Never mind - problem solved. Our internal DNS is apparently misconfigured. The XP box had been updated to work around that by explicitly pointing to the correct DNS server for the domain; the Vista box (after the re-install) had not.
"Nothing to see here people; move along." :-) Thanks, DR David Rosenstrauch wrote: > I'm experiencing "Cannot find KDC for requested realm" > (KRB5_REALM_UNKNOWN) errors when running our code on Windows Vista. But > on XP the exact same executables work fine. Very strange. What's even > stranger is that this code used to work fine on the Vista box too until > we had to reinstall the OS. Details as follows: > > Our code uses libcurl for http requests. We've built libcurl with > support for GSSAPI/SPNEGO, using the appropriate libraries, including > MIT Kerberos (i.e., gssapi32.dll, etc.). All was working well - code > ran fine on both Vista and XP. > > ... until about a week ago, when problems on the Vista box forced us to > reinstall the OS. Now libcurl is tossing up "Cannot find KDC for > requested realm" messages from krb5 whenever we access an > SPNEGO-protected site. > > I'm at a bit of a loss to understand what the error even is here. IIUC, > KRB5_REALM_UNKNOWN errors mean that krb5 was not able to locate the KDC > via SRV DNS records. But I don't understand how that could be the case. > I've verified that the records are there. Plus the XP box (which is > part of the same domain) obviously looks them up just fine. So I'm > wondering what's unique about Vista - or perhaps this particular Vista > box - that would prevent krb5 from finding it? (And similarly, what > might have changed on the Vista box since the OS re-install that broke > it?) Google turned up a whole lot of nothing. > > Help appreciated - I'm stumped! > > TIA, > > DR _______________________________________________ kfwdev mailing list kfwdev@mit.edu http://mailman.mit.edu/mailman/listinfo/kfwdev