-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/06/10 18:07, Sam Hartman wrote: > I'll admit I'd rather fix libkadm5clnt to go look in DNS itself. > Meanwhile, though I'd be happy doing this is krb5-config provided that > we find some reasonably authorative source that _kerberos-adm is the > label people actually use in DNS for this.
Since DNS is not protected by Kerberos, there might be some security concerns against looking up the admin host via DNS. Maybe a one-time dialog at install time to add the admin host to /etc/krb5.conf is a less risky option? Regards Harri -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAku7ZIoACgkQUTlbRTxpHjePuQCeKrbYzF4tiXESe3ytleemH6kl KtIAn3NKLcLcITzSI2m6vUBQULf+cneo =ai6D -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
