I will note that the code *still* does a dns lookup.
15:43:30.892937 IP dhcp-149-196-226.jpl.nasa.gov.60962 > ns2.jpl.nasa.gov.domain: 37782+ SRV? _kerberos-iv._udp.JPL.NASA.GOV. (48)
I suppose it works because there is no Kerb 4 service record for Active Directory. I've had no end of testing trouble with AD hijacking my attempts to use test servers with the real domain/REALM names.
Is there another fallback option that applies to Kerb 4? Can I put that option into a realm definition so I still do lookups for non-JPL realms?
I really don't want to bother you folks too much about Kerberos 4. Sorry. Kerb 4 should die. It's just that there's this little project here that won't let me deploy Kerb 5 until after they land their probe on Titan in January.
On Nov 30, 2004, at 8:24 AM, Alexandra Ellwood wrote:
------------------------------------------------------------------------ ----On Nov 30, 2004, at 4:25 AM, Henry B. Hotz wrote:
Except for the environment variable thing that's exactly what I did. (I put the file in /Library/Preferences/edu.mit.Kerberos.)
I didn't do it myself, but someone else was able to use a close relative of my krb5.conf file with RHEL 3. The kinit command *required* the -4 option even though the JPL realm was defined to be K4 only.
That should not be necessary on OS X. KfM should notice that you don't have a v5 config and only get you v4 tickets. Is that what you are seeing?
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
[EMAIL PROTECTED], or [EMAIL PROTECTED]
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos