[Kerberos] Error at Handbook?
Boris Samorodov
bsam at ipt.ru
Fri Jun 10 20:16:02 GMT 2005
Hi!
I'm quite new to the list, but searching the archive and PRs didn't
show me anything on the matter.
According to FreeBSD Handbook (14.8.2 Setting up a Heimdal KDC) one
should config DNS server by adding:
-----
_kerberos IN TXT EXAMPLE.ORG.
-----
This doesn't work. DNS servers returns: text = "EXAMPLE.ORG.".
This is right, because RFC 1035 allows up to 16 character strings at
this field (assuming that noting should be prepended to the field if
it doesn't end with a point).
Thus I've got at KDC log:
-----
2005-06-10T23:57:07 Server not found in database: krbtgt/EXAMPLE.ORG. at EXAMPLE.ORG: No such entry in the database
----
(lookat the point before '@').
Everythig is fine when changing DNS TXT record to "EXAMPLE.ORG"
(without a dot at the end).
I'm going to file a DOC/PR, but what security guru can say on the
matter? Am I missing smth? I'm far away from thinking that I'm the
only user who is using the Handbook to configure kerberos on FreeBSD...
PS.
KDC host: FreeBSD 5.3-STABLE
Server: FreeBSD 6.0-CURRENT
Client: FreeBSD 5.4-RELEASE-p1
WBR
--
bsam
More information about the freebsd-security
mailing list