DNS lookups and krb4 Support
Jeffrey Altman
jaltman at columbia.edu
Mon Jun 2 13:18:03 EDT 2003
The Windows KRB4 tries:
1) krb.con
2) "kerberos" SRV record
3) "kerberos.REALM" A or CNAME record
Shall we agree to alter this to read:
1) krb.com
2) "kerberos-iv" SRV record
if "kerberos-iv" SRV record does not exist and does not return "." try
3) "kerberos" SRV record
4) "kerberos.REALM" A or CNAME record
- Jeff
Alexandra Ellwood wrote:
>> Does Heimdal use "kerberos-iv" and "krb524"?
>
>
> Heimdal/KTH-KRB tries the following locations (in the listed order)
> for each Kerberos service:
>
> krb5:
> 1) krb5.conf
> 2) "kerberos" SRV record
> 3) "kerberos.REALM" A or CNAME record
>
> krb524:
> 1) krb5.conf
> 2) "krb524" SRV record
> 3) "kerberos" SRV record
> 4) "kerberos.REALM" A or CNAME record
>
> krb4:
> 1) krb.conf
> 2) "kerberos-iv" SRV record
> 3) "kerberos.REALM" A or CNAME record
>
>
> (Note that the "kerberos.REALM" DNS lookups are from a old krb4 DNS
> config that Heimdal still supports -- basically it just calls
> gethostbyname("kerberos." + REALM) and uses the result as the server.
> Obviously this only works if the kerberos server in question is using
> the default ports and if the site has control over the DNS domain with
> the same name as the realm.)
>
>
> --lxs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3590 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20030602/2afe6519/attachment.bin
More information about the krbdev
mailing list