Thanks Greg. Getting it addressed in a future version would be great. Unfortunately, I don't think I'll be able to patch and rebuild.
Maarten Broekman > -----Original Message----- > From: Greg Hudson [mailto:[email protected]] > Sent: Monday, November 16, 2009 4:35 PM > To: Broekman, Maarten > Cc: [email protected] > Subject: Re: GSSAPI / Kerberos ticket authentication issues > > On Mon, 2009-11-16 at 09:01 -0500, Broekman, Maarten wrote: > > $ ftp -n -i hostname --> Works properly > > $ ftp -n -i hostname-alt --> Doesn't work. > > I believe this is a consequence of how ftpd uses GSSAPI. It's using > gss_acquire_cred to get credentials for f...@localhostname and > h...@localhostname, instead of just passing the default to > gss_accept_sec_context, which would make it work for any key in the > keytab. > > I don't see any good opportunities for workarounds without patching and > recompiling gssftpd. The local hostname is determined by calling > gethostbyname() on the result of gethostname(), so you can typically > influence which hostname is picked by fiddling with /etc/hosts, but you > can't make it try multiple hostnames. > > I'll bring this up on the dev list and see about getting it fixed for a > future release. If you do want to patch and rebuild to work around > this, I can probably come up with a provisional patch for you in short > order. > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
