[32079] in Kerberos
Re: another (different) KDC name resolution question
daemon@ATHENA.MIT.EDU (Abe Singer)
Mon Feb 22 17:27:45 2010
Date: Mon, 22 Feb 2010 14:27:39 -0800
From: Abe Singer <abe@ligo.caltech.edu>
To: Andy Cobaugh <phalenor@gmail.com>
Message-ID: <20100222222737.GD60489@ligo.caltech.edu>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <alpine.LRH.2.00.1002221711570.28086@hasufel.phalengard.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
That *was* with dns_lookup_kdc and dns_lookup_realm turned off.
The server still has to resolve the hostnames listed in krb5.conf,
even with the DNS options turned off. And it appears to lookup
all of them before contact any KDCs.
I already know of workarounds, but I'm trying to understand whether what
I'm seeing is actually a big. One workaround is putting A records all in one
domain that have the IP addresses of the hosts, even though they actually
live somewhere else. It works, but should I *have* to do that?
On Mon, Feb 22, 2010 at 05:12:42PM -0500, Andy Cobaugh wrote:
>
>
> Try turning off dns_lookup_* in krb5.conf ? Then the client *should* try
> kdcs in the order they're listed in krb5.conf.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
