https://bugzilla.novell.com/show_bug.cgi?id=763183 https://bugzilla.novell.com/show_bug.cgi?id=763183#c0 Summary: Kerberos: Reverse DNS happens despite rdns=false Classification: openSUSE Product: openSUSE 12.2 Version: Milestone 3 Platform: i686 OS/Version: openSUSE 12.2 Status: NEW Severity: Enhancement Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jimc@math.ucla.edu QAContact: qa-bugs@suse.de Found By: Customer Blocker: --- The Kerberos service principal is built in libkrb5 :: sn2princ() as the result of one or two calls to getaddrinfo / getnameinfo through this sequence: If the caller provided a NULL hostname use gethostname(). If not a FQDN do a domain search. If a CNAME turns up, replace by its value, the so-called canonical name, and get the "A" or AAAA record for it. If bug-afflicted conditions are met, find a PTR record for the IP address and use that as the canonical name. This name goes into the service principal. In /etc/krb5.conf [libdefaults], rdns=true is the default. The rdns=false setting should suppress the PTR lookup, but it doesn't due to a bug. See tickets 7132 and 7124 in the MIT Kerberos bug tracker at http://krbdev.mit.edu/rt/ (guest login OK, use the "go to ticket" box). My specific use-case, broken by this bug, is discussed in ticket 7132. The developers' workaround for the bug is going to be available in krb5-1.10.2. This feature request is to make sure the workaround gets into OpenSuSE 12.2. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.