On 9/15/2016 12:11 AM, Victor Sudakov wrote:
> Dear Colleagues,
> I'm trying to use a DNS TXT record to lookup domain to realm mappings:
> $ dig +short txt _kerberos.mydomain.example

This indicates that the Kerberos realm for "mydomain.example" is
"FOO.EXAMPLE".   The Kerberos library now needs to find the KDCs for
FOO.EXAMPLE and issues

> $ dig +short srv _kerberos._udp.mydomain.example
> 20 0 88 big.mydomain.example.
> 10 0 88 small.mydomain.example.

to obtain the list of KDC addresses that support the UDP protocol.
> However, a Kerberos client, after correctly discovering its realm as
> "FOO.EXAMPLE", is trying to lookup _kerberos._udp.FOO.EXAMPLE etc.
> Is it expected behaviour? I supposed it should be looking up
> _kerberos._udp.mydomain.example. 

The behavior as observed is correct.

Jeffrey Altman

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to