Null realms and servers
Nicolas Williams
Nicolas.Williams at sun.com
Fri Dec 15 18:58:54 EST 2006
On Fri, Dec 15, 2006 at 06:51:35PM -0500, Jeffrey Altman wrote:
> I believe that matching against the default realm is the correct
> change for this case.
It is not.
Just a few days ago I discussed with Sam an alternative fallback
host2realm resolution that Solaris will likely soon sport:
If there are no domain_realm relations (by default there are none)
and use of DNS for host2realm resolution is off (by default it is),
then:
while (the hostname has more than two domain labels) {
strip off the leading label;
if (find KDC for the realm that corresponds to the
remaining domainname)
return (realm that corresponds to the remaining dname);
}
if (there is a default realm)
return (default realm);
return (host2realm(of local host's FQDN));
Nico
--
More information about the krbdev
mailing list