Binding the world to your domain
© 2014 Dennis Leeuw dleeuw at made-it dot com
License: GPLv2 or later
The first thing we need to tell the world is what the Kerberos realm is for our domain. The advise for a realm name is to use the uppercase version of your domain name. The easiest way to let the world know what the realm name is for your domain is by using DNS, since DNS is already made to tell the world what the servers and services are on your network. The realm name is provided by a TXT-record called _kerberos. For the example.com domain that would be something like this:
$ORIGIN example.com. _kerberos TXT "EXAMPLE.COM"
The different SRV records defined for kerberos use are:
$ORIGIN example.com. _kerberos TXT "EXAMPLE.COM" krb5 A 192.168.1.5 krb5-slave1 A 192.168.1.6 krb5-slave2 A 192.168.1.7 $ORIGIN _tcp.example.com. _kerberos-adm SRV 0 0 749 krb5.example.com. $ORIGIN _udp.example.com. _kerberos SRV 0 0 88 krb5-slave1.example.com. SRV 0 0 88 krb5-slave2.example.com. _kerberos-master SRV 0 0 88 krb5.example.com. _kpasswd SRV 0 0 464 krb5.example.com.