regarding TXT and SRV records

Buck Huppmann buckh at pobox.com
Fri Apr 25 11:42:39 EDT 2003 

On Thu, Apr 24, 2003 at 11:43:18PM -0700, peter duff wrote:
> Hi, 
> I've recently started with mit kerberos 5, and would love to get dns location of both the realm and the kdc, _and get rid of krb5.conf entirely_  
> 
> My problem is that I can't seem to get the necessary support compiled in the even get the krb5 client to do TXT record lookups, tcpdump doesnt show them coming from the client.  If I force the realm with default_realm, I can then get the client to emit SRV lookups for the kdc.
> 
> Some documents online have suggested removing the /etc/krb5.conf entirely.  This doesnt work, I get 
> 
> $ ls -l /etc/krb5.conf
> ls: /etc/krb5.conf: No such file or directory
> 
> $ sudo tcpdump port 53  &
> tcpdump: listening on eth0
> $ /usr/kerberos/bin/kinit
> kinit(v5): Can't open/find Kerberos configuration file while initializing Kerberos 5 library
> 
> Others stress the use of only:
> [libdefaults]
>  dns_lookup_realm = true
>  dns_lookup_kdc = true
> 
> this doesnt work either:  :(
> $ sudo tcpdump port 53  &
> tcpdump: listening on eth0
> 
> $ /usr/kerberos/bin/kinit
> kinit(v5): Configuration file does not specify default realm when parsing name duff

this message leads me to infer (admittedly probably incorrectly) that
your machine's `hostname` isn't fully qualified, which may be giving
the KRB5_DNS_LOOKUP code trouble. if you can, try doing
	# hostname duff.fully.qualified.dn
at least temporarily and see if it can figure things out. if it can,
then maybe you can clue it into the FQDN for your unqualified hostname
by changing your /etc/hosts (if nsswitch or whatever says to consult it
first) so that the FQDN is the first entry on the line that also con-
tains your unqualified hostname

--buck

> 
> Strangely, if I already have any tickets in this realm, I get: 
> kinit(v5): Cannot find KDC for requested realm while getting initial credentials
> 
> Something else posted here led me to try, -DKRB5_DNS_LOOKUP, (which doesnt seems to be triggered by the similar sounding autoconf option  --enable-dns-for-realm)   I have tried both of these, and neither seems to change any of the above errors
> that I am seeing.
> 
> Is there a definitive guide on getting this to work ?  Any suggestions?
> 
> I am using the krb5-1.2.7-latest srpm from redhat which is, I believe, the same thing as 1.2.8.
> 
> Thanks and Regards,
> 
> Peter
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list