Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id m2HDcfHW024488; Mon, 17 Mar 2008 09:38:42 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m2HDca0S012244; Mon, 17 Mar 2008 09:38:36 -0400 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m2G4Nuax021417 for ; Sun, 16 Mar 2008 00:23:56 -0400 Received: from mit.edu (W92-130-BARRACUDA-1.MIT.EDU [18.7.21.220]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id m2G4Njt5009127 for ; Sun, 16 Mar 2008 00:23:45 -0400 (EDT) Received: from hrndva-omtalb.mail.rr.com (hrndva-omtalb.mail.rr.com [71.74.56.122]) by mit.edu (Spam Firewall) with ESMTP id 2230E7C273A for ; Sun, 16 Mar 2008 00:23:25 -0400 (EDT) Received: from www.secure-endpoints.com ([24.193.47.99]) by hrndva-omta04.mail.rr.com with ESMTP id <20080316042324.XNOT18091.hrndva-omta04.mail.rr.com@www.secure-endpoints.com> for ; Sun, 16 Mar 2008 04:23:24 +0000 Received: from [192.168.1.34] by secure-endpoints.com (Cipher TLSv1:RC4-MD5:128) (MDaemon PRO v9.6.4) with ESMTP id md50000082279.msg for ; Sun, 16 Mar 2008 00:26:02 -0400 X-Spam-Processed: www.secure-endpoints.com, Sun, 16 Mar 2008 00:26:02 -0400 (not processed: message from trusted or authenticated source) X-Mdptrlookup-Result: pass dns.ptr=cpe-24-193-47-99.nyc.res.rr.com (ip=24.193.47.99) (www.secure-endpoints.com) X-Mdhelolookup-Result: hardfail smtp.helo=[192.168.1.34] (does not match 24.193.47.99) (www.secure-endpoints.com) X-Authenticated-Sender: jaltman@secure-endpoints.com X-Return-Path: jaltman@secure-endpoints.com X-Envelope-From: jaltman@secure-endpoints.com X-Mdaemon-Deliver-To: krb5-bugs@mit.edu Resent-From: Jeffrey Altman Resent-To: krb5-bugs@mit.edu Resent-Date: Sun, 16 Mar 2008 00:25:57 -0400 Resent-Message-ID: <47DCA155.5010307@secure-endpoints.com> Resent-User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.12) Gecko/20080213 Thunderbird/2.0.0.12 X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00 autolearn=unavailable version=3.1.8 X-Spam-Report: * -4.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.0000] Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by secure-endpoints.com (www.secure-endpoints.com) (MDaemon PRO v9.6.4) with ESMTP id md50000082276.msg for ; Sat, 15 Mar 2008 22:53:56 -0400 Received-SPF: pass (www.secure-endpoints.com: domain of kerberos-bounces@mit.edu designates 18.7.21.90 as permitted sender) x-spf-client=MDaemon.PRO.v9.6.4 receiver=www.secure-endpoints.com client-ip=18.7.21.90 envelope-from= helo=pch.mit.edu Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m2G2asiZ022009; Sat, 15 Mar 2008 22:37:22 -0400 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m2G2amu1021988 for ; Sat, 15 Mar 2008 22:36:48 -0400 Received: from mit.edu (W92-130-BARRACUDA-2.MIT.EDU [18.7.21.223]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id m2G2aaLg003748 for ; Sat, 15 Mar 2008 22:36:38 -0400 (EDT) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id 6CD57D4B255 for ; Sat, 15 Mar 2008 22:36:14 -0400 (EDT) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1JaijM-0003sj-1T for kerberos@mit.edu; Sun, 16 Mar 2008 02:36:12 +0000 Received: from feferman.megacz.com ([65.23.154.28]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 16 Mar 2008 02:36:12 +0000 Received: from megacz by feferman.megacz.com with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 16 Mar 2008 02:36:12 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: kerberos@mit.edu From: Adam Megacz Subject: Re: Reading kerberos-adm from DNS: when will MIT-krb support this? Date: Sat, 15 Mar 2008 19:36:02 -0700 Organization: Myself Message-ID: References: <200703120511.AAA11265@quince.ifs.umich.edu> <1E393FB5-8557-4BBE-8896-5FCE67A6F41D@mit.edu> MIME-Version: 1.0 X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: feferman.megacz.com X-Home-Page: http://www.megacz.com/ User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) Cancel-Lock: sha1:UXKdyfjYOKXfROlgiCpN8m5Zzsw= X-Scanned-BY: MIMEDefang 2.42 X-Beenthere: kerberos@mit.edu X-Mailman-Version: 2.1.6 Precedence: list List-ID: The Kerberos Authentication System Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Spam-Score: 0.00 X-Spam-Flag: NO X-Mailman-Approved-At: Mon, 17 Mar 2008 09:38:36 -0400 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu Reply-To: megacz@cs.berkeley.edu Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU X-RT-Original-Encoding: us-ascii Content-Length: 2426 Ken Raeburn writes: >> I believe the future has already arrived. Current MIT code should >> be capable of finding and using records like this: >> >> spam% dig _kerberos-adm._tcp.umich.edu srv > > This is used for the password-changing service, but unfortunately the > RPC code used for the kadmin program still looks up admin_server, and > uses the first IP address found when looking up that hostname. No > DNS, one hostname, one address, no service-location plugin support, > no IPv6. These do need to be fixed.... This should help. - a diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index bb87f88..48b1792 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -416,10 +416,31 @@ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv, params.admin_server = strdup(params_in->admin_server); if (params.admin_server) params.mask |= KADM5_CONFIG_ADMIN_SERVER; - } else if (aprofile && - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - params.admin_server = svalue; - params.mask |= KADM5_CONFIG_ADMIN_SERVER; + } else if (aprofile) { + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + params.admin_server = svalue; + params.mask |= KADM5_CONFIG_ADMIN_SERVER; + } else { + struct addrlist addrlist; + int i; + krb5_data drealm; + drealm.data = (void*)params.realm; + drealm.length = strlen(params.realm); + if (!krb5int_locate_server(context, &drealm, &addrlist, 0, + "admin_server", "_kerberos-adm", 1, + DEFAULT_KPASSWD_PORT, 0, 0)) { + for (i=0;iai_family == AF_INET) { + params.admin_server = strdup(inet_ntoa(sa2sin(a->ai_addr)->sin_addr)); + params.kadmind_port = ntohs(sa2sin (a->ai_addr)->sin_port); + params.mask |= KADM5_CONFIG_ADMIN_SERVER; + params.mask |= KADM5_CONFIG_KADMIND_PORT; + break; + } + } + } + } } if (params.mask & KADM5_CONFIG_ADMIN_SERVER) { char *p; ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos