On Wed, 2017-04-26 at 12:57 +0200, Martin Bašti wrote: > > On 25.04.2017 16:57, Martin Bašti wrote: > > Hello all, > > > > I'm going to implement automatic URI records for kdc proxy and I'd > > like to clarify if following URI records are the right one. > > > > > > _kerberos-adm.example.com. IN URI <prio> 0 > > "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy" > > > > _krb5kdc.example.com. IN URI <prio> 0 > > "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy" > > > > _kpasswd.example.com. IN URI <prio> 0 > > "krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy" > > > > > > I assume we want to use "kkdcp" and "https", and "M" flag as all IPA > > servers are masters, please confirm. > > > > > > Sources: > > > > https://k5wiki.kerberos.org/wiki/Projects/KDC_Discovery > > > > https://tools.ietf.org/id/draft-mccallum-kitten-krb-service-discovery-02.txt > > > > > > > > > > Thank you > > > > I found out that wiki page differs from the RFC draft and from the > source in git > > There is "_kerberos.REALM" record instead of "_krb5kdc.REALM" > > > And I'm not sure if _kerberos-adm should be included as we don't really > support kadmin.
We shouldn't. Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code