patch: KDC default referral feature
Greg Hudson
ghudson at MIT.EDU
Wed Jan 2 14:17:43 EST 2013
On 01/02/2013 12:56 PM, Richard Silverman wrote:
>> (I'm also not sure why you can't get almost all of the desired behavior
>> with the existing [domain_realm] referral support.)
> As I mentioned in the initial writeup, our host/realm mapping is not lined
> up with host domain names, and Unix clients normally find realms using
> _kerberos DNS TXT records for this reason [...]
I'm not suggesting you keep the complete map in the KDC configuration.
I'm suggesting that a single [domain_realm] entry for ".domain = AD"
would have basically the same effect as "default_referral_realm = AD".
More information about the krbdev
mailing list