[OpenAFS] Re: Heimdal & OpenAFS 1.7.4: Difficult user experience
Steve Devine
sd@msu.edu
Fri, 27 Jan 2012 10:13:24 -0500
On 1/27/2012 7:42 AM, Harald Barth wrote:
>> (http://msu.edu/service/afs/AFS-tutorial-Windows7.pdf)
>
> [libdefaults]
> default_realm = MSU.EDU
> clockskew = 300
>
> 300 is default, isn't it?
>
> allow_weak_crypto =3D true
>
> 3D is some kind of typo
>
> v4_instance_resolve = false
> dns_lookup_kdc= true
>
> The dns option is MIT krb only, isn't it?
>
> [realms]
> MSU.EDU = {
> }
>
> What does the empty list do for you?
>
> Harald.
Turns out the Heimdal software must be pretty forgiving since I had a
clear error in the allow_weak_crypto line and yet it worked. Also you
are correct the dns_lookup_kdc line was an artifact from an earlier MIT
conf file.
Heimdal docs : "If you have a DNS SRV-record for your realm, or your
Kerberos server has DNS CNAME `kerberos.my.realm', you can omit the
`realms' section too. "
I've tested and updated my pdf to correct these errors.
FYI MSU has a DNS record for our Realm and kdcs so we don't need the
realms section.
/sd
--
Steve Devine
Systems& Infrastructure
Academic Technology Services
Michigan State University
Everything that can be counted does not necessarily count;
everything that counts cannot necessarily be counted.
Albert Einstein