On Mar 9, 2009, at 12:23, Santos wrote: > BTW, dns_lookup_realm doesn't seen to work. It could help my case, if > kerberos queried the NS for TXT records in which i could specify the > realm > in upper case. > > I sniffed the DNS queries but no TXT queries. Any idea why?
The TXT records are used for mapping host names to realm names, and are only looked up if the domain_realm section of the config file doesn't list the host or domain name. If you supply a realm name on the command line (or wherever), then TXT records won't be looked up at all. (In particular, we don't use TXT records to map the realm name to itself and figure out the capitalization, if that's what you were expecting. It might be a heuristic to try, but it's certainly possible for there to be a host with a name matching a realm, and for that host to be in a different realm, or for there to be a wildcard record pointing to another realm....) Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
