Open flowerysong opened 1 year ago
MIT Kerberos 1.18 added support for dns_canonicalize_hostname = fallback, which initially acts like dns_canonicalize_hostname = false, then retries the request with a canonicalized hostname if it fails due to an unknown service principal. (See https://web.mit.edu/kerberos/krb5-devel/doc/admin/princ_dns.html#service-principal-canonicalization)
dns_canonicalize_hostname = fallback
dns_canonicalize_hostname = false
https://github.com/jcmturner/gokrb5/blob/855dbc707a37a21467aef6c0245fcf3328dc39ed/config/krb5conf.go#L172-L177 only parses this as a boolean, which fails when it encounters this value (e.g. in the default krb5.conf for Fedora.)
krb5.conf
MIT Kerberos 1.18 added support for
dns_canonicalize_hostname = fallback
, which initially acts likedns_canonicalize_hostname = false
, then retries the request with a canonicalized hostname if it fails due to an unknown service principal. (See https://web.mit.edu/kerberos/krb5-devel/doc/admin/princ_dns.html#service-principal-canonicalization)https://github.com/jcmturner/gokrb5/blob/855dbc707a37a21467aef6c0245fcf3328dc39ed/config/krb5conf.go#L172-L177 only parses this as a boolean, which fails when it encounters this value (e.g. in the default
krb5.conf
for Fedora.)