Quantal
requesting sharepointsite.testdomain with firefox with the following option set
in about:config
network.negotiate-auth.trusted-uris "https://, http://";
klist
====================================================================================================Default
principal: testu...@example.com
Valid starting Expires Service principal
27/02/2013 08:35 27/02/2013 18:35 krbtgt/example....@example.com
renew until 28/02/2013 08:35
====================================================================================================
option rdns=false
klist
====================================================================================================
Default principal: testu...@example.com
Valid starting Expires Service principal
27/02/2013 08:35 27/02/2013 18:35 krbtgt/example....@example.com
renew until 28/02/2013 08:35
27/02/2013 08:37 27/02/2013 18:35 HTTP/searchsite.testdomain@
renew until 28/02/2013 08:35
27/02/2013 08:37 27/02/2013 18:35 HTTP/searchsite.testdom...@example.com
renew until 28/02/2013 08:35
====================================================================================================
This results in a request for a ticket for the wrong name and no sso.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Rebuilding kerberos for quantal
apt-get build-dep libkrb5-3
apt-get source libkrb5-3
edit src/lib/krb5/os/sn2princ.c
//hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
hints.ai_flags = AI_CANONNAME;
rebuild:
fakeroot debian/rules binary
dpkg -i ../libkrb5-3.........deb
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
retest Quantal
option rdns not set
requesting sharepointsite.testdomain with firefox with the following option set
in about:config
network.negotiate-auth.trusted-uris "https://, http://";
klist
====================================================================================================
Default principal: testu...@example.com
Valid starting Expires Service principal
27/02/2013 08:53 27/02/2013 18:53 krbtgt/example....@example.com
renew until 28/02/2013 08:53
27/02/2013 08:54 27/02/2013 18:53 HTTP/searchsite.testdomain@
renew until 28/02/2013 08:53
27/02/2013 08:54 27/02/2013 18:53 HTTP/searchsite.testdom...@example.com
renew until 28/02/2013 08:53
====================================================================================================
option rdns=false
klist
====================================================================================================
Default principal: testu...@example.com
Valid starting Expires Service principal
27/02/2013 08:59 27/02/2013 18:59 krbtgt/example....@example.com
renew until 28/02/2013 08:59
27/02/2013 09:00 27/02/2013 18:59 HTTP/sharepointsite.testdomain@
renew until 28/02/2013 08:59
27/02/2013 09:00 27/02/2013 18:59 HTTP/sharepointsite.testdom...@example.com
renew until 28/02/2013 08:59
====================================================================================================
Now the setting rdns=false causes sso to work.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/571572
Title:
krb5 prefers the reverse pointer no matter what for locating service
tickets.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/571572/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
