On Fri, 2005-10-14 at 12:40 +0200, Love Hörnquist Åstrand wrote: > >> Other than that I don't see any problems. :-) > >> > >> Wouldn't this be a problem only if you have a non-dns based realm AND > >> you also don't have any local configuration for it (or if the KDC is > >> down)? > > > > It's more about misconfiguration, and our users (or indeed my code) > > blurring the distinction between a netbios domain and a realm. > > > > Attached is another patch to avoid doing a DNS lookup on _kerberos.host > > where 'host' is unqualified. This was going to the root DNS servers. > > What codepaths are causing this to happen for you ? Samba4 where we have already turned off DNS canonicalisation (and in the real world if it has failed), with smbclient //piglett/test -Uuser%pass Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part