[39032] in Kerberos
domain_realm, hostname to realm mapping, what programs/services is
daemon@ATHENA.MIT.EDU (Christian, Mark)
Thu Dec 9 01:57:50 2021
From: "Christian, Mark" <mark.christian@intel.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Thu, 9 Dec 2021 06:53:55 +0000
Message-ID: <BL1PR11MB5512F3419D36B877C93752DA85709@BL1PR11MB5512.namprd11.prod.outlook.com>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I primarily use Kerberos with ssh gssapi-with-mic authentications, samba, and apache. I don't believe I need to populate the [domain_realm] section with hostname/domainname mappings to realms, even though the domainname for the hosts differs from the Kerberos realm; these Kerberized services still work. Or am I mistaken? default_realm is defined under [libdefaults], and dns_lookup_realm and dns_lookup_kdc are set to false. The krb5.conf man page mentions that this mapping is necessary for some programs or services. I'm wondering which services require this mapping?
Mark
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
