[SERVER-44108] Check rdns setting in kerberos client profile and optionally dump complete profile Created: 18/Oct/19  Updated: 29/Oct/23  Resolved: 18/Dec/19

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 4.3.3

Type: Task Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Adam Cooper (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-44396 Run the client half of the GSSAPI con... Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2019-11-04, Security 2019-11-18, Security 2019-12-02, Security 2019-12-16, Security 2019-12-30
Participants:

 Description   

We should be able to detect if rdns is enabled by default. See this API: https://web.mit.edu/kerberos/krb5-1.16/doc/appdev/refs/api/krb5_get_profile.html

We should parse out a tri-state of RDNS=true/false/unknown. If the
state is not unknown, we stop ourselves making statements/assertions about
setting it.

When running under verbose mode, we should print out all keys/values from the profile if possible. This will let us show libkrb5's idea of its configuration without us having to bake in assumptions about how to find the config file. Since there are loadable plugins that teach libkrb5 different ways to get configs, this technique would protect us from them.



 Comments   
Comment by Githook User [ 17/Dec/19 ]

Author:

{'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com', 'username': 'super-cooper'}

Message: SERVER-44108 Check rdns setting in kerberos client profile and optionally dump complete profile
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/7259c4484b772278052b329534dcbca1614f174c

Generated at Thu Feb 08 05:05:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.