Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1561584
Description of problem: The presence of a [domain_realm] profile mapping in /etc/krb5.conf prevents DNS-based kerberos referrals from working. As IdM starts supporting realm trust, it probably makes sense to not populate [domain_realm] by default, pushing clients to perform DNS realm lookups (_kerberos TXT record for realm).
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1561584
Robbie made some arguments against the proposed change for RHEL 7. RHEL 7 is still on krb5-1.15. Some heuristics fallback heuristics were added in 1.16.
Login to comment on this ticket.