Bug#573596: [rt.cpan.org #58478] SASL-related host canonicalisation misfeature

Dominic Hargreaves dom at earth.li
Thu Jun 17 20:57:23 UTC 2010


[CCing Russ in case I need correcting at any point]

On Thu, Jun 17, 2010 at 10:20:43AM -0400, Graham_Barr via RT wrote:
> It is not broken. It is that there is more than one way to do it and there are users on both side of 
> the fence.
> 
> As a result it was change so that the caller call $sasl->client_new and pass the result instead of 
> the sasl object itself. 
> 
>   $sasl->client_new('ldap',$hostname);
> 
> This way the caller has control over what hostname is used.

Hi,

I appreciate that the decision on whether to canonicalise is not always
obvious and that you support overriding, but I believe that the reported
issue with the code still applies in the current version: that peerhost
returns a stringified IP address, not any form of actual hostname.

Given you've decided to retain the canonicalisation feature, it would
surely still be necessary to look up the name of the IP address.

Note that the current behaviour happens to work with MIT kerberos but
does not work with Heimdal.

Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)





More information about the pkg-perl-maintainers mailing list