>I own the domain 3c58.com (which is routable >on the Internet, so I named the local machine Level10.3c58.com. I'd like >kerberos to create tickets for that machine, but I have run out of ideas on >how to get that to happen under present circumstances. Is there some way >to convince Kerberos to look at the hosts file on windows or somehow tap >the router's domain name server? Is this behavior a bug or intended >security behavior?
There are a couple of details here that matter. - Which Kerberos implementation you are using - Which APPLICATIONS you are using - How it is configured - The reverse DNS records Let's say you're using MIT Kerberos. Again, details matter here. What is the implementation of the Kerberos KDC? If it is a Unix-based KDC, you should have access to the logs. _Depending on how you have things configured_, the client side Kerberos implementation may just try to canonicalize the name based on the forward DNS, _or_ it may also try the reverse DNS. At least for MIT Kerberos, it calls the standard operating system calls to perform those DNS lookups. But again the details matter; those MAY consult the local host file, it may not. Your best best is to look at the KDC logs to determine what name it is trying to look up, and go from there. --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
