Can ipropd-master service not do reverse DNS lookups?

Adam Lewenberg adamhl at stanford.edu
Fri Apr 7 21:31:38 CEST 2017


I am trying to set up iprop replication for a slave KDC running on a 
container in an EC2 instance in Amazon Web Services (AWS). We are 
running Heimdal 1.5.2.

When the slave ipropd-slave connects to the master, it looks like the 
master is doing a reverse DNS lookup on the slave's IP address and 
getting one of those long Amazon addresses (e.g., 
ec2-52-45-91-42.us-west-2.compute.amazonaws.com). It then looks for the 
principal "iprop/ec2-52-45-91-42.us-west-2.compute.amazonaws.com" in its 
database.

We could just make the iprop principal the slave uses be 
"iprop/ec2-52-45-91-42.us-west-2.compute.amazonaws.com" but the problem 
with this is that the EC2 instance our slave runs on can change its IP 
address at any time due to rebuilding or redeploying.

Is there anyway to get ipropd-master NOT to do this reverse DNS lookup 
and just accept the principal name as sent by the slave? For example, I 
would like to create a principal "iprop/testing123" and use that instead 
of one based on a hostname. (We would still require that whatever 
principal was sent by the slave would need to be listed in the 
/var/heimdal/slaves file.)

Thanks, Adam Lewenberg



More information about the Heimdal-discuss mailing list