logo_kerberos.gif

Difference between revisions of "Release Meeting Minutes/2011-06-21"

From K5Wiki
Jump to: navigation, search
(New page: {{minutes|2011}} Will Fiveash, Thomas Hardjono, Greg Hudson, Carlos Garay, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu [ PAD stuff. Josh Howlett's messages to krb-wg... ] ;Si...)
 
 
Line 3: Line 3:
   
 
[ PAD stuff. Josh Howlett's messages to krb-wg... ]
  
[ PAD stuff. Josh Howlett's messages to krb-wg... ]
  +
  +
== DNS pain ==
   
 
;Simo: Problems in glibc related to <code>getaddrinfo()</code>. Tried to log into a host via ssh but kept requesting wrong principal. Tried turning off <code>rdns</code> (in libdefaults) etc. Finally ran gdb to discover that <code>getaddrinfo()</code> does PTR record lookup (when <code>AF_INET</code> and <code>AI_CANONNAME</code>).
  
;Simo: Problems in glibc related to <code>getaddrinfo()</code>. Tried to log into a host via ssh but kept requesting wrong principal. Tried turning off <code>rdns</code> (in libdefaults) etc. Finally ran gdb to discover that <code>getaddrinfo()</code> does PTR record lookup (when <code>AF_INET</code> and <code>AI_CANONNAME</code>).
Line 30: Line 32:
 
;Simo: OK as first step. Maybe don't set <code>AI_CANONNAME</code> at all?
  
;Simo: OK as first step. Maybe don't set <code>AI_CANONNAME</code> at all?
   
;Greg: Maybe. In any case don't overload <code>rdns</code>, because the <code>getaddrinfo()</code> is intended to do a forward resolution.
 +
;Greg: Maybe. In any case don't overload <code>rdns</code>, because the call to <code>getaddrinfo()</code> is intended to do a forward resolution.
   
 
;Tom: Maybe another knob for forward DNS.
  
;Tom: Maybe another knob for forward DNS.
Line 36: Line 38:
 
[ Tom will set up some test case DNS records in kerberos.org domain. ]
  
[ Tom will set up some test case DNS records in kerberos.org domain. ]
   
...
  
  +
;Tom: Also some issues with <code>gethostname()</code>, e.g. whether it appends the domain name.
  +
  +
;Greg: Most Linux distributions give just the short name.
  +
  +
;Simo: Depends on configuration.
  +
  +
;Greg: See [[Projects/Acceptor_Names]].
  +
  +
== libverto ==
  +
  +
;Nathaniel: libverto. Code mostly up. https://fedorahosted.org/libverto/
  +
  +
;Tom: Too bad about idle support. [ libdispatch, etc. does some nice things with that sort of task queue thing ]
  +
  +
;Nathaniel: Back end for libevent ~120 lines. Are blocks (C language extension) needed in libdispatch?
  +
  +
;Tom: Only needed for interface convenience. Without blocks, you don't get the entire API (you miss the blocks-dependent interfaces), but you still get the complete functionality.
  +
  +
;Nathaniel: verto.c:verto_free() ...handles some signal races during unload.
  +
  +
;Nathaniel: Where to test? (Doing Linux already.)
  +
  +
;Greg: Solaris.
  +
  +
;Nathaniel: Nothing too GNU-specific: <code>dladdr()</code> and <code>asprintf()</code>.
  +
  +
== Misc. ==
  +
  +
;Will: Glenn was working on code... what's the rule on testing for null before calling <code>free()</code>?
  +
  +
;Greg: We recently made a massive move toward not testing. [ Was needed a long time ago for platforms that had a conforming C compiler but libc was nonconforming in a way that made <code>free(NULL)</code> unsafe. ]
  +
  +
;Tom: Planning patch releases for early/mid-July.

Latest revision as of 14:48, 21 June 2011


Will Fiveash, Thomas Hardjono, Greg Hudson, Carlos Garay, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu

[ PAD stuff. Josh Howlett's messages to krb-wg... ]

DNS pain

Simo
Problems in glibc related to getaddrinfo(). Tried to log into a host via ssh but kept requesting wrong principal. Tried turning off rdns (in libdefaults) etc. Finally ran gdb to discover that getaddrinfo() does PTR record lookup (when AF_INET and AI_CANONNAME).
Tom
Does it do likewise with AF_INET6?
Simo
unknown
Greg
No idea why we use AF_INET in sn2princ?
Tom
Bug workaround? [ unknown ] getaddrinfo() seems very unportable after 10+ years...
Greg
No real other choice for IPv6. No obvious notes from Ken Raeburn on this situation.
Tom
Drop getaddrinfo() completely?
Greg
We want to have domain name appended in case the user doesn't type the FQDN. Alias resolution.
Tom
Another knob to turn off forward resolution?
Greg
Reading resolv.conf to emulate domain search list seems problematic. Long-term, KDC should set a flag "trust me for aliases".
Simo
Shorter term?
Greg
I'll ask Ken why we use AF_INET in sn2princ.
Simo
OK as first step. Maybe don't set AI_CANONNAME at all?
Greg
Maybe. In any case don't overload rdns, because the call to getaddrinfo() is intended to do a forward resolution.
Tom
Maybe another knob for forward DNS.

[ Tom will set up some test case DNS records in kerberos.org domain. ]

Tom
Also some issues with gethostname(), e.g. whether it appends the domain name.
Greg
Most Linux distributions give just the short name.
Simo
Depends on configuration.
Greg
See Projects/Acceptor_Names.

libverto

Nathaniel
libverto. Code mostly up. https://fedorahosted.org/libverto/
Tom
Too bad about idle support. [ libdispatch, etc. does some nice things with that sort of task queue thing ]
Nathaniel
Back end for libevent ~120 lines. Are blocks (C language extension) needed in libdispatch?
Tom
Only needed for interface convenience. Without blocks, you don't get the entire API (you miss the blocks-dependent interfaces), but you still get the complete functionality.
Nathaniel
verto.c:verto_free() ...handles some signal races during unload.
Nathaniel
Where to test? (Doing Linux already.)
Greg
Solaris.
Nathaniel
Nothing too GNU-specific: dladdr() and asprintf().

Misc.

Will
Glenn was working on code... what's the rule on testing for null before calling free()?
Greg
We recently made a massive move toward not testing. [ Was needed a long time ago for platforms that had a conforming C compiler but libc was nonconforming in a way that made free(NULL) unsafe. ]
Tom
Planning patch releases for early/mid-July.
Retrieved from "https://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2011-06-21&oldid=3875"