DNS lookups and krb4 Support
Alexandra Ellwood
lxs at MIT.EDU
Mon Jun 2 12:56:02 EDT 2003
>Does Heimdal use "kerberos-iv" and "krb524"?
Heimdal/KTH-KRB tries the following locations (in the listed order)
for each Kerberos service:
krb5:
1) krb5.conf
2) "kerberos" SRV record
3) "kerberos.REALM" A or CNAME record
krb524:
1) krb5.conf
2) "krb524" SRV record
3) "kerberos" SRV record
4) "kerberos.REALM" A or CNAME record
krb4:
1) krb.conf
2) "kerberos-iv" SRV record
3) "kerberos.REALM" A or CNAME record
(Note that the "kerberos.REALM" DNS lookups are from a old krb4 DNS
config that Heimdal still supports -- basically it just calls
gethostbyname("kerberos." + REALM) and uses the result as the server.
Obviously this only works if the kerberos server in question is using
the default ports and if the site has control over the DNS domain
with the same name as the realm.)
--lxs
--
-----------------------------------------------------------------------------
Alexandra Ellwood <lxs at mit.edu>
MIT Information Systems http://mit.edu/lxs/www/
-----------------------------------------------------------------------------
--
More information about the krbdev
mailing list