On Mar 15, 2017, at 10:56 AM, Osipov, Michael <michael.osi...@siemens.com> wrote: > > Both aren't an option: > > 1. TXT records are unknown to Windows are all host to realm maping is > performed by the domain controller by querying the global catalog
But you could still add TXT records to your domain controllers (assuming they are your DNS servers for UNIX systems as well), correct? They'd simply point the clients (your FreeBSD/HP-UX/RHEL 6 boxes) at the correct realm for a given host name (e.g., _kerberos.app.workspace.company.com -> AD001.COMPANY.NET). If the problem were with Windows clients, I'd certainly concede your point, but if your clients are *NIX boxes running MIT Kerberos, wouldn't this be a legitimate option? Apologies if I'm misunderstanding the situation. > 2. This applies only if your KDC is MIT Kerberos. All of our KDCs > are Active Directory servers. We use MIT Kerberos for only for clients. > > Michael > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos