Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-44108

Check rdns setting in kerberos client profile and optionally dump complete profile

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.3.3
    • Affects Version/s: None
    • Component/s: Security
    • None
    • Fully Compatible
    • Security 2019-11-04, Security 2019-11-18, Security 2019-12-02, Security 2019-12-16, Security 2019-12-30

      We should be able to detect if rdns is enabled by default. See this API: https://web.mit.edu/kerberos/krb5-1.16/doc/appdev/refs/api/krb5_get_profile.html

      We should parse out a tri-state of RDNS=true/false/unknown. If the
      state is not unknown, we stop ourselves making statements/assertions about
      setting it.

      When running under verbose mode, we should print out all keys/values from the profile if possible. This will let us show libkrb5's idea of its configuration without us having to bake in assumptions about how to find the config file. Since there are loadable plugins that teach libkrb5 different ways to get configs, this technique would protect us from them.

            Assignee:
            adam.cooper@mongodb.com Adam Cooper (Inactive)
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: