On Sun, Dec 31, 2000 at 05:03:41PM +0900, Jun-ichiro itojun Hagino wrote:

 > 	what is the best strategy to run kerberos on laptops?
 > 	by "laptops", i mean:
 > 	- we may not have IP address at all (modulo loopback)
 > 	- IP address changes over time
 > 	- i don't want kinit/login to stuck forever when there's no connectivity
 > 	if you have a good way of doing it, please let me know...

I simply put the default realm in my /etc/krb5.conf, and rely on
DNS SRV records to get the other stuff:

; KDC and realm 
_kerberos._udp          IN      SRV     01 00 88 hostname.foo.org.
_kerberos-adm._udp      IN      SRV     01 00 88 hostname.foo.org.
_kpasswd._udp           IN      SRV     01 00 88 hostname.foo.org.
_kerberos._tcp          IN      SRV     01 00 88 hostname.foo.org.
_kerberos-adm._tcp      IN      SRV     01 00 88 hostname.foo.org.
_kpasswd._tcp           IN      SRV     01 00 88 hostname.foo.org.
_kerberos               IN      TXT     FOO.ORG

So, if DNS is unavailable (due to lack of a way to contact the servers
in your resolv.conf), the right failure mode occurs.

This seems to work fine for me -- I log in to my (disconnected) laptop
all the time while taking the train to work.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>