clarify meaning of dns_lookup_kdc?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

clarify meaning of dns_lookup_kdc?

Jerry Shipman
Hello,
Can you clarify for me exactly what dns_lookup_kdc does?

I am trying to help a user debug something. The user's config file has
dns_lookup_kdc=false
under [libdefaults]
and then does not specify any realms under [realms].
To my intuition, it should mean that nothing works at all.
But experimentally, it does work.
Doing some tcpdumping, I can see it do a DNS lookup to find the KDCs, even though dns_lookup_kdc is set false.

Perhaps the dns_lookup_kdc only affects realms that are defined in your [realms] section?

Thank you for your help,
Jerry


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: clarify meaning of dns_lookup_kdc?

Greg Hudson
On 11/8/19 2:58 PM, Jerry Shipman wrote:
> Hello,
> Can you clarify for me exactly what dns_lookup_kdc does?

dns_lookup_kdc=false in [libdefaults] should suppress all SRV lookups by
libkrb5 for realm KDCs, whether or not there is a [realms] section for
the realm.

In your scenario, it's possible that a locate plugin module is taking
care of the lookup.  This explanation is more likely if the system is
running sssd.
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos