Logic behind lib/krb5/os/k5_sendto()
Greg Hudson
ghudson at mit.edu
Thu Apr 18 17:48:05 EDT 2019
On 4/18/19 5:08 PM, Дилян Палаузов wrote:
> Does krb5kdc return KDC_ERR_WRONG_REALM?
The MIT KDC only returns KDC_ERR_WRONG_REALM if it looks up the client
principal and gets a realm referral from the database. This typically
requires a third-party database module like Samba or FreeIPA.
> Does canonicalizaiton only work if the host where kinit is called has the right dns-domain (so no canonicalization
> happens, if host ab.cd.ef.gh calls “kinit ij at example.org”?
The client hostname doesn't normally have an impact on AS requests.
> Does the cache also store error answers, like answers about non existing users and answers about NON-LOCAL realms?
Yes; it just maps request packets to reply packets, so any kind of reply
packet is cached.
More information about the krbdev
mailing list