It seems that your understanding is mostly correct. All this should be documented in the 1.3.1 admin guide for MIT Kerberos.
I believe that Kerberos 4 will always use DNS to find KDCs (and never to find realm mappings) but it uses _kerberos-iv rather than _kerberos. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
