[Dovecot] Hostname passed to PAM as rhost
Jethro R Binks
jethro.binks at strath.ac.uk
Mon Sep 26 23:01:52 EEST 2005
On Mon, 26 Sep 2005, John Peacock wrote:
> Actually, this level of paranoia is not useful, since it will fail to
> correctly operate in the very real case of co-hosted boxes. There can
> only be (in practice) a single mapping from IP => hostname (via
> in-addr.arpa), but there can be virtually limitless hostname => IP maps.
Technically that is incorrect. See RFC 2181 10.2, which explicitly
states:
"Confusion about canonical names has lead to a belief that a PTR
record should have exactly one RR in its RRSet. This is incorrect,
the relevant section of RFC1034 (section 3.6.2) indicates that the
value of a PTR record should be a canonical name. That is, it should
not be an alias. There is no implication in that section that only
one PTR record is permitted for a name. No such restriction should
be inferred."
Apparently older implementations of gethostbyaddr() didn't like this, but
that isn't the case in modern implementations.
However, your comments are probably correct in practice because those
implementing multiple hostnames -> single IP rarely put in the
corresponding multiple PTR records from the in-addr.arpa entry back to
each of the hostnames.
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services
University Of Strathclyde, Glasgow, UK
More information about the dovecot
mailing list