Hi Petter, On Thu, Jul 04, 2013 at 08:34:22PM +0200, Petter Reinholdtsen wrote: > [Guido Günther] > > But where does the .intern come from? It needs to be appended somewhere > > and I assume that's missing with heimdal. > > > > Either there isn't a DNS domain or there is (assuming we're not talking > > about anything similar to mDNS .local)? > > As I said, it come from resolv.conf, where it is listed in 'search'. > The source for that info is DHCP.
Could you check if adding: domain intern works around your problem? We'd know then if heimdal and MIT behave differently or if we do have to look for another issue. It'd also be good to see the DNS traffic when you try to acquire a TGT via krb5-auth-dialog or heimdal's kinit. The later could easily be done by copying the kinit to the diskless workstation's /tmp - the libs are already there due to krb5-auth-dialog. > > > See above. Why should it query _kerberos.intern. ? I assume that if > > you set the realm to INTERN in krb5.conf things start to work? > > > > This looks more like a heimdal vs mit issue. I'm happy to help here > > out either but we'd better create a bug against heimdal on this one. > > So you are saying MIT Kerberos is better at working without explicit > configuration? Good to know. :) I'm mostly trying to figure out if this is a heimdal vs. MIT issue or if krb5-auth-dialog is involved. I'm almost convinced it's the former but I'd like to be sure before bugging the hemdal maintainers ;) cheers, -- Guido > > -- > Happy hacking > Petter Reinholdtsen > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
