On Thu, 2005-09-22 at 10:38 +0200, Johan Danielsson wrote: > Andrew Bartlett <abartlet@samba.org> writes: > > > Comments? > > It's a bit of a hack, and in the unlikely event that someone set up a > realm for, say, COM, it would require local configuration. > > Other than that I don't see any problems. :-) > > Wouldn't this be a problem only if you have a non-dns based realm AND > you also don't have any local configuration for it (or if the KDC is > down)? It's more about misconfiguration, and our users (or indeed my code) blurring the distinction between a netbios domain and a realm. Attached is another patch to avoid doing a DNS lookup on _kerberos.host where 'host' is unqualified. This was going to the root DNS servers. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
Index: heimdal/lib/krb5/get_host_realm.c
===================================================================
--- heimdal/lib/krb5/get_host_realm.c (revision 10977)
+++ heimdal/lib/krb5/get_host_realm.c (working copy)
@@ -233,6 +233,7 @@
krb5_realm **realms)
{
char hostname[MAXHOSTNAMELEN];
+ krb5_boolean use_dns;
if (host == NULL) {
if (gethostname (hostname, sizeof(hostname)))
@@ -240,5 +241,11 @@
host = hostname;
}
- return _krb5_get_host_realm_int (context, host, 1, realms);
+ if (strchr(host, '.') == NULL) {
+ use_dns = FALSE;
+ } else {
+ use_dns = TRUE;
+ }
+
+ return _krb5_get_host_realm_int (context, host, use_dns, realms);
}
This is a digitally signed message part