Benjamin Kaduk wrote:
> > >
> > > $ dig +short _kerberos.pdc.kth.se txt
> > > "NADA.KTH.SE"
> > >
> > > yes :)
> > >
> > > Then to find the KDC:
> > >
> > > $ dig +short _kerberos._udp.NADA.KTH.SE srv
> >
> > So, it looks up _kerberos._udp.${REALM}, not _kerberos._udp.${DNS_SUFFIX}.
> >
> > Too bad. I expected that the _kerberos._udp.${DNS_SUFFIX} would do the job.
> 
> Nope, the realm is explicitly treated as a DNS (suffix) name for the
> lookup of KDC addresses.
> 
> See https://tools.ietf.org/html/rfc4120#section-7.2.3.2

Pity. The ${REALM} is just a realm, I did not want to support a special
DNS zone of the same name with the realm, but now I see I have to.

Thanks for clarifying anyway.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru

Reply via email to