[Linux-aus] SRV _kerberos._http.COMPANY.LOCAL.
Russell Coker
russell at coker.com.au
Thu Jun 9 16:51:38 AEST 2022
On Thursday, 9 June 2022 15:45:35 AEST Fraser Tweedale wrote:
> I think it's looking for an MS-KKDCP[1] (a.k.a. "Kerberos HTTP
> proxy") service. The expected port is whatever the KDC proxy is
> running on. Typically 443, as the transport is HTTPS. If you're
> not running a KDC proxy leave this record undefined.
>
> [1] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kkdcp
>
> That said I can't see in the MIT Kerberos KDC discovery code how it
> could end up querying SRV _kerberos._http.REALM - rather it should
> be using URI records for KDC proxy discovery. But I might have
> missed something.
https://ubuntu.com/blog/new-active-directory-integration-features-in-ubuntu-22-04-part-2-group-policy-objects
Thanks for that information. I stopped the adsys daemon (described at the
above page) and the lookups for _kerberos._http.COMPANY.LOCAL. stopped. So
it's not part of the sssd (which is just slow) but part of adsys (which is
broken and causes total lack of functionality).
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the linux-aus
mailing list