Admin SRV RR support

Jaap Winius jwinius at umrk.nl
Thu Dec 2 20:29:26 EST 2010


On Thu, 02 Dec 2010 19:36:24 -0500, Greg Hudson wrote:

> A little more investigation indicates that we use _kerberos-adm SRV
> records for password changes, but not for the kadmin client.

For password changes? I would have expected that to be:

   _kpasswd._udp

... although the kpasswd5 service is also available on tcp port 464. In 
contrast, the kerberos-adm service is on tcp port 749.

> I don't know if this is a particularly strong driver of implementation
> choice as you suggest, but I'll make a note to try to implement this for
> 1.10.

That would be great! This particular RR is mentioned in more than a few 
publications and its availability will make it unnecessary to maintain 
any server references in /etc/krb5.conf at all.

Thanks, Greg!

Cheers,

Jaap



More information about the Kerberos mailing list