Kerberos dev project for review: domain_realm mapping via KDC referral
Ken Raeburn
raeburn at MIT.EDU
Mon Apr 28 21:25:37 EDT 2008
On Apr 28, 2008, at 20:34, Russ Allbery wrote:
> No, rather that just because the second component is foo.example.com,
> don't assume that we should do referrals without verifying that the
> first
> part of the name is really in the host_based_services list.
Ah. So if the local admins don't know about (and configure) a remote
service, the user doesn't get referred without making some special
effort (like populating domain_realm on the client)? Even if NT-SRV-
HST is used as the principal name type?
Ken
More information about the krbdev
mailing list