Andrew Bartlett wrote:
> > 
> > I'm trying to use a DNS TXT record to lookup domain to realm
> > mappings:
> > 
> > $ dig +short txt _kerberos.mydomain.example
> > "FOO.EXAMPLE"
> > $ dig +short srv _kerberos._udp.mydomain.example
> > 20 0 88 big.mydomain.example.
> > 10 0 88 small.mydomain.example.
> > 
> > However, a Kerberos client, after correctly discovering its realm as
> > "FOO.EXAMPLE", is trying to lookup _kerberos._udp.FOO.EXAMPLE etc.
> > 
> > Is it expected behaviour? I supposed it should be looking up
> > _kerberos._udp.mydomain.example. 
> 
> Are you looking for dns_lookup_realm, not dns_lookup_kdc?

I'm looking for the algorithm of KDC discovery in a situation where
the DNS domain and Kerberos realm are different.

Should it look up _kerberos._udp.dnsdomain or _kerberos._udp.realm ?

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru

Reply via email to