bug-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #18830] cvs-1.11 GSSAPI fails with DNS-loadbalanced servers

From: anonymous
Subject: [bug #18830] cvs-1.11 GSSAPI fails with DNS-loadbalanced servers
Date: Fri, 19 Jan 2007 09:36:58 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061220 Red Hat/1.5.0.9-0.1.el4 Firefox/1.5.0.9 
URL:
  <http://savannah.nongnu.org/bugs/?18830>

                 Summary: cvs-1.11 GSSAPI fails with DNS-loadbalanced servers
                 Project: Concurrent Versions System
            Submitted by: None
            Submitted on: Friday 01/19/2007 at 09:36 UTC
                Category: Bug Fix (patch attached)
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 
           Fixed Release: None
   Fixed Feature Release: None

    _______________________________________________________

Details:

"gserver" authentication against loadbalanced hosts fails intermittently.
Examination shows that the "cvs" service ticket is for a different server
than the one cvs connected to.

GSSAPI will do its own resolution of the remote server in
gss_init_sec_context. And netinfo->h_name apparently isn't guaranteed to be
the forward+reverse'd-DNS name; in our case it corresponds to the 'server'
name.  Together this lead to wrong credentials being retrieved for
DNS-loadbalanced servers where the DNS alias changes between connection and
GSSAPI-calls.

The proposed patch (against 1.11.17) instead feeds GSSAPI the IP of the
remote host (which we already used to connect()) and let GSSAPI figure out
the correct credentials for that IP. 

The code has changed in 1.12, I don't know whether this is still an issue
there. But 1.11 clients are still widely used, so perhaps somebody will find
this patch useful..




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Friday 01/19/2007 at 09:36 UTC  Name: cvs-1.11.17-gssapi-dns.patch 
Size: 2kB   By: None

<http://savannah.nongnu.org/bugs/download.php?file_id=11782>

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?18830>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]