I agree with what you have said here. There is a need for higher degree of integration between KDC and DNS. So, how can one implement this using the MIT/Heimdal Kerberos with BIND DNS? It is still not clear to me what needs to be changed except secure query to DNS server, e.g. are you imply that the realm needs to be DNS zone (as in Microsoft win2k)?
-peter <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]. .. ... > Implementing this really means that the KDC and the DNS name service have to have a higher degree of integration because the KDC now needs to have secure access to the same info as stored in the zone files for the same realms' domains. Mind you, there already has to be a pretty good correlation between the two - now it has to be more formal. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
