[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A question on realm discovery logic

To: heimdal-discuss@sics.se, "Zeqing (Fred) Xia" <fxia@juniper.net>
Subject: Re: A question on realm discovery logic
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Tue, 18 Dec 2007 12:45:44 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple;d=secure-endpoints.com; s=MDaemon; t=1197999956; x=1198604756;q=dns/txt; h=DomainKey-Signature:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:Reply-To; bh=UqSFQT+znyrBJGP6DwE+Z8ONFUXBVWx3fKmuwuI+h6s=; b=vfAjwmWiAEb7eWUl+6mIgMtQKl/ElqmL8Gcf0tDQ4LIW4yvSkwNoS2JOpYis7xhNdIrOErDwmwuTc5y+hTY8axeIgUtMvXBXnachBc7ZX0i+kfzgecMa9jGWy52fgaaM4Kj6OK7d2WrnszjdukTbfTDwF8MMpc394SAZ0rlwoys=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=secure-endpoints.com;c=simple; q=dns; h=message-id:from;b=FmF6yiBOiaPInbnXEwjhUqU/nDV8khPLg18wvi2BiLmHLU/8dTpegJIXhVeyH6yGiy7+LqL6vCsrD9cBYaMPHhsnrVMNPi3o5xK6IkyvikXnSW30ZqRKBS83Y4vcyfyrnGbDvwodRv9ryxpFxAHflOa8/jy1OWZjL0yeyrATGOo=;
In-Reply-To: <61663514904A90488C38CE60FEDF67F40535A05C@antitop.jnpr.net>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <61663514904A90488C38CE60FEDF67F40535A05C@antitop.jnpr.net>
Reply-To: heimdal-discuss@sics.se, Jeffrey Altman <jaltman@secure-endpoints.com>
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)

Zeqing (Fred) Xia wrote:
>
> Hi All,
>
> It seems to me that Heimdal tries to find the realm of a given host by 
> looking up DNS TXT record of “_kerberos.” + <host> + “.”. For example, 
> if the host is “abc.xyz.com”, Heimdal first tries looking for TXT 
> record of “_kerberos.abc.xyz.com.” and then “_kerberos.xyz.com.”. This 
> is in get_host_realm.c. However I cannot find this logic in Kerberos 
> RFC 4120, and not in practice either. Is this something extra?
>
DNS TXT record lookups are not standardized but they are supported in 
both Heimdal and MIT Kerberos.

Jeffrey Altman

References:
- A question on realm discovery logic
  - From: "Zeqing (Fred) Xia" <fxia@juniper.net>

Prev by Date: RE: GSSAPI and realm lookup hook
Next by Date: Heimdal-1.0.2 for Mac OS 10.4?
Prev by thread: A question on realm discovery logic
Next by thread: Heimdal-1.0.2 for Mac OS 10.4?
Index(es):
- Date
- Thread