Hi Robie, I'm also affected with this bug. When rebuilding the source on quantal as described in comment: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/571572/comments/15 the sso to the problematic site disappears when setting rdns=false in krb5.conf. But this is not the case for precise, there it only works when patching the source from comment 15 with the original post.
Precise fix: What i did was getting the source package for precise and patched it with: https://github.com/krb5/krb5/commit/57738b357e8b03bcb7af2f147c97cb84d0ce96e2 install package libkrb5-3 libgssapi After adding the rdns=false i can now authenticate sso to iis sites that were previously failing. when commenting this option out (which is default) default behaviour is restored and i still can authenticate to servers that were previously working with e.g. mod_auth_kerb on apache but failed on iis sites. I will try to setup raring desktop to test if the bug does not exist there. Will try also patched version for quantal and explain my findings inclusive tickets in my ticket cache and cname/ptr/a records to those servers which were failing but working with the above patch. William van de Velde. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/571572 Title: krb5 prefers the reverse pointer no matter what for locating service tickets. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/571572/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
