[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Segfault lurking in ktutil's krb5_principal_get_realm()?

On Jun 16, 2004, at 6:07 AM, Måns Nilsson KTHNOC wrote:

> --On Wednesday, June 09, 2004 11:58:48 +0200 Harald Barth  
> <haba@pdc.kth.se>
> wrote:
>> Workaround2: Fix your reverse lookup:
>> myhost# cat > /etc/hosts
>> #
>> # Internet host table
>> #
>>       localhost
>> myhost.pdc.kth.se myhost loghost
> In my badly set up mess one floor down from you, one always must do  
> that in
> order for login over telnet et. al. to work; ie. the server on which
> telnetd runs must have its FQDN *first* after the IP address on the
> /etc/hosts line.
> This is consistent for v4 and v6, and I do not know whether it is  
> specific
> to my system or general.

It's in general.  I think it's even in the Kerberos FAQ.  Oracle will  
tell you to do this as part of setting up Kerberos support for their  

The issue is really a naming convention:   
gethostname(gethostbyname(hostname())) has to match on the client,  
server, and the instance value of the service principal used.  If  
you've got a better way to guarantee that, no problem.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu