Ksetup and DNS SRV for X Real resolution.

damian crosby decrosby at tiscali.co.uk
Wed Sep 23 13:56:30 EDT 2009


Hi,

 

When creating xrealm trusts to enable the Windows domain to locate the MIT
equivalent you typically run ksetup /addkdc Realm kdc.realm This creates an
entry in the registry which is an equivalent to the Krb5.conf file. The
Windows Kerberos SSP looks in the registry for the DNS domain name and uses
DNS to resolve this to the appropriate IP. 

 

Q. Instead of manually specifying the KDC's can Windows use DNS SRV records
to locate the MIT KDC as per RFC 2052? Has anyone had success with this?

 

Thanks.

 




More information about the Kerberos mailing list