tickets with wrong DNS
Simo Sorce
simo at redhat.com
Sun Jun 8 14:21:03 EDT 2014
On Sat, 2014-06-07 at 16:13 +0200, steve wrote:
> Hi
> We have a Samba4 domain with some Linux clients joined under DHCP. We
> are updating their DNS records via the nsupdate facility in SSSD. All is
> fine, but the worrying issue is that the machines still function even
> with the wrong rr registered in dns. Is this correct behaviour?
The KDC has no way of knowing if DNS is correct or wrong, nor would it
trust the DNS even if it were able to ask a sensible question out of it.
In any case I do not see why it would be a problem that AS requests work
when you own the correct key. If you have the correct key that is proof
you are who you claim to be regardless of what DNS may think.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Kerberos
mailing list