git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Thu, 30 Jul 2020 16:14:27 +0000 (12:14 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Tue, 4 Aug 2020 19:39:37 +0000 (15:39 -0400)
commit	ac2b693d0ec464e0bcda4953acd79f201169f396
tree	2a9364167670b2365edcbd35c711a3b11ab50fd3	tree
parent	1d282badfbd6098e3db9d50d22d565c2ec3c8c47	commit \| diff

Don't create hostbased principals in new KDBs

Unix-like platforms do not provide a simple method to find the
fully-qualified local hostname as the machine is expected to appear to
other hosts. Canonicalizing the gethostname() result with
getaddrinfo() usually works, but potentially uses DNS. Now that
dns_canonicalize_hostname=true is no longer the default, KDB creation
would generally create the wrong host-based principals.

kadmin/hostname is unnecessary because the client software can also
use kadmin/admin, and kiprop/hostname is one of several principals
that must be created for incremental propagation.

ticket: 8935 (new)

src/kadmin/dbutil/kadm5_create.c		diff \| blob \| blame \| history
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c		diff \| blob \| blame \| history
src/tests/dejagnu/krb-standalone/kadmin.exp		diff \| blob \| blame \| history
src/tests/t_iprop.py		diff \| blob \| blame \| history
src/tests/t_kadmin_acl.py		diff \| blob \| blame \| history