Public bug reported: (Original upstream report: https://github.com/heimdal/heimdal/issues/1252, thanks Andreas Hasenack)
The current includedir implementation used in heimdal reads the directive in readdir() order, which can yield unpredictable results. MIT Kerberos has moved on to use alphanumeric sort and heimdal should also utilize a predictable read strategy. Upstream has shown acknowledgement in introducing the behavior, but has not given a confirmed timeline. Notably, there are some other features that are blocked by this, such as https://bugs.launchpad.net/ubuntu/+source/kerberos-configs/+bug/2037321. The new integration of crypto-policies (https://bugs.launchpad.net/ubuntu/+source/crypto-policies/+bug/2138940) is also dependent on the directory to apply its generated configuration file to krb5. ** Affects: heimdal Importance: Unknown Status: Unknown ** Affects: heimdal (Ubuntu) Importance: High Status: New ** Bug watch added: github.com/heimdal/heimdal/issues #1252 https://github.com/heimdal/heimdal/issues/1252 ** Also affects: heimdal via https://github.com/heimdal/heimdal/issues/1252 Importance: Unknown Status: Unknown ** Description changed: (Original upstream report: https://github.com/heimdal/heimdal/issues/1252, thanks Andreas Hasenack) The current includedir implementation used in heimdal reads the directive in readdir() order, which can yield unpredictable results. MIT Kerberos has moved on to use alphanumeric sort and heimdal should also utilize a predictable read strategy. Upstream has shown acknowledgement in introducing the behavior, but has not given a confirmed timeline. Notably, there are some other features that are blocked by this, such as https://bugs.launchpad.net/ubuntu/+source/kerberos-configs/+bug/2037321. - The new integration of crypto-policies is also dependent on the - directory to apply its generated configuration file to krb5. + The new integration of crypto-policies + (https://bugs.launchpad.net/ubuntu/+source/crypto-policies/+bug/2138940) + is also dependent on the directory to apply its generated configuration + file to krb5. ** Changed in: heimdal (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2140967 Title: krb5.conf includedir directive does not read files in a predictable order To manage notifications about this bug go to: https://bugs.launchpad.net/heimdal/+bug/2140967/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
