In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Chet Burgess)
wrote:
[ ... re memory leak caused by DNS KDC lookup ... ]
> The res_ninit() call and the subsequent calls for the DNS
> records are made in the krb5int_dns_init function found at
> src/lib/krb5/os. The res_ninit() call is made for every lookup. As for
> the DNS vs. config file variable, I had a proper krb5.conf file that
> listed the REALM and the KDCs, untill I added "dns_fallback = false"
> to the config file it would always try DNS then look at the config
> file.
That's weird, but there are some potential surprises. For an
example I ran into myself, if your initial request fails, it
will be retried to the configured "master_kdc". Of course if that
isn't in krb5.conf it will go to DNS ("_kerberos-master._udp".)
"master_kdc" is fairly recent and likely not configured at a
lot of sites where the krb5.conf goes back a ways (or maybe
where there is no master KDC, though such sites may as well
configure a value anyway.)
Donn Cave, [EMAIL PROTECTED]
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
