Turning off hostname canonicalisation
abartlet at samba.org
Fri Sep 9 19:50:27 EDT 2005
As part of our effort to get kerberos working really well in Samba4, I'm
interested to turn off hostname canonicalisation, because it isn't
required in AD realms, it doesn't make much sense anyway for netbios
names and DNS is so often broken on real networks.
Rather than just rip out the code (in our modified heimdal snapshot), I
was looking at instead using a krb5.conf config option, and hoped that I
might get some consensus as to how this should be done, between the two
projects that share the /etc/krb5.conf file (and have done so very well,
I get surprisingly little pain from this).
I'm thinking along the lines of:
hostname_canonicalise = no
This would prevent the krb5 libs doing hostname lookups to obtain a
For compatibility I assume it would be 'yes' by default, but Samba would
set it to no in the krb5_init_context routines.
Does this sound sane?
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050910/81ece51c/attachment.bin
More information about the krbdev