Windows: realmofhost() via DNS?
Richard E. Silverman
res at qoxp.net
Mon Mar 6 21:04:33 EST 2006
Sorry if this is an FAQ; I didn't find it anywhere.
Is it possible to get a Windows Kerberos client or KDC to look up the
realm of a host via the usual DNS TXT records? I know it ordinarily uses
KDC referrals, but a far as I know there is no referral support in MIT
Kerberos. Windows can be made to use the DNS for KDC lookup via SRV
records for non-Windows realms (with ksetup), so I am hoping this can be
done too.
If not, how do people handle this? I cannot put all hosts for one realm
or another in matching DNS domains; existing structure precludes it, so we
have lots of individual host realm RR's which we need honored.
Even if it means duplicating the per-host mappings on the domain
controllers in some form, so the DCs could issue appropriate referrals, we
could handle that.
Thanks,
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list