Adam Megacz <[EMAIL PROTECTED]> writes: > So, to summarize, I guess the basic problem is that a lot of > "applications" (ie things that use libkrb, such as AFS)
Ack, wait up a bit. I'm not sure that it matters, but that's not quite right. :) First, AFS comes with its own Kerberos v4 implementation, and that's what all the servers use. The only part of AFS that links with K5 is aklog. For the rest, it's theoretically doing K4 but it turns out that you can use the guts of a K5 ticket with the right enctype and everything still works. But the internals of that implementation, I believe, assume that they can find the Kerberos realm by upcasing the cell name, so you have to use the (so far, undocumented) krb.conf file to change this. Second, nothing (except KTH Kerberos) uses a libkrb any more, so that name is a bit confusing. You probably mean libkrb5. And third, the assumption isn't in the applications; it's in libkrb5. Upcasing the domain is the final fallback algorithm used to determine the realm for a host if DNS lookups fail (or are turned off, which is the default as mentioned by others) and there's no realm mapping in the krb5.conf. Using a lowercase realm has forced us to distribute krb5.conf files to all of our clients or enable DNS lookups, where otherwise we would have just been able to use the defaults. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
