another (different) KDC name resolution question
Abe Singer
abe at ligo.caltech.edu
Mon Feb 22 17:27:39 EST 2010
That *was* with dns_lookup_kdc and dns_lookup_realm turned off.
The server still has to resolve the hostnames listed in krb5.conf,
even with the DNS options turned off. And it appears to lookup
all of them before contact any KDCs.
I already know of workarounds, but I'm trying to understand whether what
I'm seeing is actually a big. One workaround is putting A records all in one
domain that have the IP addresses of the hosts, even though they actually
live somewhere else. It works, but should I *have* to do that?
On Mon, Feb 22, 2010 at 05:12:42PM -0500, Andy Cobaugh wrote:
>
>
> Try turning off dns_lookup_* in krb5.conf ? Then the client *should* try
> kdcs in the order they're listed in krb5.conf.
More information about the Kerberos
mailing list