DNS lookups and krb4 Support
vorlon at netexpress.net
Sat May 31 15:04:24 EDT 2003
On Sat, May 31, 2003 at 02:37:06PM -0400, Jeffrey Altman wrote:
> I have several ideas that might be applicable. A DNS SRV record of
> without an accompanying
> record could be interpreted to mean Kerberos 5 only.
> Another idea could involve the publication of a negative DNS SRV record:
> We would need to have a discussion with the DNS community to see what is
> Whatever we do will always have the problem of the existing installed
> base considering _kerberos._udp.<domain> to mean both Kerberos 4 and
> Kerberos 5. Therefore, anything we would want to do would require
> deprecating _kerberos and replacing it with _kerberos4 and _kerberos5.
> Unfortunately, this would do nothing to solve the problem for existing
Correct me if I'm wrong, but doesn't the krb4 kdc support still run on
port 750 rather than port 88? That means there should be a separate,
explicit _kerberos4._udp SRV entry for this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20030531/6d025b4a/attachment.bin
More information about the krbdev