[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #18830] cvs-1.11 GSSAPI fails with DNS-loadbalanced servers
From: |
anonymous |
Subject: |
[bug #18830] cvs-1.11 GSSAPI fails with DNS-loadbalanced servers |
Date: |
Fri, 19 Jan 2007 09:36:58 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061220 Red Hat/1.5.0.9-0.1.el4 Firefox/1.5.0.9 |
URL:
<http://savannah.nongnu.org/bugs/?18830>
Summary: cvs-1.11 GSSAPI fails with DNS-loadbalanced servers
Project: Concurrent Versions System
Submitted by: None
Submitted on: Friday 01/19/2007 at 09:36 UTC
Category: Bug Fix (patch attached)
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release:
Fixed Release: None
Fixed Feature Release: None
_______________________________________________________
Details:
"gserver" authentication against loadbalanced hosts fails intermittently.
Examination shows that the "cvs" service ticket is for a different server
than the one cvs connected to.
GSSAPI will do its own resolution of the remote server in
gss_init_sec_context. And netinfo->h_name apparently isn't guaranteed to be
the forward+reverse'd-DNS name; in our case it corresponds to the 'server'
name. Together this lead to wrong credentials being retrieved for
DNS-loadbalanced servers where the DNS alias changes between connection and
GSSAPI-calls.
The proposed patch (against 1.11.17) instead feeds GSSAPI the IP of the
remote host (which we already used to connect()) and let GSSAPI figure out
the correct credentials for that IP.
The code has changed in 1.12, I don't know whether this is still an issue
there. But 1.11 clients are still widely used, so perhaps somebody will find
this patch useful..
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Friday 01/19/2007 at 09:36 UTC Name: cvs-1.11.17-gssapi-dns.patch
Size: 2kB By: None
<http://savannah.nongnu.org/bugs/download.php?file_id=11782>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?18830>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #18830] cvs-1.11 GSSAPI fails with DNS-loadbalanced servers,
anonymous <=