Release Meeting Minutes/2011-06-21

Will Fiveash, Thomas Hardjono, Greg Hudson, Carlos Garay, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu

[ PAD stuff. Josh Howlett's messages to krb-wg... ]

Simo

Problems in glibc related to getaddrinfo(). Tried to log into a host via ssh but kept requesting wrong principal. Tried turning off rdns (in libdefaults) etc. Finally ran gdb to discover that getaddrinfo() does PTR record lookup (when AF_INET and AI_CANONNAME).

Tom

Does it do likewise with AF_INET6?

Simo

unknown

Greg

No idea why we use AF_INET in sn2princ?

Tom

Bug workaround? [ unknown ] getaddrinfo() seems very unportable after 10+ years...

Greg

No real other choice for IPv6. No obvious notes from Ken Raeburn on this situation.

Tom

Drop getaddrinfo() completely?

Greg

We want to have domain name appended in case the user doesn't type the FQDN. Alias resolution.

Tom

Another knob to turn off forward resolution?

Greg

Reading resolv.conf to emulate domain search list seems problematic. Long-term, KDC should set a flag "trust me for aliases".

Simo

Shorter term?

Greg

I'll ask Ken why we use AF_INET in sn2princ.

Simo

OK as first step. Maybe don't set AI_CANONNAME at all?

Greg

Maybe. In any case don't overload rdns, because the getaddrinfo() is intended to do a forward resolution.

Tom

Maybe another knob for forward DNS.

[ Tom will set up some test case DNS records in kerberos.org domain. ]

...