On 4/26/2015 8:30 PM, Benjamin Kaduk wrote: > On Sun, 26 Apr 2015, Turbo Fredriksson wrote: > >> On Apr 26, 2015, at 4:53 PM, Turbo Fredriksson wrote: >> >>>>> dns_lookup_kdc = false >>>>> dns_lookup_realm = false >>>> >>>> DNS lookups are disabled. >>> >>> Yes. On purpose (this time! :). That's why I need to specify >>> it in the file (further down). >> >> >> Well, adding TXT and SRV records to DNSMasq (forgot it could >> do that), it worked. Although, I never changed krb5.conf! >> >> But that reminded me that I saw it opening >> /var/db/openafs/etc/krb5-weak.conf. >> Adding the relevant bits there (as well), did SOMETHING. It hung >> for a very long time in "Getting tickets: . . ." but eventually >> gave me the 'usual' error. > > Hmm, now that we have rxkad-kdf, it seems like we should consider dropping > krb5-weak.conf. I think I've seen it cause confusion in at least one > other place, recently. > > -Ben
Its still required for cells that haven't upgraded their keys. Unfortunately there are still far too many of them. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
