Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!wuarchive!decwrl!shelby!ATHENA.MIT.EDU!jtkohl
From: jtkohl@ATHENA.MIT.EDU (John T Kohl)
Newsgroups: comp.protocols.kerberos
Subject: re: host and realm names compiled into kerberos
Message-ID: <8912211348.AA10144@lycus.MIT.EDU>
Date: 21 Dec 89 13:48:32 GMT
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 26

John Sellens asks:

	I think it's not too hard to get rid of KRB_REALM and KRB_HOST by
	having krb_get_lrealm() and krb_get_krbhst() return an error code
	(e.g. a new KDC_NO_REALM and KDC_NO_HOST).  But it appears that
	KRB_MASTER is a little more entrenched, and requires a different
	krb.conf format (one that specifies which is the master) or a
	different way to indicate the master (another configuration file?).

There is a library routine, krb_get_admhst(), which already does what
you suggest.  The real (proper) use of KRB_MASTER is to help define what
service name should be used for administrative functions (like changing
passwords, etc); there was/is some confusion since the current
installation/operation documents tell the SysAdmin to change KRB_MASTER.
Revised documents do NOT ask the SysAdmin to change KRB_MASTER, so that
it can be used for determining the proper service name, even for
inter-realm administration work.

krb_get_lrealm() returns a failure code if it can't find a realm name in
the configuration file; however, many programs fall back to the built-in
KRB_REALM if this call fails.

krb_get_krbhst() also returns an error code if it can't find the nth
server for the given realm.

John