On Mon, Nov 7, 2016 at 4:35 PM, Alexey Serbin wrote:
> Ah, I see -- thank you for the clarification.
>
> BTW, could 'ignore_acceptor_hostname' parameter help there? Like adding
> the following into the krb5.conf:
>
> [libdefaults]
> ignore_acceptor_hostname = true
>
Here's one more workaround which might actually be simplest: it seems like
if we LD_PRELOAD (or otherwise override) krb5_get_host_realm(), we can
detect this case and return our default KRBTEST.COM realm.
I'll give that one a try and see if it works, since it's only 10-15 lines
of code vs
FWIW it looks like there's already some code out there that can do the
appropriate "fake DNS" wrapping: https://cwrap.org/nss_wrapper.html
On Sun, Nov 6, 2016 at 9:13 PM, Todd Lipcon wrote:
> Hey folks
>
> I've been looking into why our kerberos-dependent tests are failing
Hey folks
I've been looking into why our kerberos-dependent tests are failing on el6
and it looks like it will be unfortunately difficult to fix.
The first issue was that krb5 1.10 (on el6) doesn't automatically create
the directory for a DIR: type ticket cache. That one was easy to fix
and got