On Sun, 14 Mar 2010 19:12:33 +1100 Brian May <br...@microcomaustralia.com.au> wrote:
> 2010/3/14 Denis Feklushkin <denis.feklush...@gmail.com>: > > I thought that if no realms provided by krb5.conf then DNS domain with srv > > record will be default realm > > The SRV record doesn't contain the realm, it contains the servers. > Heimdal can't contact the server until it knows the realm. http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-DNS.html > Heimdal will try to use DNS to find the KDCs for a realm. First it will try > to find a SRV resource record (RR) for the realm. If no SRV RRs > are found, > it will fall back to looking for an A RR for a machine named kerberos.REALM, > and then kerberos-1.REALM, etc > Adding this information to DNS minimises the client configuration > (in the common case, resulting in no configuration needed) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Here I am just about >and allows the system administrator to change the number of KDCs and on what >machines they are running without caring about clients. > > Maybe you are thinking of TXT records? > > See: > <http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-DNS.html> > > Note, if I am reading this correctly, each client host > requires its own TXT record. http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzakh/rzakhdefinerealmsdns.htm Add TXT records to associate host names with realm names. The Kerberos protocol searches for a TXT record starting with the host name. If no TXT record is found, the first label is removed and the search is retried with the new name. This process continues until a TXT record is found or the root is reached. Note that the realm name is case-sensitive in the TXT record. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
