From owner-freebsd-arch  Fri Feb 16 12:36:53 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from gw.nectar.com (gw.nectar.com [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id 46BAD37B65D
	for <arch@FreeBSD.ORG>; Fri, 16 Feb 2001 12:36:51 -0800 (PST)
Received: from hamlet.nectar.com (hamlet.nectar.com [10.0.1.102])
	by gw.nectar.com (Postfix) with ESMTP
	id 8E0BC19380; Fri, 16 Feb 2001 14:36:50 -0600 (CST)
Received: (from nectar@localhost)
	by hamlet.nectar.com (8.11.2/8.9.3) id f1GKaoi91175;
	Fri, 16 Feb 2001 14:36:50 -0600 (CST)
	(envelope-from nectar@spawn.nectar.com)
Date: Fri, 16 Feb 2001 14:36:50 -0600
From: "Jacques A. Vidrine" <n@nectar.com>
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: Terry Lambert <tlambert@primenet.com>,
	Will Andrews <will@physics.purdue.edu>, arch@FreeBSD.ORG
Subject: Re: Wish List (was: Re: The /usr/bin/games bikeshed again)
Message-ID: <20010216143650.C91104@hamlet.nectar.com>
References: <200102162007.NAA07191@usr05.primenet.com> <200102162023.f1GKNeI30263@cwsys.cwsent.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200102162023.f1GKNeI30263@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, Feb 16, 2001 at 12:22:59PM -0800
X-Url: http://www.nectar.com/
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

[This is off-topic, but I'm not sure where to take it.]

On Fri, Feb 16, 2001 at 12:22:59PM -0800, Cy Schubert - ITSD Open Systems Group wrote:
> I don't have experience with delegation != realm yet, though I will be 
> embarking on this course shortly, not by my own doing.  I'm not looking 
> forward to this project.  So far I think the only gotcha is that 
> krb5.conf on every host will have to explicitly identify which hosts 
> are in which realm.

MIT Kerberos, Heimdal, and even Windows 2000 (IIRC) support looking up
Kerberos configuration information in DNS.  The host->realm mapping is
pretty simple, e.g.

  _kerberos.sub.domain.com.      IN TXT "MYREALM.COM"
  _kerberos.host.sub.domain.com. IN TXT "OTHERREALM.COM"

Look for the expired draft-ietf-cat-krb-dns-locate Internet draft.  A handy 
copy is in src/crypto/heimdal/doc/standardisation.

Cheers,
-- 
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message