Copy:
kerberos@mit.edu (kerberos)
You MIGHT be better served by turning on Kerberos tracing to see what the library is doing. Prefixing that kinit with:
env KRB5_TRACE=/dev/stdout
would be useful. However, assuming these are in order ...
Protocol Length Info
DNS 80 Standard query 0xd8af A dc1.gogo.loco
DNS 96 Standard query response 0xd8af A dc1.gogo.loco A 10.15.15.22
KRB5 221 AS-REQ
KRB5 234 KRB Error: KRB5KDC_ERR_PREAUTH_REQUIRED
This looks like the basic exchange with the KDC did not do any DNS lookups (other than the hostname).
DNS 79 Standard query 0x314d URI _kerberos.GOGO.LOCO
DNS 154 Standard query response 0x314d No such name URI
_kerberos.GOGO.LOCO SOA a.root-servers.net
DNS 91 Standard query 0xfc89 SRV _kerberos-master._udp.GOGO.LOCO
DNS 166 Standard query response 0xfc89 No such name SRV >_kerberos-master._udp.GOGO.LOCO SOA a.root-servers.net
This looks like it is trying to find the name of the primary KDC. You could put a line "master_kdc = dc1.gogo.logo" under the [realms] stanza and I
believe it would suppress these lookups (the preferred relation name was changed to "primary_kdc" in 1.19 but it is still supposed to fall back
to the older name). I think that should get rid of all of the lookups
I see (I believe the PREAUTH_REQUIRED error makes it want to find the primary KDC).
--Ken
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)