[30442] in Kerberos
Re: kinit ignores kdc in config file on Mac 10.5
daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Nov 13 11:23:15 2008
To: petesea@bigfoot.com
From: Tom Yu <tlyu@MIT.EDU>
Date: Thu, 13 Nov 2008 11:22:29 -0500
In-Reply-To: <alpine.OSX.1.10.0811062324450.11904@zippy-air>
(petesea@bigfoot.com's message of "Thu,
06 Nov 2008 23:46:25 -0800 (PST)")
Message-ID: <ldvy6zntx2y.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: kerberos@MIT.EDU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
petesea@bigfoot.com writes:
> I have a user with a Mac 10.5 system and it SEEMS like kinit is ignoring
> the kdc entries in the config file. Instead it APPEARS to do a DNS query
> for the realm and then uses the A records returned and sends the kerberos
Does it look up the A record for the realm name, instead of looking up
the SRV record for the realm name?
> request packets to them. The result is kinit takes a while and eventually
> fails with:
>
> Kerberos Login Failed: Cannot contact any KDC for requested realm
>
> I'm quite sure it's reading the config file because I've run kinit via
> dtruss and see it opening the config file and reading it.
>
> I've tried disabling dns lookups in the config file, by setting both
> dns_lookup_kdc and dns_lookup_realm to false, but that doesn't make a
> difference.
>
> There are many other Mac 10.5 users that work fine using exactly the same
> config file, so it must be some setting on this particular Mac, but I'm
> out of ideas where to look.
Which config files are you changing? There are several that could
affect the result.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
