>Number:         18404
>Category:       bin
>Synopsis:       /usr/bin/telnet fails to Kerberize to multi-address DNS name
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 24 12:09:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Ed Ravin
>Release:        1.5.4 ALPHA (20020917)
>Organization:
Public Access Networks Corp
>Environment:
1.5.4_ALPHA NetBSD 1.5.4_ALPHA (PANIX)#0: Thu Sep 19 21:43:26 EDT 2002  root@juggler.panix.com:/devel/NO-BACKUPS/release-1.5-20020917/src/sys/arch/i386/compile/PANIX-STAFF i386
>Description:
In an otherwise working Kerberos environment, "/usr/bin/telnet -ax host" will
fail if "host" turns out to be a DNS entry with more than one IP address.  MIT
telnet and C-Kermit with Kerberos support do not have this problem.

The error messages are:

$ telnet -ax shell
Trying 166.84.1.2...
Connected to shell.panix.com.
Escape character is '^]'.
[ Trying KERBEROS5 ... ]
Kerberos V5: mk_req failed (Server not found in Kerberos database)
[ Trying KERBEROS5 ... ]
Kerberos V5: mk_req failed (Server not found in Kerberos database)
[ Trying KERBEROS4 ... ]
mk_req failed: No ticket file (tf_util)
[ Trying KERBEROS4 ... ]
mk_req failed: No ticket file (tf_util)


>How-To-Repeat:
In a working Kerberos environment, set up a DNS record that expands
to multiple addresses:

$ host shell
shell.panix.com has address 166.84.1.3
shell.panix.com has address 166.84.1.1
shell.panix.com has address 166.84.1.2

then "telnet -ax shell" as shown above.

>Fix:
Workaround is to specify a DNS name that does not expand to multiple addresses,
or to specify the IP address, i.e. "telnet -ax 166.84.1.3" in the example above.
>Release-Note:
>Audit-Trail:
>Unformatted: