[39485] in Kerberos
Re: define own SRV-record
daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)
Wed Feb 26 13:46:32 2025
MIME-Version: 1.0
In-Reply-To: <4c320b53-995e-4d44-983e-361380bdc234@kania-online.de>
From: Jeffrey Hutzelman <jhutz@cmu.edu>
Date: Wed, 26 Feb 2025 13:46:09 -0500
Message-ID: <CALF+FNzOd4dj3bxJqZjrWEjcL-MgRcQmizZ+n0VRDB0D4k0Z-A@mail.gmail.com>
To: Stefan Kania <stefan@kania-online.de>
Cc: Jonathan Calmels via Kerberos <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
No; the names of these records are fixed by the standards. You can
hand-configure the server names in krb5.conf instead of using DNS SRV
records. However, even then, your Kerberos realm should not have the same
name as a Windows domain -- that's essentially having two realms with the
same name, which will not work out well.
On Wed, Feb 26, 2025, 13:40 Stefan Kania <stefan@kania-online.de> wrote:
> Hi to all,
>
> I'm having the following problem:
>
> I set up an openldap with kerberos, now I want to add the srv-records
> for Kerberos, but as DNS-Server we MUST use a DNS-Server from Active
> Directory. So I can't add a srv-record _kerberos._tcp, because the
> domain controller of the AD are keeping these records. So I would like
> to add my own srv-record like _olkerberos._tcp so that I can use these
> srv-records for krb5.conf. I'm already doing this for sssd, because
> there I can configure the name of the srv-record. Can I do the same in
> krb5.conf? If yes what do I have to do?
>
> Thanks
>
> Stefan
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
