From: Valentijn Sessink <valentyn@blub.net>
To: Kevin Coffman <kwc@citi.umich.edu>
Cc: Chuck Lever <chuck.lever@oracle.com>,
Steve Dickson <SteveD@redhat.com>, Jim Rees <rees@umich.edu>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: Strange rpc.svcgssd behavior
Date: Wed, 17 Nov 2010 17:15:07 +0100 [thread overview]
Message-ID: <4CE3FF8B.9070408@blub.net> (raw)
In-Reply-To: <AANLkTinJyFHom5JQg5s+yX+6NRBw01S6a9gbwtk5WaLB@mail.gmail.com>
Kevin Coffman schreef:
> This issue affects gss authentication in sshd as well.
"The issue" being that "gethostname()" returns nonsense after
NetworkManager configures the nonsense with "sethostname()".
I looked at the source code of Networkmanager, briefly, and it does look
like they do their utter best to make the hostname anything that you did
not want it to be, they first look in "system-settings" - but I can't
see what that is, then they use "automatic hostname from DHCP, VPN
etc.", only then to fall back to "the original hostname when NM
started". But the "set_system_hostname()" function has
"FALLBACK_HOSTNAME" (being localhost.localdomain) all over the place, so
a single call to set_system_hostname with the wrong settings will mess
things up for the rest of the uptime of the machine.
> I believe this
> is all the way down in the Kerberos code, which has been this way for
> years. I'm not sure what needs to be changed to "get it right".
If something messes with "sethostname()", you can be sure that
"gethostname()" will return the mess.
Apart from that, IIRC, there was some discussion about the "Domain"
clause in the idmapd.conf and if that should come from the KRB domain
settings; problem with that, again IIRC, is, that then the idmapper
would become dependent on kerberos libraries.
If you'll ask me, I don't think there's such a big problem. The only
problem is that NetworkManager shouldn't mess with the hostname.
(But I could be wrong here).
Best regards,
Valentijn
prev parent reply other threads:[~2010-11-17 16:15 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-15 17:39 Strange rpc.svcgssd behavior Chuck Lever
2010-11-16 15:58 ` Valentijn Sessink
2010-11-16 19:44 ` Valentijn Sessink
2010-11-16 20:17 ` Jim Rees
2010-11-16 20:22 ` Chuck Lever
2010-11-16 20:54 ` Jim Rees
2010-11-16 21:41 ` J. Bruce Fields
2010-11-16 21:42 ` Chuck Lever
2010-11-17 15:18 ` Steve Dickson
2010-11-17 15:30 ` Chuck Lever
2010-11-17 15:54 ` Kevin Coffman
2010-11-17 16:05 ` Chuck Lever
2010-11-17 16:26 ` Kevin Coffman
2010-11-17 17:51 ` Chuck Lever
2010-11-17 18:52 ` Valentijn Sessink
2010-11-17 16:15 ` Valentijn Sessink [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CE3FF8B.9070408@blub.net \
--to=valentyn@blub.net \
--cc=SteveD@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=kwc@citi.umich.edu \
--cc=linux-nfs@vger.kernel.org \
--cc=rees@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.