Discover a Kerberos KDC

Joe muselix at angelfire.com
Tue Aug 20 09:48:56 EDT 2002


I thank everyone for their help, but perhaps I need to be more
specific.
I am a contractor for a large government agency tasked with writing an
application and I would like to use Kerberos against a Windows 2000
Active Directory service for authentication purposes.  The domain
controllers are maintained by a competing contract firm that either
through spite or ignorance refuse to answer my questions.  The
application is written in Java and uses the Java Authentication and
Authorization Service to contact Kerberos.  When tested against a
Win2k domain that I control, I can pass it the domain name, the KDC
host name, a user name and password and receive authorization from the
server.  However, when I pass JAAS any KDC name other than the host
name (i.e.  _kerberos._tcp.DOMAIN.TLD, which is specified in the
netlogon.dns file on the domain controller as a mapping), the JAAS
throws an UnknownHostException.  So in order to deploy my application
to the agency as a whole, I somehow need to discover a KDC host name
within a domain that I do not control.  Is there a mechanism that can
do this for me?

muselix at angelfire.com (Joe) wrote in message news:<b024bd2b.0208191044.75949766 at posting.google.com>...
> How does one discover a Kerberos KDC through DNS?  Several people I
> have spoken with say it is possible, but when I ask them _how_ to do
> it they give me a blank look.  All of the online resources I have
> looked at are geared to administration rather than application
> development, and as such are less than helpful.



More information about the Kerberos mailing list