Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!sun-barr!decwrl!shelby!WATDRAGON.WATERLOO.EDU!jmsellens
From: jmsellens@WATDRAGON.WATERLOO.EDU ("John M. Sellens")
Newsgroups: comp.protocols.kerberos
Subject: host and realm names compiled into kerberos
Message-ID: <8912210820.AA24753@watdragon.waterloo.edu>
Date: 21 Dec 89 08:20:17 GMT
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 31

(I'm not *positive* about the following, but I think it's the way
things work.)

The krb.h file defines KRB_MASTER, KRB_HOST and KRB_REALM.  The latter
two are used if the /etc/krb.conf file does not exist, and KRB_MASTER
is used to find the master server (because the krb.conf file doesn't
distinguish between servers).

Since these are compiled in, you can't use the same binaries in
different realms, and you can't use the same source either.  I think
this will be a major inconvenience for us if we install kerberos
because we would have many realms, all hoping to have software support
from the central software guys (i.e. me).  (I'm pretty sure that we
would have many realms, because we currently have many administrations,
many different passwd files, many different areas of authority, and I
think many realms would match best.)  Additionally, all the realms can't
use the hostname "kerberos" because most of them are (currently anyway)
in the same IP domain (host.waterloo.edu).

I think it's not too hard to get rid of KRB_REALM and KRB_HOST by
having krb_get_lrealm() and krb_get_krbhst() return an error code
(e.g. a new KDC_NO_REALM and KDC_NO_HOST).  But it appears that
KRB_MASTER is a little more entrenched, and requires a different
krb.conf format (one that specifies which is the master) or a
different way to indicate the master (another configuration file?).

Is anyone looking at this problem?  Am I completely off base?

John Sellens
University of Waterloo
jmsellens@dragon.waterloo.edu