In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Chet Burgess) wrote: [ ... re memory leak caused by DNS KDC lookup ... ] > The res_ninit() call and the subsequent calls for the DNS > records are made in the krb5int_dns_init function found at > src/lib/krb5/os. The res_ninit() call is made for every lookup. As for > the DNS vs. config file variable, I had a proper krb5.conf file that > listed the REALM and the KDCs, untill I added "dns_fallback = false" > to the config file it would always try DNS then look at the config > file.
That's weird, but there are some potential surprises. For an example I ran into myself, if your initial request fails, it will be retried to the configured "master_kdc". Of course if that isn't in krb5.conf it will go to DNS ("_kerberos-master._udp".) "master_kdc" is fairly recent and likely not configured at a lot of sites where the krb5.conf goes back a ways (or maybe where there is no master KDC, though such sites may as well configure a value anyway.) Donn Cave, [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos