libnfsidmap - get_conanical_hostname() call when using ldap
Wachdorf, Daniel R
drwachd at sandia.gov
Tue Jul 11 11:29:33 EDT 2006
The libnfsidmap uses a function get_canonical_hostname to translate the
hostname provided in the configuration file into a DNS canonical
hostname.
The comment in the code is:
/*
* TLS connections require that the hostname we specify matches
* the hostname in the certificate that the server uses.
* Get a canonical name for the host specified in the config file.
*/
Unfortunately, this code does not allow you to use SSL ldap hosts with a
cert name different then the canonical name. This is useful when using
multiple LDAP servers in a DNS round-robin with the same SSL certs and
separate canonical DNS names. Shouldn't the code just use the hostname
provided by the user in the config file. This would require the name to
be fully qualified.
-dan
--------------------------------------
Daniel Wachdorf
drwachd at sandia.gov
Sandia National Laboratories
Cyber Security Technologies
505-284-8060
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linux-nfs.org/pipermail/nfsv4/attachments/20060711/61759a84/attachment.html
More information about the NFSv4
mailing list