On Fri, Jul 05, 2013 at 01:52:07PM +0200, Petter Reinholdtsen wrote: > [Guido Günther] > > I think we're getting closer. Did you try the > > > > dns_lookup_kdc > > dns_fallback > > > > parameters? > > The former is already set to true (along side dns_lookup_realm), and > the latter isn't. But according to > <URL: > http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/libdefaults.html > >, > dns_fallback have no effect if both dns_lookup_realm and > dns_lookup_kdc is set. I tried to add 'dns_fallback = true' in the > libdefault section, but it dod not have any effect.
Here's what I found. Setting: dns_lookup_kdc = yes dns_lookup_realm = yes dns_fallback = yes on a host with # hostname foo # hostname --fqdn foo.example.com and no domain or search entries in resolv.conf I get: $ kinit me 2013-07-05T16:07:09 error message: Did not find a plugin for ccache_ops: 2 2013-07-05T16:07:09 error message: unable to find realm of host foo: -1765328167 kinit: krb5_parse_name: unable to find realm of host foo Setting the hostname to the fqdn then works. Even adding domain example.com search example.com to resolv.conf doesn't change anything. That's with 1.6~git20120403+dfsg1-2. So it seems to me the problem is within heimdal itself. Cheers, -- Guido > > -- > Happy hacking > Petter Reinholdtsen > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
