gssd keytab resolution

Doug Nazar <nazard@xxxxxxxx> · Mon, 29 Jun 2020 10:57:31 -0400

While playing around I noticed this pattern occasionally.

I was wondering if 'srchost=*' should be treated as NULL (use 
gethostname) or to just skip the loop where we call krb5_kt_get_entry() 
since that won't match with an asterisk.

Thanks,
Doug

handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,23,3,1,2' (nfs/clnt4a0)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential_internal: hostname=pixie.dragoninc.ca ple=(nil) service=(null) srchost=*
Full hostname for 'pixie.dragoninc.ca' is 'pixie.dragoninc.ca'
No key table entry found for *$@DRAGONINC.CA while getting keytab entry for '*$@DRAGONINC.CA'
No key table entry found for *$@DRAGONINC.CA while getting keytab entry for '*$@DRAGONINC.CA'
No key table entry found for root/*@DRAGONINC.CA while getting keytab entry for 'root/*@DRAGONINC.CA'
No key table entry found for nfs/*@DRAGONINC.CA while getting keytab entry for 'nfs/*@DRAGONINC.CA'
No key table entry found for host/*@DRAGONINC.CA while getting keytab entry for 'host/*@DRAGONINC.CA'
Scanning keytab for root/*@DRAGONINC.CA
Processing keytab entry for principal 'host/wraith.dragoninc.ca@xxxxxxxxxxxx'
We will NOT use this entry (host/wraith.dragoninc.ca@xxxxxxxxxxxx)
Processing keytab entry for principal 'host/wraith.dragoninc.ca@xxxxxxxxxxxx'
We will NOT use this entry (host/wraith.dragoninc.ca@xxxxxxxxxxxx)
Processing keytab entry for principal 'nfs/wraith.dragoninc.ca@xxxxxxxxxxxx'
We will NOT use this entry (nfs/wraith.dragoninc.ca@xxxxxxxxxxxx)
Processing keytab entry for principal 'nfs/wraith.dragoninc.ca@xxxxxxxxxxxx'
We will NOT use this entry (nfs/wraith.dragoninc.ca@xxxxxxxxxxxx)
Scanning keytab for nfs/*@DRAGONINC.CA
Processing keytab entry for principal 'host/wraith.dragoninc.ca@xxxxxxxxxxxx'
We will NOT use this entry (host/wraith.dragoninc.ca@xxxxxxxxxxxx)
Processing keytab entry for principal 'host/wraith.dragoninc.ca@xxxxxxxxxxxx'
We will NOT use this entry (host/wraith.dragoninc.ca@xxxxxxxxxxxx)
Processing keytab entry for principal 'nfs/wraith.dragoninc.ca@xxxxxxxxxxxx'
We WILL use this entry (nfs/wraith.dragoninc.ca@xxxxxxxxxxxx)
Success getting keytab entry for nfs/*@DRAGONINC.CA