> On Mar 15, 2017, at 10:56 AM, Osipov, Michael <michael.osi...@siemens.com> > wrote: > > > > Both aren't an option: > > > > 1. TXT records are unknown to Windows are all host to realm maping is > > performed by the domain controller by querying the global catalog > > But you could still add TXT records to your domain controllers (assuming > they are your DNS servers for UNIX systems as well), correct? They'd > simply point the clients (your FreeBSD/HP-UX/RHEL 6 boxes) at the correct > realm for a given host name (e.g., _kerberos.app.workspace.company.com -> > AD001.COMPANY.NET). > > If the problem were with Windows clients, I'd certainly concede your > point, but if your clients are *NIX boxes running MIT Kerberos, wouldn't > this be a legitimate option?
We are in full control of DNS, but I cannot make any changes. I am a peasant in a 300 000-people-company. Everything is administered centrally. Even if I could, TXT has no clear notion on Windows/Active Directory. > Apologies if I'm misunderstanding the situation. No need to apologize! Michael ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
