>It *looks* like, in order to check basically fakes this out with a >krb5.conf that only includes a single KDC (the one being tested). > >Is that really the best way to go about it? > >Can neither mit kinit nor the heimdal one supplied with BSD systems by >default, not just be forced to a single KDC?
You are correct; there's no easier way to go about it. At least for MIT Kerberos you could write a "locate" plugin that provided some way of specifying server locations. That would probably be worse than just writing out a custom krb5.conf. As a practical matter I could see it being challenging to design a good API to do that and it would probably have limited use. I feel your pain because there are a number of times when I specifically contact a single KDC for testing/development purposes and I also just edit krb5.conf. FWIW, there are many times when I want to do some testing and send a TGS-REQ to a particular KDC and that would involve not just having a modified kinit, so I think the problem is more complex than it appears. --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
