Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 671 — #697
i
i
i
i
i
i
i
i
26
Security in the Network
The data portion of SRV resource records consists of a priority value, a
weight, a port number, and a host name. The priority defines the order in
which hosts should be tried (lower values indicate a higher priority). The
weight is there to support some sort of load balancing among servers of
equal priority. You will probably never need any of this, so it is okay to set
these to zero.
Heimdal Kerberos currently looks up the following names when looking
for services:
_kerberos This defines the location of the KDC daemon (the authentica-
tion and ticket granting server). Typical records look like this:
_kerberos._udp.SAMPLE.COM. IN SRV 0 0 88 kdc.sample.com.
_kerberos._tcp.SAMPLE.COM. IN SRV 0 0 88 kdc.sample.com.
_kpasswd This describes the location of the password changing server.
Typical records look like this:
_kpasswd._udp.SAMPLE.COM. IN SRV 0 0 464 kdc.sample.com.
Because kpasswdd does not support TCP, there should be no _tcp
record.
_kerberos-adm This describes the location of the remote administration
service. Typical records look like this:
_kerberos-adm._tcp.SAMPLE.COM. IN SRV 0 0 749 kdc.sample.com.
Because kadmind does not support UDP, there should be no _udp
record.
As with the static configuration file, there is a mechanism to inform clients
that a specific host is in the SAMPLE.COM realm, even if it is not part of the
sample.com DNS domain. This can be done by attaching a TXT record to
_keberos.hostname, as shown here:
_keberos.www.foobar.com. IN TXT "SAMPLE.COM"
671
SUSE LINUX Enterprise Server