[Pkg-openldap-devel] Bug#696207: Bug#696207: ldapsearch sets Kerberos principle incorrectly over IPv6

Brian May brian at microcomaustralia.com.au
Tue Dec 18 04:30:22 UTC 2012


On 18 December 2012 15:23, Russ Allbery <rra at debian.org> wrote:

> If you add:
>
>     rdns = false
>
> to the [libdefaults] section of your /etc/krb5.conf, does it then work
> with MIT?  (I'm not sure what the corresponding Heimdal setting; a quick
> man page check didn't reveal it.)
>

No change.


> I think this is your GSS-API library being excessively helpful and
> canonicalizing the host identity with DNS for you, and then getting
> confused by whatever nsswitch is returning.  This isn't really under the
> control of the application; the GSS-API library will do this under the
> hood.
>

Like I said, same result both from Heimdal and MIT. Is it possible
both independent implementations made exactly the same mistake?
-- 
Brian May <brian at microcomaustralia.com.au>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20121218/6134c4b5/attachment.html>


More information about the Pkg-openldap-devel mailing list