
debug log as requested

Comment 3 Marcus Moeller 2010-08-10 13:33:24 UTC
192.168..50.100 is a sanitizing bug and should say 192.168.50.100


Note You need to log in before you can comment on or make changes to this bug.