Bug#445063: krb5-config should at least use its domain_realm mapping that it already has
Package: krb5-config Version: 1.16 Followup-For: Bug #445063 I just installed krb5-config from scratch on a stock Debian machine. My domain name is mit.edu, which should have been mapped to ATHENA.MIT.EDU but was instead mapped to MIT.EDU. This bug talks about getting the realm out of DNS, but there's already a source of information about domain names to realms - the very same configuration file, /etc/krb5.conf, includes a domain_realm mapping to identify realms. This should be used to resolve the domain name, if possible. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages krb5-config depends on: ii debconf [debconf-2.0]1.5.11etch1 Debian configuration management sy krb5-config recommends no packages. -- debconf information: krb5-config/read_conf: true krb5-config/kerberos_servers: krb5-config/default_realm: MIT.EDU krb5-config/admin_server: krb5-config/dns_for_default: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#445063: krb5-config should at least use its domain_realm mapping that it already has
Quentin Smith [EMAIL PROTECTED] writes: Package: krb5-config Version: 1.16 Followup-For: Bug #445063 I just installed krb5-config from scratch on a stock Debian machine. My domain name is mit.edu, which should have been mapped to ATHENA.MIT.EDU but was instead mapped to MIT.EDU. I don't understand what this means. What was written to /etc/krb5.conf? What did you expect to be written there? This bug talks about getting the realm out of DNS, but there's already a source of information about domain names to realms - the very same configuration file, /etc/krb5.conf, includes a domain_realm mapping to identify realms. This should be used to resolve the domain name, if possible. If I understand correctly, the proposal is to try to apply the domain_realm mappings in the provided krb5.conf file to figure out what the default realm should be? If so, there isn't any way to do this with the current architecture: at the time that the debconf script runs, the package hasn't been unpacked yet and the krb5.conf template is not yet available. Both of the requests in this bug would require prompting in the postinst instead of in the config script. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#445063: krb5-config should at least use its domain_realm mapping that it already has
On Wed, 2 Jan 2008, Russ Allbery wrote: Quentin Smith [EMAIL PROTECTED] writes: Package: krb5-config Version: 1.16 Followup-For: Bug #445063 I just installed krb5-config from scratch on a stock Debian machine. My domain name is mit.edu, which should have been mapped to ATHENA.MIT.EDU but was instead mapped to MIT.EDU. I don't understand what this means. What was written to /etc/krb5.conf? What did you expect to be written there? Hi- With no configuration prompts on a fresh install, MIT.EDU was written to /etc/krb5.conf as my default_realm. I expect ATHENA.MIT.EDU to be written there, or at least to be prompted for the default realm. This bug talks about getting the realm out of DNS, but there's already a source of information about domain names to realms - the very same configuration file, /etc/krb5.conf, includes a domain_realm mapping to identify realms. This should be used to resolve the domain name, if possible. If I understand correctly, the proposal is to try to apply the domain_realm mappings in the provided krb5.conf file to figure out what the default realm should be? If so, there isn't any way to do this with the current architecture: at the time that the debconf script runs, the package hasn't been unpacked yet and the krb5.conf template is not yet available. Yes, my proposal is to use the domain_realm mappings in krb5.conf to figure out the default realm. Could the krb5.conf template be incorporated into the debconf script at build time, so that it's available when configuring? Thanks, --Quentin Both of the requests in this bug would require prompting in the postinst instead of in the config script. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#445063: krb5-config should at least use its domain_realm mapping that it already has
Quentin Smith [EMAIL PROTECTED] writes: On Wed, 2 Jan 2008, Russ Allbery wrote: What was written to /etc/krb5.conf? What did you expect to be written there? With no configuration prompts on a fresh install, MIT.EDU was written to /etc/krb5.conf as my default_realm. I expect ATHENA.MIT.EDU to be written there, or at least to be prompted for the default realm. Ah, I see. Well, you didn't get prompted because you have your prompting level set to high, so you got the default (the upcased domain name). Yes, my proposal is to use the domain_realm mappings in krb5.conf to figure out the default realm. Could the krb5.conf template be incorporated into the debconf script at build time, so that it's available when configuring? That only helps a small handful of sites, but I suppose it's not too difficult to incorporate cases for the five sites that have domain_realm mappings in the default krb5.conf. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]