The following message is a courtesy copy of an article that has been posted to gmane.comp.encryption.kerberos.general,gmane.comp.encryption.kerberos.devel as well. It seems that this patch didn't wind up in the recent kerberos release. Do you think somebody could review it for inclusion soon, so that it has a chance of making it into the next release? If any changes need to be made, please let me know and I will make them. Thanks! - a Ken Raeburn writes: > Sure. :) > At first glance it looks good, but I want to have a closer look > before committing it (unless someone else gets to it first). Thanks > for sending it in! > > Adam Megacz writes: > > Hi, would it be possible for the Kerberos maintainers to consider the > > patch below for inclusion in the main libkadm5 distribution? > > > > - a > > > > Adam Megacz writes: > >> Ken Raeburn writes: > >>>> I believe the future has already arrived. Current MIT code should > >>>> be capable of finding and using records like this: > >>>> > >>>> spam% dig _kerberos-adm._tcp.umich.edu srv > >>> > >>> This is used for the password-changing service, but unfortunately the > >>> RPC code used for the kadmin program still looks up admin_server, and > >>> uses the first IP address found when looking up that hostname. No > >>> DNS, one hostname, one address, no service-location plugin support, > >>> no IPv6. These do need to be fixed.... > >> > >> This should help. > >> > >> - a > >> > >> > >> diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c > >> index bb87f88..48b1792 100644 > >> --- a/src/lib/kadm5/alt_prof.c > >> +++ b/src/lib/kadm5/alt_prof.c > >> @@ -416,10 +416,31 @@ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv, > >> params.admin_server = strdup(params_in->admin_server); > >> if (params.admin_server) > >> params.mask |= KADM5_CONFIG_ADMIN_SERVER; > >> - } else if (aprofile && > >> - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { > >> - params.admin_server = svalue; > >> - params.mask |= KADM5_CONFIG_ADMIN_SERVER; > >> + } else if (aprofile) { > >> + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { > >> + params.admin_server = svalue; > >> + params.mask |= KADM5_CONFIG_ADMIN_SERVER; > >> + } else { > >> + struct addrlist addrlist; > >> + int i; > >> + krb5_data drealm; > >> + drealm.data = (void*)params.realm; > >> + drealm.length = strlen(params.realm); > >> + if (!krb5int_locate_server(context, &drealm, &addrlist, 0, > >> + "admin_server", "_kerberos-adm", 1, > >> + DEFAULT_KPASSWD_PORT, 0, 0)) { > >> + for (i=0;i >> + struct addrinfo *a = addrlist.addrs[i]; > >> + if (a->ai_family == AF_INET) { > >> + params.admin_server = strdup(inet_ntoa(sa2sin(a->ai_addr)->sin_addr)); > >> + params.kadmind_port = ntohs(sa2sin (a->ai_addr)->sin_port); > >> + params.mask |= KADM5_CONFIG_ADMIN_SERVER; > >> + params.mask |= KADM5_CONFIG_KADMIND_PORT; > >> + break; > >> + } > >> + } > >> + } > >> + } > >> } > >> if (params.mask & KADM5_CONFIG_ADMIN_SERVER) { > >> char *p; > >> > >> ________________________________________________ > >> Kerberos mailing list Kerberos@mit.edu > >> https://mailman.mit.edu/mailman/listinfo/kerberos > >> > > > > -- > > > > ________________________________________________ > > Kerberos mailing list Kerberos@mit.edu > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > -- >