Hello all,
I'm going to implement automatic URI records for kdc proxy and I'd like
to clarify if following URI records are the right one.
_kerberos-adm.example.com. IN URI <prio> 0
"krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy";
_krb5kdc.example.com. IN URI <prio> 0
"krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy";
_kpasswd.example.com. IN URI <prio> 0
"krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy";
I assume we want to use "kkdcp" and "https", and "M" flag as all IPA
servers are masters, please confirm.
Sources:
https://k5wiki.kerberos.org/wiki/Projects/KDC_Discovery
https://tools.ietf.org/id/draft-mccallum-kitten-krb-service-discovery-02.txt
Thank you
--
Martin Bašti
Software Engineer
Red Hat Czech
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
