On Sat, May 24, 2008 at 10:05:26AM -0700, Russ Allbery wrote: > NEWS.Debian is correct. The documentation predates referral support. > Thanks, I'll work on getting this fixed, hopefully for the next upstream > release.
I was not able to find that in the code, but some parts of the old behaviour seems to be still there: | $ kvno host/$somehost@ | kvno: KDC returned error string: PROCESS_TGS while getting credentials for host/$somehost@ | $ klist | Default principal: [EMAIL PROTECTED] | | Valid starting Expires Service principal | 06/03/08 15:13:13 06/04/08 01:13:13 krbtgt/[EMAIL PROTECTED] | renew until 06/04/08 15:13:11 | 06/03/08 15:15:26 06/04/08 01:13:13 krbtgt/[EMAIL PROTECTED] | renew until 06/04/08 15:13:11 log: | TGS_REQ [...]: UNKNOWN_SERVER: authtime 1212498967, [EMAIL PROTECTED] for host/[EMAIL PROTECTED], Server not found in Kerberos database | TGS_REQ [...]: ISSUE: authtime 1212498967, etypes {rep=18 tkt=18 ses=18}, [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED] After trying to find the principal in the default realm, it seems to use the old behaviour and tries to find a trust path to the domain derived realm. The domain_realm section in the config is empty. Bastian -- We fight only when there is no other choice. We prefer the ways of peaceful contact. -- Kirk, "Spectre of the Gun", stardate 4385.3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]