[19118] in Kerberos
regarding TXT and SRV records
daemon@ATHENA.MIT.EDU (peter duff)
Fri Apr 25 02:44:07 2003
Date: Thu, 24 Apr 2003 23:43:18 -0700
From: peter duff <duffpl-spam@pacbell.net>
To: kerberos@mit.edu
Message-id: <005501c30af5$f4bdca90$053c1a0a@bounty>
MIME-version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7BIT
Reply-To: peter duff <duffpl-spam@pacbell.net>
Errors-To: kerberos-bounces@mit.edu
Hi,
I've recently started with mit kerberos 5, and would love to get dns location of both the realm and the kdc, _and get rid of krb5.conf entirely_
My problem is that I can't seem to get the necessary support compiled in the even get the krb5 client to do TXT record lookups, tcpdump doesnt show them coming from the client. If I force the realm with default_realm, I can then get the client to emit SRV lookups for the kdc.
Some documents online have suggested removing the /etc/krb5.conf entirely. This doesnt work, I get
$ ls -l /etc/krb5.conf
ls: /etc/krb5.conf: No such file or directory
$ sudo tcpdump port 53 &
tcpdump: listening on eth0
$ /usr/kerberos/bin/kinit
kinit(v5): Can't open/find Kerberos configuration file while initializing Kerberos 5 library
Others stress the use of only:
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
this doesnt work either: :(
$ sudo tcpdump port 53 &
tcpdump: listening on eth0
$ /usr/kerberos/bin/kinit
kinit(v5): Configuration file does not specify default realm when parsing name duff
Strangely, if I already have any tickets in this realm, I get:
kinit(v5): Cannot find KDC for requested realm while getting initial credentials
Something else posted here led me to try, -DKRB5_DNS_LOOKUP, (which doesnt seems to be triggered by the similar sounding autoconf option --enable-dns-for-realm) I have tried both of these, and neither seems to change any of the above errors
that I am seeing.
Is there a definitive guide on getting this to work ? Any suggestions?
I am using the krb5-1.2.7-latest srpm from redhat which is, I believe, the same thing as 1.2.8.
Thanks and Regards,
Peter
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
