Reading kerberos-adm from DNS: when will MIT-krb support this?
Ken Raeburn
raeburn at MIT.EDU
Mon Mar 12 23:02:56 EDT 2007
On Mar 12, 2007, at 22:25, Marcus Watts wrote:
> Looks like it should be possible to use
> krb5int_locate_server(?, ?, ?, locate_service_kadmin, SOCK_STREAM,
> AF_INET);
> (or, as you say, equivalent IPv6 logic,) presumably followed by
> some sort
> of loop based on whatever comes back in addrlist, looping to connect,
> and returning the first connection that also succeeds with
> clnttcp_create,
> plus some sort of application hook for "kadmin -s host:port" to
> override the behavior of krb5int_locate_server.
Yes, it should. That would also fix up the lack of fallback
capability for multi-master setups (e.g., using the LDAP back end,
and multiple kadmind servers running).
> IPv6 support raises the question of an IPv6 portmapper, even though
> your
> code doesn't actually need this...
There's also the pesky little matter of having exposed in installed
header files the data structures that need to be modified for IPv6. :-(
Ken
More information about the Kerberos
mailing list