[krbdev.mit.edu #9134] dns_lookup_realm not documented

Fri Aug 2 10:04:54 EDT 2024

<URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9134 >

Perhaps I should have included the page I was looking at where is missing

https://web-cert.mit.edu/kerberos/krb5-1.21/doc/admin/conf_files/krb5_conf.html

There is [libdefaults] section on that page that describes each "relation" like default_realm dns_lookup_kdc
However, dns_lookup_realm is not listed under [libdefaults] section.

It is only mentioned in the [plugins] section:
dns
This module looks for DNS records for fallback host-to-realm mappings and the default realm. It only operates if the dns_lookup_realm variable is set to true.

So I need to understand what dns_lookup_realm does when its set to true or false.

Thanks

Restricted - External
-----Original Message-----
From: Greg Hudson via RT <rt at kerborg-prod-app-1.mit.edu>
Sent: Thursday, 1 August 2024 23:22
To: Dubinsky, Dmitry : GTIS <dmitry.dubinsky at barclays.com>
Subject: [krbdev.mit.edu #9134] dns_lookup_realm not documented

 CAUTION:  This email originated from outside our organization - www-data at krbdev.mit.edu  Do not click on links, open attachments, or respond unless you recognize the sender and can validate the content is safe.

______________________________________________________________________
Is there any specific information you were hoping to find documented in the relation description?  So far I have come up with the laconic "Indicate whether DNS TXT records should be used to map hostnames to realm names.  The default value is false."

I don't want to get into the precise TXT lookups there, as we have those in realm_config.html along with the details for SRV and URI records.

This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments.

Internet communications are not guaranteed to be secure or virus-free. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this e-mail may be monitored by the Barclays Group for operational or business reasons.

Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group.

Barclays Bank PLC. Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. 

Barclays Bank PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register No. 122702).