>From the install guide: The second mechanism, recently introduced into the MIT code base but not currently used by default, works by looking up the information in special TXT records in the Domain Name Service. If this mechanism is enabled on the client, it will try to look up a TXT record for the DNS name formed by putting the prefix _kerberos in front of the hostname in question. If that record is not found, it will try using _kerberos and the host's domain name, then its parent domain, and so forth. So for the hostname BOSTON.ENGINEERING.FOOBAR.COM, the names looked up would be:
_kerberos.boston.engineering.foobar.com _kerberos.engineering.foobar.com _kerberos.foobar.com _kerberos.com The value of the first TXT record found is taken as the realm name. (Obviously, this doesn't work all that well if a host and a subdomain have the same name, and different realms. For example, if all the hosts in the ENGINEERING.FOOBAR.COM domain are in the ENGINEERING.FOOBAR.COM realm, but a host named ENGINEERING.FOOBAR.COM is for some reason in another realm. In that case, you would set up TXT records for all hosts, rather than relying on the fallback to the domain name.) Even if you do not choose to use this mechanism within your site, you may wish to set up anyways, for use when interacting with other sites. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, August 19, 2002 2:44 PM To: [EMAIL PROTECTED] Subject: Discover a Kerberos KDC How does one discover a Kerberos KDC through DNS? Several people I have spoken with say it is possible, but when I ask them _how_ to do it they give me a blank look. All of the online resources I have looked at are geared to administration rather than application development, and as such are less than helpful. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
