[OpenAFS] Re: Heimdal & OpenAFS 1.7.4: Difficult user experience

Steve Devine sd@msu.edu
Fri, 27 Jan 2012 10:13:24 -0500

On 1/27/2012 7:42 AM, Harald Barth wrote:
>> (http://msu.edu/service/afs/AFS-tutorial-Windows7.pdf)
>    [libdefaults]
>    default_realm = MSU.EDU
>    clockskew = 300
> 300 is default, isn't it?
>    allow_weak_crypto =3D true
> 3D is some kind of typo
>    v4_instance_resolve = false
>    dns_lookup_kdc= true
> The dns option is MIT krb only, isn't it?
>    [realms]
>    MSU.EDU = {
>                  }
> What does the empty list do for you?
> Harald.

Turns out the Heimdal software must be pretty forgiving since I had a 
clear error in the allow_weak_crypto line and yet it worked. Also you 
are correct the dns_lookup_kdc line was an artifact from an earlier MIT 
conf file.

Heimdal docs :  "If you have a DNS SRV-record for your realm, or your 
Kerberos server has DNS CNAME `kerberos.my.realm', you can omit the 
`realms' section too. "

I've tested and updated my pdf to correct these errors.
FYI MSU has a DNS record for our Realm and kdcs so we don't need the 
realms section.

Steve Devine
Systems&  Infrastructure
Academic Technology Services
Michigan State University

Everything that can be counted does not necessarily count;
everything that counts cannot necessarily be counted.
Albert Einstein