[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

domain to realm mappings and DNS (probably a bug)

I'm a little confused by heimdal's behaviour regarding when to use DNS
get the correct realm name.

If I do kinit/kauth from a machine residing in the domain without
giving the realm, it gets it right (ie. does DNS lookups):
host.acc.umu.se:~ kauth yada
yada@ACC.UMU.SE's Password:

However, if I give it a realm it ignores the lookup and thus if I
don't match upper/lower characters correctly I'm lost:
host.acc.umu.se:~ kauth yada@acc.umu.se
yada@acc.umu.se's Password:

This gets especially annoying when you're on a host that's located
somewhere else (at home etc) since you have to get the upper/lower
casing right, especially with StudlyCaps.Realm.Names ...

This is on a host running heimdal 0.6.1 and no krb5.conf (ie. all
default behaviour).

Looking at the krb5.conf manpage and the relevant config option I find

dns_lookup_realm = boolean
     Use DNS TXT records to lookup domain to realm mappings.

Which seems to be TRUE as default.

I interpret this as it should always use DNS to do domain to realm
mapping, and not just do it when you don't give any realm to

Or am I missing something fundamental here?

 Niklas Edmundsson, Admin @ {acc,hpc2n,ing}.umu.se    |   nikke@acc.umu.se
 If your mind goes blank, remember to turn sound off.