FQDN needed by sasl_gss_client_step or gss_import_name?
peter huang
peter_huang at hp.com
Thu May 23 09:29:05 EDT 2002
I agree with what you have said here. There is a need for higher degree of
integration between KDC and DNS. So, how can one implement this using the
MIT/Heimdal Kerberos with BIND DNS? It is still not clear to me what
needs to be changed except secure query to DNS server, e.g. are you imply
that the realm needs to be DNS zone (as in Microsoft win2k)?
-peter
<Nicolas.Williams at ubsw.com> wrote in message
news:9403F8EE868566448AA1B70D8F783C95334F26 at NSTMC004PEX1.ubsgs.ubsgroup.net.
..
...
> Implementing this really means that the KDC and the DNS name service have
to have a higher degree of integration because the KDC now needs to have
secure access to the same info as stored in the zone files for the same
realms' domains. Mind you, there already has to be a pretty good correlation
between the two - now it has to be more formal.
More information about the Kerberos
mailing list