[OpenAFS] Re: differences between aklog on Windows and Unix?

Adam Megacz megacz@cs.berkeley.edu
Thu, 26 Jan 2006 12:36:38 -0800

Jeffrey Altman <jaltman@secure-endpoints.com> writes:
> Also, the use of TXT records to determine which realm a service
> belongs to is insecure and is disabled by default in MIT Kerberos.
> You would need to explicitly enable this functionality in your
> krb5.ini file in order to use it.

... but I'm using MIT Kerberos on all three machines (Win32, Linux,
and MacOS).  Why do I see different behavior on MacOS?

I checked the krb5.ini vs krb5.conf on these machines, and the only
material difference is that the Win32 machines have an additional line
("dns_lookup_kdc=true"), which I don't think would explain this.

So, setting aside for a second the question of whether or not TXT
records are secure, why am I seeing different behavior?

  - a