[krbdev.mit.edu #6346] domain_realm docs need update for referrals
Russ Allbery <rra@stanford.edu> via RT
rt-comment at krbdev.mit.edu
Fri Jan 23 20:42:32 EST 2009
This is Debian bug http://bugs.debian.org/482681
The documentation for domain_realm mappings needs an update for referral
support. The following stanza in admin.texinfo:
| If no translation entry applies, the host's realm is considered to be
| the hostname's domain portion converted to upper case.
is no longer entirely correct.
According to Sam's comments in the Debian bug:
First, the realm of a host if no domain_realm entry is found is no
longer the uppercase DNS name of the host. Instead it is a special
realm that means no realm is available. Most of the code actually
treats this vale to mean that the uppercase DNS name should be used.
Keytabs however don't. In the keytab case we use the default realm.
I think the documentation may also need to mention what happens when the
local KDC does support referrals.
More information about the krb5-bugs
mailing list