Implementing IETF Draft on DNS use in Kerberos
Will Fiveash
william.fiveash at sun.com
Tue Jul 16 16:27:00 EDT 2002
On Tue, Jul 16, 2002 at 03:12:11PM -0400, Jeffrey Altman wrote:
> > Hi,
> >
> > We are planning to implement the Internet draft
> > "draft-ietf-cat-krb-dns-locate-02.txt" in its entirety and for
> > this we might introduce a new parameter in the krb5.conf file
> > indicating the use of DNS to locate all the server locations.
> >
> > Has anybody implemented the draft or faced any problems in the use
> > of DNS to locate the server locations ??
> >
> > Thanks,
> >
> > Hari.
>
> The draft is implemented in MIT Kerberos, Heimdal and Win2000/XP
The DNS lookup of admin_server doesn't appear to be implemented in MIT
1.2.5. I think that is why Hari asked the question.
Note, it appears that MIT is using a krb5.conf [realm] parameter
called dns_lookup_kdc to determine whether DNS lookups should be done
for both the KDC and kpasswd server (if krb5.conf exists). If DNS
lookup for admin_server is also controlled by dns_lookup_kdc wouldn't
it make more sense to rename dns_lookup_kdc to something more generic
like: dns_lookup_kservers ?
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev
mailing list