[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A question on realm discovery logic

Zeqing (Fred) Xia wrote:
> Hi All,
> It seems to me that Heimdal tries to find the realm of a given host by 
> looking up DNS TXT record of “_kerberos.” + <host> + “.”. For example, 
> if the host is “abc.xyz.com”, Heimdal first tries looking for TXT 
> record of “_kerberos.abc.xyz.com.” and then “_kerberos.xyz.com.”. This 
> is in get_host_realm.c. However I cannot find this logic in Kerberos 
> RFC 4120, and not in practice either. Is this something extra?
DNS TXT record lookups are not standardized but they are supported in 
both Heimdal and MIT Kerberos.

Jeffrey Altman