domain_realm, hostname to realm mapping, what programs/services is this necessary for?
Christian, Mark
mark.christian at intel.com
Thu Dec 9 01:53:55 EST 2021
I primarily use Kerberos with ssh gssapi-with-mic authentications, samba, and apache. I don't believe I need to populate the [domain_realm] section with hostname/domainname mappings to realms, even though the domainname for the hosts differs from the Kerberos realm; these Kerberized services still work. Or am I mistaken? default_realm is defined under [libdefaults], and dns_lookup_realm and dns_lookup_kdc are set to false. The krb5.conf man page mentions that this mapping is necessary for some programs or services. I'm wondering which services require this mapping?
Mark
More information about the Kerberos
mailing list