Skip to main content

Distributing Kerberos KDC and Realm Information with DNS

Document Type Expired Internet-Draft (krb-wg WG)
Authors Ken Hornstein , Jeffrey E. Altman
Last updated 2002-07-29
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
Stream WG state Dead WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Neither the Kerberos V5 protocol [RFC1510] nor the Kerberos V4 proto- col [RFC????] describe any mechanism for clients to learn critical configuration information necessary for proper operation of the pro- tocol. Such information includes the location of Kerberos key dis- tribution centers or a mapping between DNS domains and Kerberos realms. Current Kerberos implementations generally store such configuration information in a file on each client machine. Experience has shown this method of storing configuration information presents problems with out-of-date information and scaling problems, especially when using cross-realm authentication. This memo describes a method for using the Domain Name System [RFC1035] for storing such configuration information. Specifically, methods for storing KDC location and hostname/domain name to realm mapping information are discussed.


Ken Hornstein
Jeffrey E. Altman

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)