On 2017-04-27 16:16, Martin Bašti wrote:
> On 27.04.2017 14:19, Christian Heimes wrote:
>> On 2017-04-27 14:00, Martin Bašti wrote:
>>> I would like to discuss consequences of adding kdc URI records:
>>> 1. basically all ipa clients enrolled using autodiscovery will use
>>> kdcproxy instead of KDC on port 88, because URI takes precedence over
>>> SRV in KRB5 client implementation. Are we ok with such a big change?
>> Does the client also prefer KKDCP if you give the Kerberos 88/UDP and
>> 88/TCP URIs a higher priority than the KKDCP HTTPS URIs?
> It should use 88/TCP, 88/UDP then, it can be a way how to avoid issues
> with clients.
Small correction: Kerberos should prefer UDP over TCP.


Christian Heimes
Senior Software Engineer, Identity Management and Platform Security

Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael
O'Neill, Eric Shander

Attachment: signature.asc
Description: OpenPGP digital signature

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to