On Jun 29, 2006, at 17:21, Mike Friedman wrote: > Any ideas about this? Is there any way to force connection to a > specific > KDC other than using the 'KRB5_CONFIG' environment variable? (We > don't > use SRV records here, so that's not an option even if it would help in > this case).
When a krb5_context is created, the current setting for KRB5_CONFIG is lookup up and effectively cached. Actually, we open the listed files if they exist, and occasionally go back and check if the files we've read have changed; so if a file is listed in KRB5_CONFIG but doesn't exist, a context is created, and then the file is created, we won't look at it for use in that context. I don't know what the perl module is doing. If these KDCs are for two different realms, can you list both config files in KRB5_CONFIG? If you've got one realm name but two different databases and KDCs, well, it's going to hurt. :-) But in 1.5 (betas out already, release expected RSN) we have support for a plugin that tells the library where to find the KDC (or certain other services) for a realm; you might be able to do something with that. (The sample code for that plugin, not built or compiled normally, loads and runs a Python script. So maybe you can find a way to get it to play nice with your Perl script.) Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
