netbsd-users: Re: Disable Kerberos in 1.5(

Subject: Re: Disable Kerberos in 1.5(_ALPHA)?
To: Johan Danielsson <joda@pdc.kth.se>
From: Nathan J. Williams <nathanw@MIT.EDU>
List: netbsd-users
Date: 06/26/2000 12:51:27

joda@pdc.kth.se (Johan Danielsson) writes:

> > Kerberos is pretty hosed if it can't map from realm name to KDC
> > names.
> 
> Use DNS or guess.

You can guess "kerberos.<domain>", which works for 14 of the 27
domains in my krb.conf. Pretty sketchy, since you have to guess both
the realm name from the domain name, and the KDC name from the domain
name.

Is there actually a way to use DNS to do either of these mappings? I
suppose one could use the SRV record, but it seems awfully dangerous
to do so in the absence of DNSSEC.

        - Nathan