[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Should we avoid DNS for short names?

On Fri, 2005-10-14 at 12:40 +0200, Love Hörnquist Åstrand wrote:
> >> Other than that I don't see any problems. :-)
> >> 
> >> Wouldn't this be a problem only if you have a non-dns based realm AND
> >> you also don't have any local configuration for it (or if the KDC is
> >> down)?
> >
> > It's more about misconfiguration, and our users (or indeed my code)
> > blurring the distinction between a netbios domain and a realm.
> >
> > Attached is another patch to avoid doing a DNS lookup on _kerberos.host
> > where 'host' is unqualified.  This was going to the root DNS servers.
> What codepaths are causing this to happen for you ?

Samba4 where we have already turned off DNS canonicalisation (and in the
real world if it has failed), with smbclient //piglett/test -Uuser%pass

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part