Implementing IETF Draft on DNS use in Kerberos

Will Fiveash william.fiveash at
Tue Jul 16 16:27:00 EDT 2002

On Tue, Jul 16, 2002 at 03:12:11PM -0400, Jeffrey Altman wrote:
> > Hi,
> > 
> > We are planning to implement the Internet draft
> > "draft-ietf-cat-krb-dns-locate-02.txt" in its entirety and for
> > this we might introduce a new parameter in the krb5.conf file
> > indicating the use of DNS to locate all the server locations. 
> > 
> > Has anybody implemented the draft or faced any problems in the use
> > of DNS to locate the server locations ?? 
> > 
> > Thanks,
> > 
> > Hari.
> The draft is implemented in MIT Kerberos, Heimdal and Win2000/XP

The DNS lookup of admin_server doesn't appear to be implemented in MIT
1.2.5.  I think that is why Hari asked the question.  

Note, it appears that MIT is using a krb5.conf [realm] parameter
called dns_lookup_kdc to determine whether DNS lookups should be done
for both the KDC and kpasswd server (if krb5.conf exists).  If DNS
lookup for admin_server is also controlled by dns_lookup_kdc wouldn't
it make more sense to rename dns_lookup_kdc to something more generic
like: dns_lookup_kservers ?

Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the krbdev mailing list