[19122] in Kerberos
Re: regarding TXT and SRV records
daemon@ATHENA.MIT.EDU (Arun Perinkolam)
Fri Apr 25 12:11:02 2003
Message-Id: <200304251610.h3PGA9FD003466@engmail1mpk.Eng.Sun.COM>
Date: Fri, 25 Apr 2003 09:06:58 -0700 (PDT)
From: Arun Perinkolam <arunp@sun.com>
To: kerberos@MIT.EDU, duffpl-spam@pacbell.net
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: //J3Sq2qaq1hX8b5ds14mA==
Reply-To: Arun Perinkolam <arunp@sun.com>
Errors-To: kerberos-bounces@mit.edu
you should probably try building the mech with -DKRB5_DNS_LOOKUP and
-DKRB5_DNS_LOOKUP_KDC, which will take care of both kdc and realm
mapping lookups.
If you are planning on doing both the kdc and realm mapping lookups,
just specifying "dns_fallback = on" in [libdefaults] should work.
-Arun
>Hi,
>I've recently started with mit kerberos 5, and would love to get dns
location of both the realm and the kdc, _and get rid of krb5.conf
entirely_
>
>My problem is that I can't seem to get the necessary support compiled
in the even get the krb5 client to do TXT record lookups, tcpdump
doesnt show them coming from the client. If I force the realm with
default_realm, I can then get the client to emit SRV lookups for the
kdc.
>
>Some documents online have suggested removing the /etc/krb5.conf
entirely. This doesnt work, I get
>
>$ ls -l /etc/krb5.conf
>ls: /etc/krb5.conf: No such file or directory
>
>$ sudo tcpdump port 53 &
>tcpdump: listening on eth0
>$ /usr/kerberos/bin/kinit
>kinit(v5): Can't open/find Kerberos configuration file while
initializing Kerberos 5 library
>
>Others stress the use of only:
>[libdefaults]
> dns_lookup_realm = true
> dns_lookup_kdc = true
>
>this doesnt work either: :(
>$ sudo tcpdump port 53 &
>tcpdump: listening on eth0
>
>$ /usr/kerberos/bin/kinit
>kinit(v5): Configuration file does not specify default realm when
parsing name duff
>
>Strangely, if I already have any tickets in this realm, I get:
>kinit(v5): Cannot find KDC for requested realm while getting initial
credentials
>
>Something else posted here led me to try, -DKRB5_DNS_LOOKUP, (which
doesnt seems to be triggered by the similar sounding autoconf option
--enable-dns-for-realm) I have tried both of these, and neither
seems to change any of the above errors
>that I am seeing.
>
>Is there a definitive guide on getting this to work ? Any
suggestions?
>
>I am using the krb5-1.2.7-latest srpm from redhat which is, I
believe, the same thing as 1.2.8.
>
>Thanks and Regards,
>
>Peter
>
>
>________________________________________________
>Kerberos mailing list Kerberos@mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
--
Arun Perinkolam
Solaris Network Security
Sun Microsystems Inc.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
