[Guido Günther] > Hi Petter, Hi.
> Could you check if adding: > > domain intern > > works around your problem? We'd know then if heimdal and MIT behave > differently or if we do have to look for another issue. It is already present. The resolv.conf file look like this: domain intern search intern nameserver 10.0.2.2 > It'd also be good to see the DNS traffic when you try to acquire a > TGT via krb5-auth-dialog or heimdal's kinit. The later could easily > be done by copying the kinit to the diskless workstation's /tmp - > the libs are already there due to krb5-auth-dialog. Hm, there seem to be some caching going on that make it hard to tell, but here is my best guess based on several runs. It seem to look for TXT entry for _kerberos.$hostmame (as in _kerberos.ltsp4115), and then _kerberos.intern, giving it the REALM. But it do not try any lookups to find the Kerberos server (as in SRV records in _kerberos._tcp.intern). And it show a popup stating that it can't reach the kerberos server when I enter the password. > I'm mostly trying to figure out if this is a heimdal vs. MIT issue > or if krb5-auth-dialog is involved. I'm almost convinced it's the > former but I'd like to be sure before bugging the hemdal maintainers > ;) cheers, I hope this help. :) -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
