Ksetup and DNS SRV for X Real resolution.

damian crosby decrosby at tiscali.co.uk
Wed Sep 23 15:26:55 EDT 2009

Right but will the Windows Kerberos SSP use the SRV lookup to resolve the
KDC correctly if you just specify the realm and what form should the SRV
records take?

Do you have an example?



-----Original Message-----
From: Yi Zeng [mailto:yizen at microsoft.com] 
Sent: 23 September 2009 20:09
To: damian crosby
Subject: RE: Ksetup and DNS SRV for X Real resolution.

"Ksetup /addkdc REALM" should do it.



-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
Of damian crosby
Sent: Wednesday, September 23, 2009 10:57 AM
To: kerberos at mit.edu
Subject: Ksetup and DNS SRV for X Real resolution.



When creating xrealm trusts to enable the Windows domain to locate the MIT
equivalent you typically run ksetup /addkdc Realm kdc.realm This creates an
entry in the registry which is an equivalent to the Krb5.conf file. The
Windows Kerberos SSP looks in the registry for the DNS domain name and uses
DNS to resolve this to the appropriate IP. 


Q. Instead of manually specifying the KDC's can Windows use DNS SRV records
to locate the MIT KDC as per RFC 2052? Has anyone had success with this?




Kerberos mailing list           Kerberos at mit.edu

More information about the Kerberos mailing list