On Sun, 14 Mar 2010 18:15:44 +0700 Denis Feklushkin <denis.feklush...@gmail.com> wrote:
> On Sun, 14 Mar 2010 19:12:33 +1100 > Brian May <br...@microcomaustralia.com.au> wrote: > > > 2010/3/14 Denis Feklushkin <denis.feklush...@gmail.com>: > > > I thought that if no realms provided by krb5.conf then DNS domain with > > > srv record will be default realm > > > > The SRV record doesn't contain the realm, it contains the servers. > > Heimdal can't contact the server until it knows the realm. > > http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-DNS.html > > > Heimdal will try to use DNS to find the KDCs for a realm. ...and I suggest that if the default realm is not found (krb5.conf does not exist, for example) fqdn is used as realm name and the default realm name too > First it will try to find a SRV resource record (RR) for the realm. If no SRV > RRs > are found, it will fall back to looking for an A RR for a machine named > kerberos.REALM, and then kerberos-1.REALM, etc > > > Adding this information to DNS minimises the client configuration > > (in the common case, resulting in no configuration needed) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Here I am just about > > >and allows the system administrator to change the number of KDCs and on what > >machines they are running without caring about clients. > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
