KRB5_REALM_UNKNOWN errors with GSS Negotiate on Vista
David Rosenstrauch
darose at darose.net
Wed Jun 4 20:37:27 EDT 2008
I'm experiencing "Cannot find KDC for requested realm"
(KRB5_REALM_UNKNOWN) errors when running our code on Windows Vista. But
on XP the exact same executables work fine. Very strange. What's even
stranger is that this code used to work fine on the Vista box too until
we had to reinstall the OS. Details as follows:
Our code uses libcurl for http requests. We've built libcurl with
support for GSSAPI/SPNEGO, using the appropriate libraries, including
MIT Kerberos (i.e., gssapi32.dll, etc.). All was working well - code
ran fine on both Vista and XP.
... until about a week ago, when problems on the Vista box forced us to
reinstall the OS. Now libcurl is tossing up "Cannot find KDC for
requested realm" messages from krb5 whenever we access an
SPNEGO-protected site.
I'm at a bit of a loss to understand what the error even is here. IIUC,
KRB5_REALM_UNKNOWN errors mean that krb5 was not able to locate the KDC
via SRV DNS records. But I don't understand how that could be the case.
I've verified that the records are there. Plus the XP box (which is
part of the same domain) obviously looks them up just fine. So I'm
wondering what's unique about Vista - or perhaps this particular Vista
box - that would prevent krb5 from finding it? (And similarly, what
might have changed on the Vista box since the OS re-install that broke
it?) Google turned up a whole lot of nothing.
Help appreciated - I'm stumped!
TIA,
DR
More information about the kfwdev
mailing list