On 25.04.2017 16:57, Martin Bašti wrote:
Hello all,

I'm going to implement automatic URI records for kdc proxy and I'd like to clarify if following URI records are the right one.

_kerberos-adm.example.com. IN URI <prio> 0 "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy";

_krb5kdc.example.com. IN URI <prio> 0 "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy";

_kpasswd.example.com. IN URI <prio> 0 "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy";

I assume we want to use "kkdcp" and "https", and "M" flag as all IPA servers are masters, please confirm.




Thank you

I found out that wiki page differs from the RFC draft and from the source in git

There is "_kerberos.REALM" record instead of "_krb5kdc.REALM"

And I'm not sure if _kerberos-adm should be included as we don't really support kadmin.

Martin Bašti
Software Engineer
Red Hat Czech

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to