regarding TXT and SRV records

peter duff duffpl-spam at
Fri Apr 25 02:43:18 EDT 2003

I've recently started with mit kerberos 5, and would love to get dns location of both the realm and the kdc, _and get rid of krb5.conf entirely_  

My problem is that I can't seem to get the necessary support compiled in the even get the krb5 client to do TXT record lookups, tcpdump doesnt show them coming from the client.  If I force the realm with default_realm, I can then get the client to emit SRV lookups for the kdc.

Some documents online have suggested removing the /etc/krb5.conf entirely.  This doesnt work, I get 

$ ls -l /etc/krb5.conf
ls: /etc/krb5.conf: No such file or directory

$ sudo tcpdump port 53  &
tcpdump: listening on eth0
$ /usr/kerberos/bin/kinit
kinit(v5): Can't open/find Kerberos configuration file while initializing Kerberos 5 library

Others stress the use of only:
 dns_lookup_realm = true
 dns_lookup_kdc = true

this doesnt work either:  :(
$ sudo tcpdump port 53  &
tcpdump: listening on eth0

$ /usr/kerberos/bin/kinit
kinit(v5): Configuration file does not specify default realm when parsing name duff

Strangely, if I already have any tickets in this realm, I get: 
kinit(v5): Cannot find KDC for requested realm while getting initial credentials

Something else posted here led me to try, -DKRB5_DNS_LOOKUP, (which doesnt seems to be triggered by the similar sounding autoconf option  --enable-dns-for-realm)   I have tried both of these, and neither seems to change any of the above errors
that I am seeing.

Is there a definitive guide on getting this to work ?  Any suggestions?

I am using the krb5-1.2.7-latest srpm from redhat which is, I believe, the same thing as 1.2.8.

Thanks and Regards,


More information about the Kerberos mailing list