kinit ignores kdc in config file on Mac 10.5

Tom Yu tlyu at MIT.EDU
Thu Nov 13 11:22:29 EST 2008


petesea at bigfoot.com writes:

> I have a user with a Mac 10.5 system and it SEEMS like kinit is ignoring 
> the kdc entries in the config file.  Instead it APPEARS to do a DNS query 
> for the realm and then uses the A records returned and sends the kerberos 

Does it look up the A record for the realm name, instead of looking up
the SRV record for the realm name?

> request packets to them.  The result is kinit takes a while and eventually 
> fails with:
>
>    Kerberos Login Failed: Cannot contact any KDC for requested realm
>
> I'm quite sure it's reading the config file because I've run kinit via 
> dtruss and see it opening the config file and reading it.
>
> I've tried disabling dns lookups in the config file, by setting both 
> dns_lookup_kdc and dns_lookup_realm to false, but that doesn't make a 
> difference.
>
> There are many other Mac 10.5 users that work fine using exactly the same 
> config file, so it must be some setting on this particular Mac, but I'm 
> out of ideas where to look.

Which config files are you changing?  There are several that could
affect the result.



More information about the Kerberos mailing list