907297 – Do not guess host part of kerberos principal

Bug 907297 - Do not guess host part of kerberos principal

Summary: Do not guess host part of kerberos principal

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Beaker
Classification:	Retired
Component:	scheduler
Sub Component:
Version:	0.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	0.11
Assignee:	beaker-dev-list
QA Contact:
Docs Contact:
URL:
Whiteboard:	Misc
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-02-04 04:20 UTC by Raymond Mancy
Modified:	2018-02-06 00:41 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-13 03:37:32 UTC
Embargoed:

Attachments	(Terms of Use)

Description Raymond Mancy 2013-02-04 04:20:58 UTC

Currently bkr.common.krb_auth.get_encoded_request() will use the
socket.gethostname() value (if none is given) for the host part of a service principal when making a request.

Rightly or wrongly, this means that when the client uses one principal for the request and the server uses another principal (e.g. client uses an A record for the host and server uses a CNAME) we get the 'Wrong principal in request' error.

Comment 1 Raymond Mancy 2013-02-05 03:03:42 UTC

http://gerrit.beaker-project.org/#/c/1691/

Comment 2 Min Shin 2013-02-13 03:41:50 UTC

Beaker 0.11.3 hot fix has been released.

Note You need to log in before you can comment on or make changes to this bug.