On Nov 30, 2004, at 7:22 PM, Henry B. Hotz wrote:
I just went back to a known-good krb5.conf from Jaguar; stripped out all the extraneous realm definitions; added the dns_fallback = no line; and retested. I can now get kerberos 4 tickets on Panther from an AFS kaserver. Obviously I missed something.
I will note that the code *still* does a dns lookup.
15:43:30.892937 IP dhcp-149-196-226.jpl.nasa.gov.60962 > ns2.jpl.nasa.gov.domain: 37782+ SRV? _kerberos-iv._udp.JPL.NASA.GOV. (48)
I suppose it works because there is no Kerb 4 service record for Active Directory. I've had no end of testing trouble with AD hijacking my attempts to use test servers with the real domain/REALM names.
Is there another fallback option that applies to Kerb 4? Can I put that option into a realm definition so I still do lookups for non-JPL realms?
No, sorry, this is a known bug. There is no way to turn off krb4 dns requests at runtime.
However, this should not be a problem for your configuration since you want to get v4 tickets -- it's normally only a problem if you are trying to get only v5 tickets for a realm that has SRV records for both v4 and v5.
--lxs ----------------------------------------------------------------------- Alexandra Ellwood <[EMAIL PROTECTED]> Kerberos Development Team MIT Information Services & Technology <http://mit.edu/lxs/www> -----------------------------------------------------------------------
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
