Return-Path: X-Original-To: krb5-send-pr-nospam1@krbdev.mit.edu Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 6A3495C00D; Tue, 16 Jun 2009 22:08:44 +0000 (UTC) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n5GM8ilF012868; Tue, 16 Jun 2009 18:08:44 -0400 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n5GLNbvG031403 for ; Tue, 16 Jun 2009 17:23:37 -0400 Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id n5GLNRAp008797 for ; Tue, 16 Jun 2009 17:23:27 -0400 (EDT) Received: from mail1.panix.com (localhost [127.0.0.1]) by mit.edu (Spam Firewall) with ESMTP id 1CE6920B3708 for ; Tue, 16 Jun 2009 17:23:26 -0400 (EDT) Received: from mail1.panix.com (mail1.panix.com [166.84.1.72]) by mit.edu with ESMTP id HZ3V195mRjfDMnGD for ; Tue, 16 Jun 2009 17:23:26 -0400 (EDT) Received-SPF: pass (mit.edu: domain of eravin@panix.com designates 166.84.1.72 as permitted sender) receiver=mit.edu; client_ip=166.84.1.72; envelope-from=eravin@panix.com; Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mail1.panix.com (Postfix) with ESMTP id 68C7D1F596 for ; Tue, 16 Jun 2009 17:23:26 -0400 (EDT) Received: by panix5.panix.com (Postfix, from userid 151) id 3BE7D24221; Tue, 16 Jun 2009 17:23:26 -0400 (EDT) Date: Tue, 16 Jun 2009 17:23:26 -0400 From: Ed Ravin To: krb5-bugs@mit.edu Subject: krb-1.7 kadmind not logging IP address of requests Message-ID: <20090616212325.GA14840@panix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) X-Spam-Score: 0.00 X-Spam-Flag: NO X-Scanned-BY: MIMEDefang 2.42 X-Mailman-Approved-At: Tue, 16 Jun 2009 18:08:42 -0400 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: us-ascii Content-Length: 1342 Using NetBSD 5.0 on Intel. Upgraded from krb5-1.6.3 with patches to krb5-1.7. kadmind logging now looks like this: Jun 16 16:35:36 juggler.panix.com kadmind[14915](Notice): chpw request from for elr@PANIX.COM: success Looked a little deeper - it's this code in src/kadmin/server/schpw.c that is kicking in: if (getnameinfo(ss2sa(&ss), salen, addrbuf, sizeof(addrbuf), NULL, 0, NI_NUMERICHOST | NI_NUMERICSERV) != 0) strlcpy(addrbuf, "", sizeof(addrbuf)); And the return code from getnameinfo was 4 (name resolution failure). I'm confused by this code, which appears in several spots in krb5 - it seems to disable logging of source IP addresses of requests if there's a local resolution error? Why not just show the IP address and leave it at that? My build process gave these flags to ./configure (same as what we used for previous versions): configflags="\ --prefix=/pkg/$PRODUCT \ --mandir=/pkg/$PRODUCT/man \ CFLAGS='-fstack-protector -D_FORTIFY_SOURCE=2' \ --sysconfdir=/etc/kerberosV \ --localstatedir=/var \ --libdir=/pkg/$PRODUCT/kerblib \ --enable-shared \ " krb5-config info: -I/pkg/krb5-1.7/include -L/pkg/krb5-1.7/kerblib -R/pkg/krb5-1.7/kerblib -lkrb5 -lk5crypto -lcom_err -lresolv Thanks, -- Ed