[436] in Kerberos
Re: nfsid
daemon@TELECOM.MIT.EDU (Robert S. French)
Sat Jul 9 14:46:23 1988
From: "Robert S. French" <rfrench@ATHENA.MIT.EDU>
To: <qjb@ATHENA.MIT.EDU>
Cc: nessus@ATHENA.MIT.EDU, kerberos@ATHENA.MIT.EDU
In-Reply-To: <qjb@ATHENA.MIT.EDU>'s message of Thu, 07 Jul 88 17:55:22 EDT
From: <qjb@ATHENA.MIT.EDU>
Date: Thu, 07 Jul 88 17:55:22 EDT
I don't know how much of your problem is caused by nfsid, but the current
version of nfsid will assume that the realm is ATHENA.MIT.EDU if the
host name ends with .MIT.EDU. It does this even after finding out what
realm it should be in! While working in the SMS_TEST realm, we had to build
a new nfsid to solve the problem, but I haven't tried using it for inter-
realm stuff.
.
This is proper behavior. The krb_getrealm call looks in
/etc/krb.realms to map domains to Kerberos realms. It knows what
realm YOU are in, but not what realm the host you're talking to is in.
The proper fix is for you to add lines to /etc/krb.realms to map the
hosts you're trying to talk to to the SMS_TEST realm explicitly.
Rob
