You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Changes introduced in Go version 1.20 has made the net.LookupCNAME function unreliable or, at least, inconsistent from previous versions of Go on Unix systems.
Issue:
I have confirmed, first hand, this breaks existing applications using gokrb5 when DNS responds with multiple CNAMEs. As noted here: golang/go#50101 (comment)
The behavior is inconsistent, sometimes the correct canonical name is returned and everything functions normally. When the incorrect name is returned a KRB Error: (7) KDC_ERR_S_PRINCIPAL_UNKNOWN Server not found in Kerberos database - UNKNOWN_SERVER will occur when initiating outbound security context. https://github.com/jcmturner/gokrb5/blob/v8.4.4/spnego/http.go#L181
Workaround:
For now, compile using a Go version prior to 1.20
This is mostly PSA.
Changes introduced in Go version 1.20 has made the net.LookupCNAME function unreliable or, at least, inconsistent from previous versions of Go on Unix systems.
Example:
https://github.com/jcmturner/gokrb5/blob/v8.4.4/spnego/http.go#L165
Change:
https://go-review.googlesource.com/c/go/+/446179
Issue:
I have confirmed, first hand, this breaks existing applications using gokrb5 when DNS responds with multiple CNAMEs. As noted here: golang/go#50101 (comment)
The behavior is inconsistent, sometimes the correct canonical name is returned and everything functions normally. When the incorrect name is returned a KRB Error: (7) KDC_ERR_S_PRINCIPAL_UNKNOWN Server not found in Kerberos database - UNKNOWN_SERVER will occur when initiating outbound security context.
https://github.com/jcmturner/gokrb5/blob/v8.4.4/spnego/http.go#L181
Workaround:
For now, compile using a Go version prior to 1.20
Additional Resources:
golang/go#59943
golang/go#50101
The text was updated successfully, but these errors were encountered: