Date: Fri, 16 Feb 2001 14:36:50 -0600 From: "Jacques A. Vidrine" <n@nectar.com> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Terry Lambert <tlambert@primenet.com>, Will Andrews <will@physics.purdue.edu>, arch@FreeBSD.ORG Subject: Re: Wish List (was: Re: The /usr/bin/games bikeshed again) Message-ID: <20010216143650.C91104@hamlet.nectar.com> In-Reply-To: <200102162023.f1GKNeI30263@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, Feb 16, 2001 at 12:22:59PM -0800 References: <200102162007.NAA07191@usr05.primenet.com> <200102162023.f1GKNeI30263@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[This is off-topic, but I'm not sure where to take it.] On Fri, Feb 16, 2001 at 12:22:59PM -0800, Cy Schubert - ITSD Open Systems Group wrote: > I don't have experience with delegation != realm yet, though I will be > embarking on this course shortly, not by my own doing. I'm not looking > forward to this project. So far I think the only gotcha is that > krb5.conf on every host will have to explicitly identify which hosts > are in which realm. MIT Kerberos, Heimdal, and even Windows 2000 (IIRC) support looking up Kerberos configuration information in DNS. The host->realm mapping is pretty simple, e.g. _kerberos.sub.domain.com. IN TXT "MYREALM.COM" _kerberos.host.sub.domain.com. IN TXT "OTHERREALM.COM" Look for the expired draft-ietf-cat-krb-dns-locate Internet draft. A handy copy is in src/crypto/heimdal/doc/standardisation. Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010216143650.C91104>