Discover a Kerberos KDC
Steve Langasek
vorlon at dodds.net
Mon Aug 19 15:32:01 EDT 2002
On Mon, Aug 19, 2002 at 11:44:11AM -0700, Joe wrote:
> How does one discover a Kerberos KDC through DNS? Several people I
> have spoken with say it is possible, but when I ask them _how_ to do
> it they give me a blank look. All of the online resources I have
> looked at are geared to administration rather than application
> development, and as such are less than helpful.
The KDCs for a domain are found by looking up SRV records for the name
'_kerberos._udp.domain.com.' For instance, I use the following snippet in
my bind zonefile:
_kerberos._udp IN SRV 0 0 88 kerberos-1
IN SRV 0 0 88 kerberos-2
this says that the KDCs for this domain are the machines named
'kerberos-1' and 'kerberos-2' within the domain.
Steve Langasek
postmodern programmer
More information about the Kerberos
mailing list