Skip Menu |
 

Subject: src/config-files/krb5.conf does not specify kdc for ATHENA.MIT.EDU
The KDC for ATHENA.MIT.EDU is not specified and the sample config file
does not specify [lidefaults] dns_lookup_kdc = true. Therefore, tickets
for ATHENA.MIT.EDU cannot be obtained.
To: rt-comment@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1707] src/config-files/krb5.conf does not specify kdc for ATHENA.MIT.EDU
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Sun, 03 Aug 2003 00:30:18 -0400
RT-Send-Cc:
Um. We're still not enabling KDC DNS lookups by default on Windows?
Is there a reason for that?

Ken
Date: Sun, 03 Aug 2003 01:18:03 -0400
From: Jeffrey Altman <jaltman@columbia.edu>
To: rt-comment@krbdev.mit.edu
Cc: krb5-prs@MIT.EDU
Subject: Re: [krbdev.mit.edu #1707] src/config-files/krb5.conf does not specify kdc for ATHENA.MIT.EDU
RT-Send-Cc:
The values used on Windows should be identical to those in the krb5
library. If the default value for dns_lookup_kdc has been changed from
"false" to "true", this change must be made known to Leash.

Because Leash must query the value from the profile library, it must
specify the default value as part of the query. Unless the default
values are specified in a public krb5 header file it is not possible
to automatically update Leash when the defaults are changed within the
library.

When did the default value change to "true"?

- Jeff


Ken Raeburn via RT wrote:

Show quoted text
>Um. We're still not enabling KDC DNS lookups by default on Windows?
>Is there a reason for that?
>
>Ken
>_______________________________________________
>krb5-bugs mailing list
>krb5-bugs@mit.edu
>http://mailman.mit.edu/mailman/listinfo/krb5-bugs
>
>
Download smime.p7s
application/x-pkcs7-signature 3.5KiB

Message body not shown because it is not plain text.

Date: Sun, 03 Aug 2003 01:45:31 -0400
From: Jeffrey Altman <jaltman@columbia.edu>
To: rt-comment@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1707] src/config-files/krb5.conf does not specify kdc for ATHENA.MIT.EDU
RT-Send-Cc:
Checking the Makefile.src file produced during the grafting of the krb5
module into the pismere build tree it appears that only

KRB5_USE_DNS=1

is defined. This means that KDC Lookups are off by default on Windows.
I can change this in the Perl scripts that perform the graft. However
it would be preferable to have one setting that would be picked up by
both Leash and krb5.

- Jeff

P.S. - I think it is appropriate for non-zero default settings to still
be specified in the krb5.conf file (perhaps with a comment). The
assumption
is that missing values are "false".
Download smime.p7s
application/x-pkcs7-signature 3.5KiB

Message body not shown because it is not plain text.

To: rt-comment@krbdev.mit.edu
Cc: krb5-prs@mit.edu
Subject: Re: [krbdev.mit.edu #1707] src/config-files/krb5.conf does not specify kdc for ATHENA.MIT.EDU
From: Sam Hartman <hartmans@mit.edu>
Date: Tue, 05 Aug 2003 12:42:28 -0400
RT-Send-Cc:
It's a build option controlled on Unix by configure. But the default
is certainly to use DNS for KDC lookups.
Date: Tue, 05 Aug 2003 12:47:38 -0400
From: Jeffrey Altman <jaltman@columbia.edu>
To: rt-comment@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1707] src/config-files/krb5.conf does not specify kdc for ATHENA.MIT.EDU
RT-Send-Cc:
Since it is configurable and the krb5.conf file should work with all
configurations the dns_lookup_kdc setting should be set to true or the
kdc should be specified.

On Windows, there is no mechanism at present to enable this by default
for all modules.
Download smime.p7s
application/x-pkcs7-signature 3.3KiB

Message body not shown because it is not plain text.

To: rt-comment@krbdev.mit.edu
Cc: krb5-prs@mit.edu
Subject: Re: [krbdev.mit.edu #1707] src/config-files/krb5.conf does not specify kdc for ATHENA.MIT.EDU
From: Sam Hartman <hartmans@mit.edu>
Date: Tue, 05 Aug 2003 12:55:05 -0400
RT-Send-Cc:
Show quoted text
>>>>> "\"\"Jeffrey" == \"\"Jeffrey Altman [Kermit Project]\" via RT\" <Jeffrey> writes:

\"\"Jeffrey> Since it is configurable and the krb5.conf file
\"\"Jeffrey> should work with all configurations the
\"\"Jeffrey> dns_lookup_kdc setting should be set to true or the
\"\"Jeffrey> kdc should be specified.

\"\"Jeffrey> On Windows, there is no mechanism at present to
\"\"Jeffrey> enable this by default for all modules.


It seems like the right solution is to build with this enabled by
default on Windows. I think that on Unix, it will be enabled unless
people go far out of their way--for example, explicitly compiling DNS
support out of the product.
To: rt-comment@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1707] src/config-files/krb5.conf does not specify kdc for ATHENA.MIT.EDU
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Fri, 12 Sep 2003 22:41:55 -0400
RT-Send-Cc:
[resend to include the RT database]

"Sam Hartman via RT" <rt-comment@krbdev.mit.edu> writes:
Show quoted text
> It seems like the right solution is to build with this enabled by
> default on Windows. I think that on Unix, it will be enabled unless
> people go far out of their way--for example, explicitly compiling DNS
> support out of the product.

On the trunk, as of a couple weeks ago, it's no longer a configure
option; the code is always compiled in on UNIX. (See ticket 1724.)
And some parts of it, at least, are no longer conditionalized, so some
of it at least will get compiled on Windows; I think that can be fixed
without too much pain, if we need to preserve the ability to build
without DNS SRV support on Windows.

It also appears that (1) the "wash" nightly builds on Windows are
testing krb5-1-3-final and not the trunk, and (2) the DNS SRV code on
the trunk doesn't actually compile on Windows at the moment.

Ken
This was resolved by forcing the DNS flags to be set during the Pismere
grafting. DNS support will still not be auto-built on standalone krb5
builds.