Authenticating using lower case domain/realm
Ken Raeburn
raeburn at MIT.EDU
Mon Mar 9 13:53:39 EDT 2009
On Mar 9, 2009, at 12:23, Santos wrote:
> BTW, dns_lookup_realm doesn't seen to work. It could help my case, if
> kerberos queried the NS for TXT records in which i could specify the
> realm
> in upper case.
>
> I sniffed the DNS queries but no TXT queries. Any idea why?
The TXT records are used for mapping host names to realm names, and
are only looked up if the domain_realm section of the config file
doesn't list the host or domain name. If you supply a realm name on
the command line (or wherever), then TXT records won't be looked up at
all.
(In particular, we don't use TXT records to map the realm name to
itself and figure out the capitalization, if that's what you were
expecting. It might be a heuristic to try, but it's certainly
possible for there to be a host with a name matching a realm, and for
that host to be in a different realm, or for there to be a wildcard
record pointing to another realm....)
Ken
More information about the Kerberos
mailing list