[31503] in Kerberos
RE: Ksetup and DNS SRV for X Real resolution.
daemon@ATHENA.MIT.EDU (damian crosby)
Wed Sep 23 16:04:36 2009
X-IP-MAIL-FROM: decrosby@tiscali.co.uk
From: "damian crosby" <decrosby@tiscali.co.uk>
To: "'Yi Zeng'" <yizen@microsoft.com>, <kerberos@mit.edu>
Date: Wed, 23 Sep 2009 20:26:55 +0100
Message-ID: <F1F9F4744E3E4135935229ED8CDCE047@crosbyxp>
MIME-Version: 1.0
In-Reply-To: <B1064F56ACB0384C93843725BAA83414015980FF@TK5EX14MBXC110.redmond.corp.microsoft.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Right but will the Windows Kerberos SSP use the SRV lookup to resolve the
KDC correctly if you just specify the realm and what form should the SRV
records take?
Do you have an example?
Thanks.
Damian.
-----Original Message-----
From: Yi Zeng [mailto:yizen@microsoft.com]
Sent: 23 September 2009 20:09
To: damian crosby
Subject: RE: Ksetup and DNS SRV for X Real resolution.
"Ksetup /addkdc REALM" should do it.
Thanks,
yizeng
-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf
Of damian crosby
Sent: Wednesday, September 23, 2009 10:57 AM
To: kerberos@mit.edu
Subject: Ksetup and DNS SRV for X Real resolution.
Hi,
When creating xrealm trusts to enable the Windows domain to locate the MIT
equivalent you typically run ksetup /addkdc Realm kdc.realm This creates an
entry in the registry which is an equivalent to the Krb5.conf file. The
Windows Kerberos SSP looks in the registry for the DNS domain name and uses
DNS to resolve this to the appropriate IP.
Q. Instead of manually specifying the KDC's can Windows use DNS SRV records
to locate the MIT KDC as per RFC 2052? Has anyone had success with this?
Thanks.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
