[856] in Kerberos
re: host and realm names compiled into kerberos
daemon@ATHENA.MIT.EDU (John T Kohl)
Thu Dec 21 08:53:10 1989
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: John M Sellens <jmsellens@WATDRAGON.WATERLOO.EDU>, kerberos@ATHENA.MIT.EDU
John Sellens asks:
I think it's not too hard to get rid of KRB_REALM and KRB_HOST by
having krb_get_lrealm() and krb_get_krbhst() return an error code
(e.g. a new KDC_NO_REALM and KDC_NO_HOST). But it appears that
KRB_MASTER is a little more entrenched, and requires a different
krb.conf format (one that specifies which is the master) or a
different way to indicate the master (another configuration file?).
There is a library routine, krb_get_admhst(), which already does what
you suggest. The real (proper) use of KRB_MASTER is to help define what
service name should be used for administrative functions (like changing
passwords, etc); there was/is some confusion since the current
installation/operation documents tell the SysAdmin to change KRB_MASTER.
Revised documents do NOT ask the SysAdmin to change KRB_MASTER, so that
it can be used for determining the proper service name, even for
inter-realm administration work.
krb_get_lrealm() returns a failure code if it can't find a realm name in
the configuration file; however, many programs fall back to the built-in
KRB_REALM if this call fails.
krb_get_krbhst() also returns an error code if it can't find the nth
server for the given realm.
John
