DNS lookups and krb4 Support
Sam Hartman
hartmans at MIT.EDU
Mon Jun 2 13:25:45 EDT 2003
>>>>> "Jeffrey" == Jeffrey Altman <jaltman at columbia.edu> writes:
Jeffrey> Shall we agree to alter this to read:
Jeffrey> 1) krb.com 2) "kerberos-iv" SRV record if "kerberos-iv"
Jeffrey> SRV record does not exist and does not return "." try 3)
Jeffrey> "kerberos" SRV record 4) "kerberos.REALM" A or CNAME
Jeffrey> record
I agree this is a valid option to consider. There is a reasonable
probability this is what we will decide on.
However, keep in mind that there is a large class of realms out there
that do not support krb4 and will not ever advertize a kerberos-iv SRV
record indicating the service is unavailable. I'm thinking of Windows
active directory realms.
So, I believe another option to consider is
1) krb.conf|krb5.conf
2) kerberos-iv SRV record
More information about the krbdev
mailing list