MIT support for site specific SRV records

[Lars]

Hi

Any plans for implementing support in MIT Kerberos for Active
Directory site awareness?

Microsoft Active Directory implements site specific SRV records for
locating KDC's, this concept make clients and servers dynamically
using the local KDC's even if the realm covers large geographical
areas

For now this should primarily be to make MIT based clients work better
in an AD based realm

Some vendors seems to have implemented this type of functions
(www.vintela.com) but I think this should be an improvement to get
this type of functions in the MIT distribution of Kerberos

The format of this SRV records is like this
_kerberos._tcp.<site>._sites.<REALM>

Could this be done by add the possibility to add a list of sites in
the configuration file

Example krb5.conf

[libdefaults]
    default_realm = ATHENA.MIT.EDU
    dns_lookup_kdc = true
    dns_lookup_realm = false
    
    srv_realm_prefix_list = (
 	site1._sites
	site2._sites
    )

[realms]
    ATHENA.MIT.EDU = {
    	kdc = kerberos.mit.edu
    	kdc = kerberos-1.mit.edu
    	kdc = kerberos-2.mit.edu
    	admin_server = kerberos.mit.edu
    {

In this example it should try to locate a KDC with the following
queries against DNS

_kerberos._udp.site1._sites.athena.mit.edu
_kerberos._tcp.site1._sites.athena.mit.edu

_kerberos._udp.site2._sites.athena.mit.edu
_kerberos._tcp.site2._sites.athena.mit.edu

And maybe also the not site specific variant to failback to any KDC if
the local KDC fails
_kerberos.udp.athena.mit.edu
_kerberos.tcp.athena.mit.edu

Does the MIT Kerberos client support both udp and tcp when accessing
the KDC?
By default only _kerberos._tcp and not _kerberos_udp site specific
records are created, for the generic SRV records without site part
both udp and tcp records are created


Best Regards Lars