84104

Asked: 2013-06-14 08:31:52 +0800 CST2013-06-14 08:31:52 +0800 CST 2013-06-14 08:31:52 +0800 CST

Does Windows (Active Directory) kerberos use DNS for Realm mapping?

772

Will Windows clients use DNS to map hosts to specific kerberos realms?

Specifically, do they use _kerberos.host.example.com IN TXT OTHERREALM.COM records?

1 Answers

Voted

Best Answer

Ryan Ries
2013-06-14T09:05:16+08:002013-06-14T09:05:16+08:00
Windows clients only use SRV DNS records (and can fail back to NetBIOS-based discovery) to locate domain services, not TXT records.

I don't want to go in to too much detail about realm trusts and interoperability between Windows clients, AD domain controllers, and non-Microsoft KDCs because you don't say what exactly you're trying to accomplish... but you can specify non-Microsoft KDCs in the registry of your Windows clients in HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\KdcNames = kdc.otherrealm.com
4

Web Analytics Made Easy - Statcounter