[SERVER-44108] Check rdns setting in kerberos client profile and optionally dump complete profile Created: 18/Oct/19 Updated: 29/Oct/23 Resolved: 18/Dec/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 4.3.3 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Mark Benvenuto | Assignee: | Adam Cooper (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Sprint: | Security 2019-11-04, Security 2019-11-18, Security 2019-12-02, Security 2019-12-16, Security 2019-12-30 | ||||||||
| Participants: | |||||||||
| Description |
|
We should be able to detect if rdns is enabled by default. See this API: https://web.mit.edu/kerberos/krb5-1.16/doc/appdev/refs/api/krb5_get_profile.html We should parse out a tri-state of RDNS=true/false/unknown. If the When running under verbose mode, we should print out all keys/values from the profile if possible. This will let us show libkrb5's idea of its configuration without us having to bake in assumptions about how to find the config file. Since there are loadable plugins that teach libkrb5 different ways to get configs, this technique would protect us from them. |
| Comments |
| Comment by Githook User [ 17/Dec/19 ] |
|
Author: {'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com', 'username': 'super-cooper'}Message: |