[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
domain to realm mappings and DNS (probably a bug)
I'm a little confused by heimdal's behaviour regarding when to use DNS
get the correct realm name.
If I do kinit/kauth from a machine residing in the domain without
giving the realm, it gets it right (ie. does DNS lookups):
host.acc.umu.se:~ kauth yada
yada@ACC.UMU.SE's Password:
However, if I give it a realm it ignores the lookup and thus if I
don't match upper/lower characters correctly I'm lost:
host.acc.umu.se:~ kauth yada@acc.umu.se
yada@acc.umu.se's Password:
This gets especially annoying when you're on a host that's located
somewhere else (at home etc) since you have to get the upper/lower
casing right, especially with StudlyCaps.Realm.Names ...
This is on a host running heimdal 0.6.1 and no krb5.conf (ie. all
default behaviour).
Looking at the krb5.conf manpage and the relevant config option I find
this:
dns_lookup_realm = boolean
Use DNS TXT records to lookup domain to realm mappings.
Which seems to be TRUE as default.
I interpret this as it should always use DNS to do domain to realm
mapping, and not just do it when you don't give any realm to
kauth/kinit.
Or am I missing something fundamental here?
/Nikke
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Niklas Edmundsson, Admin @ {acc,hpc2n,ing}.umu.se | nikke@acc.umu.se
---------------------------------------------------------------------------
If your mind goes blank, remember to turn sound off.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=