Package: krb5-config Version: 1.17 Severity: minor The krb5-config package chooses a default value for the host's default realm based on the output of the dnsdomainname command.
This is not always the correct value. <http://tools.ietf.org/id/draft-ietf-krb-wg-krb-dns-locate-02.txt>, which AIUI is the same draft that specifies the Kerberos SRV records, describes how to declare a Kerberos realm for a given domain name using a TXT record. If such a text record is available that matches the hostname, would it be reasonable for krb5-config to use this value as a default instead of the dnsdomainname? Of course, I've also never seen MIT KRB5 respect these TXT records, so perhaps there's a good reason not to use them that I'm unaware of; but they are still mentioned in the documentation from krb5 1.4.4. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
