Hi Petter, On Fri, Jul 05, 2013 at 01:52:07PM +0200, Petter Reinholdtsen wrote: > [Guido Günther] > > I think we're getting closer. Did you try the > > > > dns_lookup_kdc > > dns_fallback > > > > parameters? > > The former is already set to true (along side dns_lookup_realm), and > the latter isn't. But according to > <URL: > http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/libdefaults.html > >, > dns_fallback have no effect if both dns_lookup_realm and > dns_lookup_kdc is set. I tried to add 'dns_fallback = true' in the > libdefault section, but it dod not have any effect.
O.k. - the last thing to do then would be to reproduce this with heimdal's kinit. Could you scp this onto the box and try if behaves like krb5-auth-dialog [1]? If it behaves the same I'll have a look into heimdal's implementation. Cheers, -- Guido Also note that krb5-auth-dialog currently needs to be restarted after making changes to e.g. krb5.conf since it creates the whole context during application startup and not dynamically -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
