#170 Adding centos alias for FEDORAPROJECT.ORG REALM for *centos.org auth passthrough
Merged 3 years ago by humaton. Opened 3 years ago by arrfab.
arrfab/fedora-packager centos-alias  into  main

file modified
+4 -1
@@ -4,7 +4,7 @@ 

  

  Name:           fedora-packager

  Version:        0.6.0.5

- Release:        1%{?dist}

+ Release:        2%{?dist}

  Summary:        Tools for setting up a fedora maintainer environment

  

  License:        GPLv2+
@@ -83,6 +83,9 @@ 

  %{_sbindir}/*

  

  %changelog

+ * Fri May 07 2021 Fabian Arrotin <arrfab@centos.org> - 0.6.0.5-2

+ - minor change to have centos.org alias for kerberos auth to work client side

+ 

  * Mon Mar 22 2021 Mohan Boddu <mboddu@bhujji.com> - 0.6.0.5-1

  - Update README - fix typo (cheese)

  - Add pkgname helper (churchyard)

@@ -6,3 +6,6 @@ 

  [domain_realm]

   .fedoraproject.org = FEDORAPROJECT.ORG

   fedoraproject.org = FEDORAPROJECT.ORG

+  .centos.org = FEDORAPROJECT.ORG

+  centos.org = FEDORAPROJECT.ORG

+ 

This is to complete https://pagure.io/centos-infra/issue/305 (done at server side).
This just allows client to know that for id.centos.org, gssapi transactions would work with existing kerberos ticket.
At the centos side, there is already a dns record :

dig +short txt _kerberos.centos.org
"FEDORAPROJECT.ORG"

But default krb5.conf shipped in fedora/rhel/centos doesn't use dns lookup :

grep lookup /etc/krb5.conf
 dns_lookup_realm = false

This simple commit would at least resolve this the same way it was done for fedoraproject.org

Signed-off-by: Fabian Arrotin arrfab@centos.org

1 new commit added

  • bumped .spec
3 years ago

Pull-Request has been merged by humaton

3 years ago