Differentiated kdc lists
Ken Raeburn
raeburn at MIT.EDU
Sat Dec 11 00:54:34 EST 2004
On Dec 10, 2004, at 03:57, Henry B. Hotz wrote:
> To address one of Ken's comments: we don't use DHCP, except in
> conference rooms and on wireless, so that doesn't get us much.
It occurs to me that I was assuming hosts might move from one
environment to another, hence the assumption of DHCP. If hosts don't
move around, and the conditional use is just to simplify the setup,
there are other options.
IIRC, the spec for SRV records says that for entries of equal priority,
the host is allowed to use other data to prioritize them, such as
network topology data. So you could list all of them, and while at
location A you try the servers at location A first. (That implies
you'd wind up trying the servers not at location A if those at location
A didn't respond, but if they're not responding, and if you're
occasionally connected to the rest of the world, maybe that's a good
thing.)
We're also looking at ways to allow sites to customize the KDC location
step, but we haven't got finished code yet.
I don't mean to say you shouldn't use your original idea, just tossing
around some other options...
Ken
More information about the krbdev
mailing list