[
https://issues.apache.org/jira/browse/DIRKRB-768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17773904#comment-17773904
]
Serge Shikov commented on DIRKRB-768:
-------------------------------------
Also, not sure this is bug or works as desired: if we have two or more kdc
specified:
{code:java}
example.com = {
kdc = kdc1.example.com
kdc = kdc2.example.com
default_domain = example.com
}
{code}
then no load balancing happens. kdc2.example.com will be used to get TGT/TGS
only if request to kdc1.example.com failed for some reason.
> Can't get TGT, dns_lookup_kdc = true doesn't work as expected
> -------------------------------------------------------------
>
> Key: DIRKRB-768
> URL: https://issues.apache.org/jira/browse/DIRKRB-768
> Project: Directory Kerberos
> Issue Type: Bug
> Affects Versions: 2.0.3
> Reporter: Serge Shikov
> Priority: Major
>
>
> I have krb5.conf like this:
> {code:java}
> includedir /etc/krb5.conf.d/
> includedir /var/lib/sss/pubconf/krb5.include.d/
> [libdefaults]
> default_realm = example.com
> dns_lookup_realm = true
> dns_lookup_kdc = true
> rdns = false
> dns_canonicalize_hostname = false
> ticket_lifetime = 24h
> renew_lifetime = 14d
> forwardable = yes
> udp_preference_limit = 1
> [realms]
> example.com = {
> default_domain = example.com
> } {code}
> There is no kdc within realms->example.com section. There is
> dns_lookup_realm = true parameter, and I've checked that there is SRV records
> for _kerberos_tcp for my domain. But I can't get TGT using this config file.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
