Spurious tickets when using DNS realm configuration
david at crossfamilyweb.com
Wed Jul 24 02:13:14 EDT 2019
I have noticed that when using DNS realm configuration (URI and TXT) records I have spurious kdc requests and ccache entries.
Specifically if I auth as user at REALM and klist I see my tgt as expected. If i then ssh to a host and klist I get 2 tickets:
host/foo at REALM
Additionally on the kdc i see that it additionally requests the tgt again. Reading get_creds.c I think I kind of see what is going on here, it is getting the ‘fallback’ realm (line 124). However i am not fully following the control logic here and certainly not seeing how dns based (mis)configuration is interacting here)
This does work, I’d just like to get rid of the cruft and understand what isn’t right with DNS based configuration.
More information about the krbdev