dns_canonicalize_hostname is not always a boolean value
flowerysong opened this issue · comments
flowerysong commented
MIT Kerberos 1.18 added support for dns_canonicalize_hostname = fallback
, which initially acts like dns_canonicalize_hostname = false
, then retries the request with a canonicalized hostname if it fails due to an unknown service principal. (See https://web.mit.edu/kerberos/krb5-devel/doc/admin/princ_dns.html#service-principal-canonicalization)
Lines 172 to 177 in 855dbc7
krb5.conf
for Fedora.)