-
Type:
Improvement
-
Resolution: Duplicate
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
Copied from the closed duplicate PYTHON-1732
-------------------------------------------------------------
When a less knowledgeable me implemented CANONICALIZE_HOSTNAME in PyMongo I did it by just looking up the fqdn of the hostname returned by ismaster. That's not correct. The algorithm used by libkrb5 can be seen here (happily their test suite is written in Python, but the C is also easily understood):
In case that link dies, here's a copy:
# Return the local hostname as it will be canonicalized by
# krb5_sname_to_principal. We can't simply use socket.getfqdn()
# because it explicitly prefers results containing periods and
# krb5_sname_to_principal doesn't care.
def _get_hostname():
hostname = socket.gethostname()
try:
ai = socket.getaddrinfo(hostname, None, 0, 0, 0, socket.AI_CANONNAME)
except socket.gaierror, (error, errstr):
fail('Local hostname "%s" does not resolve: %s.' % (hostname, errstr))
(family, socktype, proto, canonname, sockaddr) = ai[0]
try:
name = socket.getnameinfo(sockaddr, socket.NI_NAMEREQD)
except socket.gaierror:
return canonname.lower()
return name[0].lower()
Note that you can't configure this programmatically, only though krb5.conf. This feature only really matters on Windows where we use SSPI instead of krb5. SSPI doesn't appear to do any of this.
It also appears that we currently look up the fqdn regardless of OS if this option is set. We should only do it on Windows (and ignore it everywhere else to avoid backward breaking changes) since doing it anywhere else will conflict with however krb5 is configured on the machine.
- duplicates
-
PYTHON-2192 Clarify hostname canonicalization logic.
-
- Closed
-
- is depended on by
-
-
- Implementing
-