Right but will the Windows Kerberos SSP use the SRV lookup to resolve the KDC correctly if you just specify the realm and what form should the SRV records take?
Do you have an example? Thanks. Damian. -----Original Message----- From: Yi Zeng [mailto:[email protected]] Sent: 23 September 2009 20:09 To: damian crosby Subject: RE: Ksetup and DNS SRV for X Real resolution. "Ksetup /addkdc REALM" should do it. Thanks, yizeng -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of damian crosby Sent: Wednesday, September 23, 2009 10:57 AM To: [email protected] Subject: Ksetup and DNS SRV for X Real resolution. Hi, When creating xrealm trusts to enable the Windows domain to locate the MIT equivalent you typically run ksetup /addkdc Realm kdc.realm This creates an entry in the registry which is an equivalent to the Krb5.conf file. The Windows Kerberos SSP looks in the registry for the DNS domain name and uses DNS to resolve this to the appropriate IP. Q. Instead of manually specifying the KDC's can Windows use DNS SRV records to locate the MIT KDC as per RFC 2052? Has anyone had success with this? Thanks. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
