No _kerberos.domain entry in Windows DNS?
Jeffrey Altman
jaltman at secure-endpoints.com
Tue Mar 11 11:26:34 EDT 2008
Speedo wrote:
> According to http://tools.ietf.org/html/draft-ietf-krb-wg-krb-dns-locate-03,
> there should be _kerberos.domain and _kerberos._udp.domain DNS
> entries. I found both in a UNIX systsem, but only the 2nd one in
> Windows DNS.
1. An IETF Internet Draft that expired in 2003.
2. It was never standardized.
3. Nowhere in the document does it state that anyone SHOULD deploy
them. In fact it provides several reasons in the Security
Considerations section describing why TXT records should not be deployed
even though their use does address a configuration distribution problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080311/ff90fcd5/attachment.bin
More information about the Kerberos
mailing list