Skip Menu |
 

Subject: stop defaulting to DNS domain->realm lookup when no config file
We should not default to using DNS to look up domain->realm mappings
when no config file exists. Windows will still do this, though.
Actually DNS domain->realm already always defaults to off:


Date: Mon, 02 Jun 2003 17:51:56 -0400
From: Jeffrey Altman <jaltman@columbia.edu>
To: krbcore@mit.edu
Subject: Default DNS REALM lookups in Kerberos 5 tree

The default behavior of DNS REALM lookups in the Kerberos 5 tree is
specified in auth/krb5/src/lib/krb5/os/locate_kdc.c

This behavior is currently to return a consistent default value
specified by the value of DEFAULT_LOOKUP_REALM regardless of whether or
not the krb5.conf file exists. The behavior I described must have been
removed by Ken Raeburn during the transition from release 1.1 to 1.2.
The behavior of using a different value for a missing configuration file
continues exist in the Windows Kerberos IV library. I suggest we leave
things as is until the krb4 merger.