> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > On Behalf Of Grau, Stephen > Sent: Monday, August 19, 2002 9:01 PM > To: [EMAIL PROTECTED] > Subject: RE: Discover a Kerberos KDC > > > From the install guide: > > The second mechanism, recently introduced into the MIT code > base but not currently used by default, works by looking up > the information in special TXT records in the Domain Name > Service. If this mechanism is enabled on the client, it will > try to look up a TXT record for the DNS name formed by > putting the prefix _kerberos in front of the hostname in > question. If that record is not found, it will try using > _kerberos and the host's domain name, then its parent domain, > and so forth. So for the hostname > BOSTON.ENGINEERING.FOOBAR.COM, the names looked up would be: > > > > _kerberos.boston.engineering.foobar.com > _kerberos.engineering.foobar.com > _kerberos.foobar.com > _kerberos.com > > > > The value of the first TXT record found is taken as the realm > name. (Obviously, this doesn't work all that well if a host > and a subdomain have the same name, and different realms. > For example, if all the hosts in the ENGINEERING.FOOBAR.COM > domain are in the ENGINEERING.FOOBAR.COM realm, but a host > named ENGINEERING.FOOBAR.COM is for some reason in another > realm. In that case, you would set up TXT records for all > hosts, rather than relying on the fallback to the domain name.)
What do I put in the clients /etc/krb5.conf, having set up the DNS in this way? When leaving out the information now found in DNS, kerberos apps just complain about lacking configuration/options.. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
