Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-44108

Check rdns setting in kerberos client profile and optionally dump complete profile

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3.3
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Sprint:
      Security 2019-11-04, Security 2019-11-18, Security 2019-12-02, Security 2019-12-16, Security 2019-12-30

      Description

      We should be able to detect if rdns is enabled by default. See this API: https://web.mit.edu/kerberos/krb5-1.16/doc/appdev/refs/api/krb5_get_profile.html

      We should parse out a tri-state of RDNS=true/false/unknown. If the
      state is not unknown, we stop ourselves making statements/assertions about
      setting it.

      When running under verbose mode, we should print out all keys/values from the profile if possible. This will let us show libkrb5's idea of its configuration without us having to bake in assumptions about how to find the config file. Since there are loadable plugins that teach libkrb5 different ways to get configs, this technique would protect us from them.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              adam.cooper Adam Cooper (Inactive)
              Reporter:
              mark.benvenuto Mark Benvenuto
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: