From owner-freebsd-security@FreeBSD.ORG Tue Jun 14 11:30:38 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8ECAC16A41C for ; Tue, 14 Jun 2005 11:30:38 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam.ru (gw.ipt.ru [80.253.10.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27E3A43D49 for ; Tue, 14 Jun 2005 11:30:37 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam by bsam.ru with local (Exim 4.30; FreeBSD) id 1Di9cn-000Ia0-Ra; Tue, 14 Jun 2005 15:30:33 +0400 To: freebsd-security@FreeBSD.org References: <22142911@srv.sem.ipt.ru> From: Boris Samorodov Date: Tue, 14 Jun 2005 15:30:33 +0400 In-Reply-To: <22142911@srv.sem.ipt.ru> (Boris Samorodov's message of "Sat, 11 Jun 2005 00:17:20 +0400") Message-ID: <56012134@srv.sem.ipt.ru> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: "Boris B. Samorodov" Cc: Subject: Re: [Kerberos] Error at Handbook? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jun 2005 11:30:38 -0000 On Sat, 11 Jun 2005 00:17:20 +0400 Boris Samorodov wrote: > According to FreeBSD Handbook (14.8.2 Setting up a Heimdal KDC) one > should config DNS server by adding: > ----- > _kerberos IN TXT EXAMPLE.ORG. > ----- > This doesn't work. DNS servers returns: text = "EXAMPLE.ORG.". > This is right, because RFC 1035 allows up to 16 character strings at > this field (assuming that noting should be prepended to the field if > it doesn't end with a point). > Thus I've got at KDC log: > ----- > 2005-06-10T23:57:07 Server not found in database: krbtgt/EXAMPLE.ORG.@EXAMPLE.ORG: No such entry in the database > ---- > (lookat the point before '@'). > Everythig is fine when changing DNS TXT record to "EXAMPLE.ORG" > (without a dot at the end). > I'm going to file a DOC/PR, but what security guru can say on the > matter? Am I missing smth? I'm far away from thinking that I'm the > only user who is using the Handbook to configure kerberos on FreeBSD... As nobody complained so far, I filed a PR: ----- http://www.freebsd.org/cgi/query-pr.cgi?pr=82223 >Category: docs >Responsible: freebsd-doc >Synopsis: [Kerberos] Error at Handbook >Arrival-Date: Tue Jun 14 10:40:23 GMT 2005 ----- WBR -- bsam