[Linux-aus] SRV _kerberos._http.COMPANY.LOCAL.

Russell Coker russell at coker.com.au
Thu Jun 9 16:51:38 AEST 2022

On Thursday, 9 June 2022 15:45:35 AEST Fraser Tweedale wrote:
> I think it's looking for an MS-KKDCP[1] (a.k.a. "Kerberos HTTP
> proxy") service.  The expected port is whatever the KDC proxy is
> running on.  Typically 443, as the transport is HTTPS.  If you're
> not running a KDC proxy leave this record undefined.
> [1] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kkdcp
> That said I can't see in the MIT Kerberos KDC discovery code how it
> could end up querying SRV _kerberos._http.REALM - rather it should
> be using URI records for KDC proxy discovery.  But I might have
> missed something.


Thanks for that information.  I stopped the adsys daemon (described at the 
above page) and the lookups for _kerberos._http.COMPANY.LOCAL. stopped.  So 
it's not part of the sssd (which is just slow) but part of adsys (which is 
broken and causes total lack of functionality).

My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

More information about the linux-aus mailing list