tech-net: Re: kerberos on laptops

Subject: Re: kerberos on laptops
To: None <thorpej@zembu.com>
From: None <itojun@iijlab.net>
List: tech-net
Date: 12/31/2000 09:25:55

>I simply put the default realm in my /etc/krb5.conf, and rely on
>DNS SRV records to get the other stuff:
>
>; KDC and realm 
>_kerberos._udp          IN      SRV     01 00 88 hostname.foo.org.
>_kerberos-adm._udp      IN      SRV     01 00 88 hostname.foo.org.
>_kpasswd._udp           IN      SRV     01 00 88 hostname.foo.org.
>_kerberos._tcp          IN      SRV     01 00 88 hostname.foo.org.
>_kerberos-adm._tcp      IN      SRV     01 00 88 hostname.foo.org.
>_kpasswd._tcp           IN      SRV     01 00 88 hostname.foo.org.
>_kerberos               IN      TXT     FOO.ORG
>
>So, if DNS is unavailable (due to lack of a way to contact the servers
>in your resolv.conf), the right failure mode occurs.

	mmm, I run nameserver on laptop, configured as itojun.org's
	unauthorized secondary, and have "nameserver 0.0.0.0" on resolv.conf...

itojun