Kerberos dev project for review: domain_realm mapping via KDC referral

Ken Raeburn raeburn at MIT.EDU
Mon Apr 28 21:25:37 EDT 2008

On Apr 28, 2008, at 20:34, Russ Allbery wrote:
> No, rather that just because the second component is,
> don't assume that we should do referrals without verifying that the  
> first
> part of the name is really in the host_based_services list.

Ah.  So if the local admins don't know about (and configure) a remote  
service, the user doesn't get referred without making some special  
effort (like populating domain_realm on the client)?  Even if NT-SRV- 
HST is used as the principal name type?


More information about the krbdev mailing list