[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A more robust krb5_get_host_realm?

To: heimdal-discuss@sics.se, Michael B Allen <mba2000@ioplex.com>
Subject: Re: A more robust krb5_get_host_realm?
From: Gabor Gombas <gombasg@sztaki.hu>
Date: Fri, 23 Mar 2007 09:52:52 +0100
In-Reply-To: <20070323015656.749ce7fc.mba2000@ioplex.com>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Mail-Followup-To: heimdal-discuss@sics.se,Michael B Allen <mba2000@ioplex.com>
References: <20070323015656.749ce7fc.mba2000@ioplex.com>
Reply-To: heimdal-discuss@sics.se, Gabor Gombas <gombasg@sztaki.hu>

On Fri, Mar 23, 2007 at 01:56:56AM -0400, Michael B Allen wrote:

> I want krb5_get_host_realm to try harder to find the domain name. In
> particular, some systems (Ubuntu Linux for example) easily end up with
> a hostname that is not an FQDN. In this case, krb5_get_host_realm gives
> up with KRB5_ERR_HOST_REALM_UNKNOWN.

Since the hostname has no relation to networking, it is perfectly normal
if you can not resolve it in any way using DNS.

> Can someone recommend a superior method? Personally I'm partial to just
> getting down to business and doing a PTR lookup. Portable too.

I see two possible methods:

- Enumerate all IP addresses on all network interfaces and look up the
  associated FQDNs. On multi-homed machines different addresses may
  resolve to completely different domains, so you must be able to return
  a list.

  If you want a portable solution, use something like libdnet:
  http://libdnet.sourceforge.net

- Just make it mandatory to specify the domain/realm in krb5.conf in
  case the hostname is not resolvable. I think this is the case now,
  maybe we just need better error messages to inform the user about the
  situation.

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------

Follow-Ups:
- Re: A more robust krb5_get_host_realm?
  - From: Michael B Allen <mba2000@ioplex.com>

References:
- A more robust krb5_get_host_realm?
  - From: Michael B Allen <mba2000@ioplex.com>

Prev by Date: A more robust krb5_get_host_realm?
Next by Date: Re: A more robust krb5_get_host_realm?
Prev by thread: A more robust krb5_get_host_realm?
Next by thread: Re: A more robust krb5_get_host_realm?
Index(es):
- Date
- Thread