kinit ignores kdc in config file on Mac 10.5
Tom Yu
tlyu at MIT.EDU
Thu Nov 13 11:22:29 EST 2008
petesea at bigfoot.com writes:
> I have a user with a Mac 10.5 system and it SEEMS like kinit is ignoring
> the kdc entries in the config file. Instead it APPEARS to do a DNS query
> for the realm and then uses the A records returned and sends the kerberos
Does it look up the A record for the realm name, instead of looking up
the SRV record for the realm name?
> request packets to them. The result is kinit takes a while and eventually
> fails with:
>
> Kerberos Login Failed: Cannot contact any KDC for requested realm
>
> I'm quite sure it's reading the config file because I've run kinit via
> dtruss and see it opening the config file and reading it.
>
> I've tried disabling dns lookups in the config file, by setting both
> dns_lookup_kdc and dns_lookup_realm to false, but that doesn't make a
> difference.
>
> There are many other Mac 10.5 users that work fine using exactly the same
> config file, so it must be some setting on this particular Mac, but I'm
> out of ideas where to look.
Which config files are you changing? There are several that could
affect the result.
More information about the Kerberos
mailing list