oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: Document TGS HDB entry alias referral feature

Browse Source
This commit is contained in:
Nicolas Williams
2021-10-08 02:23:44 -05:00
parent 4e7c0fd129
commit 403a445f5b
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/krb5/krb5.conf.5
View File

@@ -521,6 +521,21 @@ The default value is false.
.El .El
.It Li [domain_realm] .It Li [domain_realm]
This is a list of mappings from DNS domain to Kerberos realm. This is a list of mappings from DNS domain to Kerberos realm.
.Pp
It is used by the client and the TGS both to determine the realm
of host-based service principal names based on the principal's
hostname component.
.Pp
The client may try DNS to determine a host's realm; see the
`dns_lookup_realm' parameter, and see below.
.Pp
The TGS will issue a referral when a host-based service does not
exist in the requested realm but can be mapped with these rules
to a different realm.
The TGS will also issue a referral when a host-based service
exists in the requested realm as an alias of a service in another
realm.
.Pp
Each binding in this section looks like: Each binding in this section looks like:
.Pp .Pp
.Dl domain = realm .Dl domain = realm