Summary: | app-crypt/heimdal-0.7.2-r3: IP addresses of target host are malformed | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Martin Mokrejš <mmokrejs> |
Component: | [OLD] Server | Assignee: | Gentoo Kerberos Maintainers <kerberos> |
Status: | VERIFIED WORKSFORME | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Martin Mokrejš
2007-10-05 16:36:18 UTC
Are you sure the reverse lookup of the ip 192.168.0.2 is working? For kerberos you need the host realm and therefore the hostname. Could you check this? I don't think that this is a kerberos (heimdal) issue - that's related to your config. g, mueli Sorry for the confusion, I really only wanted to report that ftpd reports: Error initializing security context: Server (krbtgt/168.0.2@DOMA) unknown Please note missing "192." string. If it does not happen with "current" version in overlay anymore than am fine. I will wait until the new ebuilds appear in ~x86 and ~amd64 and then will test. But this: Oct 5 18:07:28 vrapenec kdc[29547]: Server not found in database: krbtgt/168.0.2@DOMA: No such entry in the database is an indication that kerberos isn't able to find the principal for your host in the database. One thing you should check is if the reverse query for your ip works. That means: $ dig -x 192.168.0.2 must resolve to $hostname for which you have a realm host/$hostname.YOURREALM.COM in the database. That _must_ work else kerberos isn't able to affiliate the IP with the principal in the database. g, mueli Yes that was a misconfiguration on my side. But still, the server or client does not display the IP address correctly. ;-) Are you sure? IPv4:192.168.0.2 for krbtgt/168.0.2@DOMA ^^^^^^^^^^^ The way he displays the Ticket Granting Ticket is also new to me but I am not sure that this is a misbehavior. I'd at least say that this isn't a gentoo issue - it's at least an upstream issue. To contact upstream we should really test the actual release in the overlay. So either you wait and live with the problem or you test heimdal out of overlay if you can reproduce your problem. I really hope it's ok for you that I'll close this bug - Fell free to reopen if you really think this is a gentoo related problem. At the moment I am trying to close pending bugs related to outdated heimdal releases ;) g, mueli On the misconfigured system I get with 1.2.1rc1 ticket which lack the unresolvable hostname altogether: $ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: mmokrejs@DOMA Issued Expires Principal Jul 18 12:22:51 Jul 19 12:22:51 krbtgt/DOMA@DOMA $ kftp 192.168.0.2 Connected to 192.168.0.2. 220 vrapenec FTP server (Version 6.00+Heimdal 1.2.1rc1) ready. Trying GSSAPI... Error initializing security context: unknown mech-code 0 for mech unknown *** Using plaintext user and password *** Name (192.168.0.2:mmokrejs): ^c I have emailed upstream for thoughts whether there is anything to be improved. The old bug stripping first number range from IPv4 address is gone, though. |