Package: libkrb5-25-heimdal Version: 1.2.dfsg.1-2.1 Severity: important Heimdal uses hostname instead of fqdn as realm name. I'm not a expert in kerberos but I think this is incorrect behavior.
For example, my host is db.h-----g.com, realm H-----G.COM and kerberos configured by DNS SRV records: sh-4.0# hostname db sh-4.0# hostname db sh-4.0# dnsdomainname h-----g.com sh-4.0# hostname -f db.h-----g.com sh-4.0# kinit norma kinit: krb5_parse_name: unable to find realm of host db sh-4.0# hostname db.h-----g.com sh-4.0# hostname db.h-----g.com sh-4.0# hostname -f db.h-----g.com sh-4.0# dnsdomainname h-----g.com sh-4.0# kinit norma no...@h-----g.com's Password: sh-4.0# The problem does not occur if in the /etc/hostname fqdn specified, but 'man hostname' says: "/etc/hostname This file should only contain domain name and not the full FQDN" My DNS SRV settings: $ dig srv _kerberos._udp.h-----g.com ; <<>> DiG 9.6.1-P1 <<>> srv _kerberos._udp.h-----g.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23562 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;_kerberos._udp.h-----g.com. IN SRV ;; ANSWER SECTION: _kerberos._udp.h-----g.com. 3600 IN SRV 10 10 88 kerberos.h-----g.com. ;; AUTHORITY SECTION: h-----g.com. 3600 IN NS ns1.h-----g.com. ;; ADDITIONAL SECTION: kerberos.h-----g.com. 3600 IN A 192.168.1.75 ns1.h-----g.com. 3600 IN A 192.168.1.75 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Feb 24 22:36:11 2010 ;; MSG SIZE rcvd: 134 -- System Information: Debian Release: squeeze/sid APT prefers stable APT policy: (990, 'stable'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core) Locale: LANG=ru_RU.utf8, LC_CTYPE=ru_RU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libkrb5-25-heimdal depends on: ii libasn1-8-heimdal 1.2.dfsg.1-2.1 Heimdal Kerberos - ASN.1 library ii libc6 2.9-25 GNU C Library: Shared libraries ii libcomerr2 1.41.9-1 common error description library ii libhx509-3-heimdal 1.2.dfsg.1-2.1 Heimdal Kerberos - X509 support li ii libroken18-heimdal 1.2.dfsg.1-2.1 Heimdal Kerberos - roken support l ii libssl0.9.8 0.9.8k-7 SSL shared libraries ii libwind0-heimdal 1.2.dfsg.1-2.1 Heimdal Kerberos - NTLM support li libkrb5-25-heimdal recommends no packages. libkrb5-25-heimdal suggests no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
