On 12/09/2014 12:32 AM, Todd Grayson wrote: > What is the proper order for the [domain_realms] section of the krb5.conf > with regard to rules being applied when there are mixed dns FQDN, domain > names and REALMS.
The order of relations in a profile only matters for relations of the same name (such as multiple values of "kdc" in a realm subsection). For [domain_realm], the library will search from most specific to least specific regardless of the order of the domains in the profile. > [domain_realm] > specific-host.domain.name = REALM.NAME > domain.name = OTHER.REALM.NAME > .domain.name = OTHER.REALM.NAME As an aside, you do not need a .domain.name entry if you have a domain.name entry saying the same thing. Older versions of our documentation suggested putting in a .domain.name entry, but there was no reason for it. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
