I'm not sure why the realms section is populated as it is anyway, but
some of the entries are no longer valid, says the Heimdal checker:
$ verify_krb5_conf /usr/share/kerberos-configs/krb5.conf.template
verify_krb5_conf: /libdefaults/krb4_config: unknown entry
verify_krb5_conf: /libdefaults/krb4_realms: unknown entry
verify_krb5_conf: /libdefaults/ccache_type: unknown entry
verify_krb5_conf: /libdefaults/proxiable: unknown entry
verify_krb5_conf: /realms/ATHENA.MIT.EDU/kdc: Name or service not known
(kerberos-3.mit.edu)
verify_krb5_conf: /realms/CYGNUS.COM/kdc: Name or service not known
(KERBEROS.CYGNUS.COM)
verify_krb5_conf: /realms/CYGNUS.COM/kdc: Name or service not known
(KERBEROS-1.CYGNUS.COM)
verify_krb5_conf: /realms/CYGNUS.COM/admin_server: Name or service not known
(KERBEROS.CYGNUS.COM)
verify_krb5_conf: /realms/GREY17.ORG/kdc: Name or service not known
(kerberos.grey17.org)
verify_krb5_conf: /realms/GREY17.ORG/admin_server: Name or service not known
(kerberos.grey17.org)
verify_krb5_conf: /login: unknown entry
Some sites don't publish SRV records and need a realm entry. (Stanford is
currently one of them, but I'm going to get that fixed.) However, we
certainly don't need to keep entries for sites that no longer exist.
I've removed CYGNUS.COM and GREY17.ORG, which both appear to be defunct,
or at least the hostnames in question no longer exist. I also removed
kerberos-3.mit.edu from the ATHENA.MIT.EDU entry since it's not in the SRV
record.
The libdefaults and login section that are reported above are either
MIT-specific or for other Kerberos software and should stay, I believe.
Thanks for the report!
--
Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
