Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

FYI: krb5-realm.com/net/org

  • From: Avleen Vig
  • Date: Thu Jan 16 10:05:38 2003

This is purely an FYI.

A non-fatal bug exists with regards to authentication in the following
operating systems:
  FreeBSD 4.4 (at least)
  Allegedly in OpenBSD 3.0, 3.1 and 3.2 (untested)

And in the following packages when kerberos authentication is compiled
into them on the above operating systems:
  OpenSSH 2.3.0 (at least. not sure about newer versions)
  UW imapd, Pine, and other packages which are linked against the kerberos
  libraries

I'm not blaming any of these packages, so please let no-one get up in arms
about that :-)

The bug revolves around the libraries trying to lookup TXT records in DNS
for krb5-realm.'your_tld'.
I control the name servers for krb5-realm.com/net/org

It has been reported that when this nameserver goes down, authentication
can take a very-long-time. I believe what happens is that authentication
*failures* take a very-long-time.

This is just a notification that the name servers for these domains will
be changing in the next 48 hours. It shouldn't be a problem, but incase
people see odd issues as described above, which I usually get mails and
such about later, this may be the reason.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.