DNS lookups and krb4 Support
Jeffrey Altman
jaltman at columbia.edu
Mon Jun 2 14:20:02 EDT 2003
Sam Hartman wrote:
>Sorry. I meant krb.conf for Windows and krb5.conf for Unix/Mac.
>
Sam:
I am sorry, I do not understand what this clarification is supposed to mean.
We already check krb.con.
The logic is
* if there is no krb.con file assume we use DNS
* if there is a krb.con file, and the krb.con file does explicitly
say "use DNS" we do not.
* if we are no using DNS and there is no realm info we try
"kerberos.REALM"
At present there is no option in krb.con that indicates "do not try
Kerberos for this realm". We could certainly add such an option, but it
would only be for this release and we would need to support it in all
releases going forward after the krb4 library merger. I think at this
point it is better to ignore the issue until after the krb4 merger and
the new credential cache library is ready.
- Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/krbdev/attachments/20030602/d2c21bda/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3590 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20030602/d2c21bda/attachment.bin
More information about the krbdev
mailing list