DNS lookups and krb4 Support

Jeffrey Altman jaltman at columbia.edu
Mon Jun 2 14:20:02 EDT 2003

Sam Hartman wrote:

>Sorry.  I meant krb.conf for Windows and krb5.conf for Unix/Mac.


I am sorry, I do not understand what this clarification is supposed to mean.
We already check krb.con.

The logic is

    * if there is no krb.con file assume we use DNS
    * if there is a krb.con file, and the krb.con file does explicitly
      say "use DNS" we do not.
    * if we are no using DNS and there is no realm info we try

At present there is no option in krb.con that indicates "do not try 
Kerberos for this realm".  We could certainly add such an option, but it 
would only be for this release and we would need to support it in all 
releases going forward after the krb4 library merger.  I think at this 
point it is better to ignore the issue until after the krb4 merger and 
the new credential cache library is ready.

- Jeff

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/krbdev/attachments/20030602/d2c21bda/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3590 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20030602/d2c21bda/attachment.bin

More information about the krbdev mailing list