Bug#532536: libgssapi-krb5: krb5_gss_acquire_cred resolves forward/reverse DNS but doesn't properly handles multiple search domains

Hi Sam, Thanks for your quick reply. * [10.06.09 01:13]: Gss calls gss_import_name (lib/gssapi/krb5/import_name.c) and that calls krb5_sname_to_principal (src/lib/krb5/os/sn2princ.c) which is almost certainly your problem. However I think that just calls getaddrinfo and getnameinfo so I

Bug#532536: libgssapi-krb5: krb5_gss_acquire_cred resolves forward/reverse DNS but doesn't properly handles multiple search domains

I'll ask the person responsible for that. I'm guessing there exists some platform somewhere that does the wrong thing with af_family = 0. I'm also hoping that we can move past that now. I'm guessing that an svn blame would suggest that code is old. -- To UNSUBSCRIBE, email to

Bug#532536: libgssapi-krb5: krb5_gss_acquire_cred resolves forward/reverse DNS but doesn't properly handles multiple search domains

Package: libgssapi-krb5-2 Version: 1.6.dfsg.4~beta1-13 Severity: important On my system, resolv.conf looks like this: domain foo.net search foo.net foo.lan nameserver 192.168.1.1 Now, my hostname is bar.foo.net (as hostname --fqdn spits out properly). I tried to kerberize sshd and got some

Bug#532536: libgssapi-krb5: krb5_gss_acquire_cred resolves forward/reverse DNS but doesn't properly handles multiple search domains

This is strange. So, the reverse resolution behavior is intentional (and highly broken--it's a long story) but can be disable by setting rdns=true in the libdefaults section of krb5.conf. Gss calls gss_import_name (lib/gssapi/krb5/import_name.c) and that calls krb5_sname_to_principal