Ticket 5338: Race conditions in key rotation
Jeffrey Altman
jaltman at secure-endpoints.com
Wed Jun 25 18:58:12 EDT 2008
Jeffrey Hutzelman wrote:
> --On Wednesday, June 25, 2008 05:51:08 PM -0400 Jeffrey Altman
> <jaltman at secure-endpoints.com> wrote:
>
>> Its not the admin_server unless your master_kdc and admin_server records
>> are pointing to the same
>> machines.
>
> I'm sorry, what records are those?
>
> I have SRV records for
> _KERBEROS._TCP
> _KERBEROS._UDP
> _KPASSWD._UDP
> _KRB524._UDP
>
> Which of these records does the MIT code use, and does your proposal
> use, for identifying the "master" KDC in the absence of configuration
> in krb5.conf?
_kerberos-master._udp.
_kerberos-master._tcp.
See
http://web.mit.edu/kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-admin.html#Hostnames-for-KDCs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20080625/1d1aa1c1/attachment.bin
More information about the krbdev
mailing list