Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line

Petter Reinholdtsen Thu, 04 Jul 2013 02:00:57 -0700

[Guido Günther] wrote:
> I'm not sure I'm following here. If you don't have a domain name fro
> from which domains SRV records would you expect the client to
> retrieve it's realm?


In other scripts, I use a simple DNS lookup to find the server,
similar to this:

  pere@tjener:~$ host -t srv _kerberos._udp
  _kerberos._udp.intern has SRV record 100 0 88 tjener.intern.
  pere@tjener:~$ 

> Can you show how MIT resolves the REALM and then the KDC in your
> case?

Here is a tcpdump of port 53 (DNS) on the DNS server during a kinit
run:

10:48:13.740049 IP 10.0.16.22.60465 > tjener.intern.domain: 29355+ TXT? 
_kerberos.ltsp4118. (36)                                                        
                          
10:48:13.740459 IP tjener.intern.domain > 10.0.16.22.60465: 29355 NXDomain 
0/1/0 (111)   
10:48:13.741181 IP 10.0.16.22.57667 > tjener.intern.domain: 13656+ TXT? 
_kerberos.intern. (34)                                                          
                          
10:48:13.741397 IP tjener.intern.domain > 10.0.16.22.57667: 13656* 1/1/1 TXT 
"INTERN" (90)                                                                   
                     
10:48:13.750393 IP 10.0.16.22.34855 > tjener.intern.domain: 1954+ SRV? 
_kerberos._udp.INTERN. (39)                                                     
                           
10:48:13.750882 IP tjener.intern.domain > 10.0.16.22.34855: 1954* 1/1/1 SRV 
tjener.intern.:88 100 0 (102)                                                   
                      
10:48:13.751803 IP 10.0.16.22.59974 > tjener.intern.domain: 41193+ SRV? 
_kerberos._tcp.INTERN. (39)                                                     
                          
10:48:13.752068 IP tjener.intern.domain > 10.0.16.22.59974: 41193 NXDomain* 
0/1/0 (87)   
10:48:13.757228 IP 10.0.16.22.50499 > tjener.intern.domain: 62806+ SRV? 
_kerberos-master._udp.INTERN. (46)                                              
                          
10:48:13.757436 IP tjener.intern.domain > 10.0.16.22.50499: 62806* 1/1/1 SRV 
tjener.intern.:88 100 0 (109)                                                   
                     
10:48:20.076806 IP 10.0.16.22.51156 > tjener.intern.domain: 46661+ SRV? 
_kerberos-master._udp.INTERN. (46)                                              
                          
10:48:20.077327 IP tjener.intern.domain > 10.0.16.22.51156: 46661* 1/1/1 SRV 
tjener.intern.:88 100 0 (109)                                                   
                     
10:48:20.078249 IP 10.0.16.22.59517 > tjener.intern.domain: 27354+ SRV? 
_kerberos-master._tcp.INTERN. (46)
10:48:20.078512 IP tjener.intern.domain > 10.0.16.22.59517: 27354 NXDomain* 
0/1/0 (94)

As you can see, it first look up the realm using a TXT lookup, and
then find the servers using SRV lookups.  Does it help to explain what
is going on?

-- 
Happy hacking
Petter Reinholdtsen


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line

Reply via email to