[39486] in Kerberos
Re: define own SRV-record
daemon@ATHENA.MIT.EDU (Simo Sorce)
Wed Feb 26 14:12:56 2025
Message-ID: <27e41f65d41278742d12c88a4ccb3cb96bcc6e05.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Stefan Kania <stefan@kania-online.de>, kerberos@mit.edu
Date: Wed, 26 Feb 2025 14:11:20 -0500
In-Reply-To: <4c320b53-995e-4d44-983e-361380bdc234@kania-online.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
You are barking up the wrong tree because your request also means you
intend to use the same kerberos realm for two distinct realms, and this
will not work and end up in pain.
Get your own subdomain (or a completely different second level domain),
and then you will be able to create your own records there.
On Wed, 2025-02-26 at 19:39 +0100, Stefan Kania wrote:
> Hi to all,
>
> I'm having the following problem:
>
> I set up an openldap with kerberos, now I want to add the srv-records
> for Kerberos, but as DNS-Server we MUST use a DNS-Server from Active
> Directory. So I can't add a srv-record _kerberos._tcp, because the
> domain controller of the AD are keeping these records. So I would like
> to add my own srv-record like _olkerberos._tcp so that I can use these
> srv-records for krb5.conf. I'm already doing this for sssd, because
> there I can configure the name of the srv-record. Can I do the same in
> krb5.conf? If yes what do I have to do?
>
> Thanks
>
> Stefan
>
--
Simo Sorce
Distinguished Engineer
RHEL Crypto Team
Red Hat, Inc
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
