Hi Arnoud, Use of DNS is controlled via krb5.conf, with three directives. I looked at the MIT man page for krb5.conf. Note that this is different to the man page from vendors such as Sun, you should be looking at the file /krb5/man/man5/krb5.conf.5. In any case these directives are described in the libdefaults section and I reproduce this section from my man page here:
dns_lookup_kdc Indicate whether DNS SRV records shoud be used to locate the KDCs and other servers for a realm, if they are not listed in the information for the realm. The default is to use these records. dns_lookup_realm Indicate whether DNS TXT records should be used to determine the Kerberos realm of a host. The default is not to use these records. dns_fallback General flag controlling the use of DNS for Kerberos information. If both of the preceding options are specified, this option has no effect. We don't use DNS either and my krb5.conf file has the first two directives set to false. To help you understand this I include a doctored snippet from a krb5.conf I use: ------------x snip x------------------- [libdefaults] default_realm = AWB.COM.AU dns_lookup_kdc = false dns_lookup_realm = false -----------x snip x-------------------- From your description you probably only need dns_lookup_kdc, though if you are not using DNS at all, you probably need both. I have no idea from the man page how to use the dns_fallback directive, but I don't seem to need it. Good Luck, Jeremy [EMAIL PROTECTED] wrote: > [safeTgram (optim1) receive status: NOT encrypted, NOT signed.] > > > Hi, > > I recently started to install a central authentication server with > openldap, kerberos, sasl etc on a test server for starters. I installed > kerberos, but when I try to start kinit it returns an error stating: > > kinit(v5): Cannot resolve network address for KDC in requested realm while > getting initial credentials > > The server where kerberos is installed does not have a DNS entry, which > causes the problem I assume. Is it possible to cicrcumvent this? Since > this is in testing phase I was hoping to get kinit started and kerberos > without adding an entry into the DNS. If this is possible how to proceed? > > Thnx, > Arnoud > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > dns_lookup_realm = false dns_lookup_kdc = false > > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos