diff options
author | Greg Hudson <ghudson@mit.edu> | 2008-12-24 16:51:33 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2008-12-24 16:51:33 +0000 |
commit | 2fd916940dbe98a2e7c000480979d5a37ef72265 (patch) | |
tree | 4bed4cf26f2da3d345259573850bedf6c7c47493 /src/config-files | |
parent | 51ea86b7519d3ed5c10135529726a37c1b5d9709 (diff) | |
download | krb5-2fd916940dbe98a2e7c000480979d5a37ef72265.zip krb5-2fd916940dbe98a2e7c000480979d5a37ef72265.tar.gz krb5-2fd916940dbe98a2e7c000480979d5a37ef72265.tar.bz2 |
Add a new fallback host-to-realm heuristic to try the components of the
hostname as domains. The heuristic is off by default and is controlled
by the realm_try_domains variable under libdefaults.
Based on a patch submitted by Mark Phalan from Sun.
ticket: 6031
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21588 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/config-files')
-rw-r--r-- | src/config-files/krb5.conf.M | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M index 95a3f77..1cfb144 100644 --- a/src/config-files/krb5.conf.M +++ b/src/config-files/krb5.conf.M @@ -201,6 +201,16 @@ realm of a host. The default is not to use these records. General flag controlling the use of DNS for Kerberos information. If both of the preceding options are specified, this option has no effect. +.IP realm_try_domains +Indicate whether a host's domain components should be used to +determine the Kerberos realm of the host. The value of this variable +is an integer: -1 means not to search, 0 means to try the host's +domain itself, 1 means to also try the domain's immediate parent, and +so forth. The library's usual mechanism for locating Kerberos realms +is used to determine whether a domain is a valid realm--which may +involve consulting DNS if dns_lookup_kdc is set. The default is not +to search domain components. + .IP extra_addresses This allows a computer to use multiple local addresses, in order to allow Kerberos to work in a network that uses NATs. The addresses should |