> I'm not sure why the realms section is populated as it is anyway, but > some of the entries are no longer valid, says the Heimdal checker: > > $ verify_krb5_conf /usr/share/kerberos-configs/krb5.conf.template > verify_krb5_conf: /libdefaults/krb4_config: unknown entry > verify_krb5_conf: /libdefaults/krb4_realms: unknown entry > verify_krb5_conf: /libdefaults/ccache_type: unknown entry > verify_krb5_conf: /libdefaults/proxiable: unknown entry > verify_krb5_conf: /realms/ATHENA.MIT.EDU/kdc: Name or service not known > (kerberos-3.mit.edu) > verify_krb5_conf: /realms/CYGNUS.COM/kdc: Name or service not known > (KERBEROS.CYGNUS.COM) > verify_krb5_conf: /realms/CYGNUS.COM/kdc: Name or service not known > (KERBEROS-1.CYGNUS.COM) > verify_krb5_conf: /realms/CYGNUS.COM/admin_server: Name or service not known > (KERBEROS.CYGNUS.COM) > verify_krb5_conf: /realms/GREY17.ORG/kdc: Name or service not known > (kerberos.grey17.org) > verify_krb5_conf: /realms/GREY17.ORG/admin_server: Name or service not known > (kerberos.grey17.org) > verify_krb5_conf: /login: unknown entry
Some sites don't publish SRV records and need a realm entry. (Stanford is currently one of them, but I'm going to get that fixed.) However, we certainly don't need to keep entries for sites that no longer exist. I've removed CYGNUS.COM and GREY17.ORG, which both appear to be defunct, or at least the hostnames in question no longer exist. I also removed kerberos-3.mit.edu from the ATHENA.MIT.EDU entry since it's not in the SRV record. The libdefaults and login section that are reported above are either MIT-specific or for other Kerberos software and should stay, I believe. Thanks for the report! -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]