domain_realm, hostname to realm mapping, what programs/services is this necessary for?

Christian, Mark mark.christian at intel.com
Thu Dec 9 01:53:55 EST 2021


I primarily use Kerberos with ssh gssapi-with-mic authentications, samba, and apache.  I don't believe I need to populate the [domain_realm] section with hostname/domainname mappings to realms, even though the domainname for the hosts differs from the Kerberos realm; these Kerberized services still work.  Or am I mistaken?  default_realm  is defined under [libdefaults], and dns_lookup_realm and dns_lookup_kdc are set to false.  The krb5.conf man page mentions that this mapping is necessary for some programs or services.  I'm wondering which services require this mapping?

Mark



More information about the Kerberos mailing list