As part of our effort to get kerberos working really well in Samba4, I'm interested to turn off hostname canonicalisation, because it isn't required in AD realms, it doesn't make much sense anyway for netbios names and DNS is so often broken on real networks. Rather than just rip out the code (in our modified heimdal snapshot), I was looking at instead using a krb5.conf config option, and hoped that I might get some consensus as to how this should be done, between the two projects that share the /etc/krb5.conf file (and have done so very well, I get surprisingly little pain from this). I'm thinking along the lines of: [libdefaults] hostname_canonicalise = no This would prevent the krb5 libs doing hostname lookups to obtain a fully-qualified hostname. For compatibility I assume it would be 'yes' by default, but Samba would set it to no in the krb5_init_context routines. Does this sound sane? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part