I primarily use Kerberos with ssh gssapi-with-mic authentications, samba, and apache. I don't believe I need to populate the [domain_realm] section with hostname/domainname mappings to realms, even though the domainname for the hosts differs from the Kerberos realm; these Kerberized services still work. Or am I mistaken? default_realm is defined under [libdefaults], and dns_lookup_realm and dns_lookup_kdc are set to false. The krb5.conf man page mentions that this mapping is necessary for some programs or services. I'm wondering which services require this mapping?
Mark ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
