regression due to referral realm
Nicolas Williams
Nicolas.Williams at sun.com
Wed Feb 11 12:02:54 EST 2009
On Wed, Feb 04, 2009 at 01:46:52PM -0500, Sam Hartman wrote:
> What is the right fix here? Do we want to substitute in the default
> realm, or do we want to substitute in the realm of the local host
> (I.E. getrealmofhost(gethostname())?
Incidentally, I asked Mark why we couldn't use host-2-realm, and the
answer's just too obvious: because we are using the principal in
question as the client principal in an AS-REQ, which means we need a
keytab entry before any referrals/canonicalization could happen, which
means we need to pick a keytab entry without knowing the host's realm.
Nico
--
More information about the krbdev
mailing list