On 8/24/18, 1:48 PM, "kerberos-boun...@mit.edu on behalf of Cory Albrecht"
<kerberos-boun...@mit.edu on behalf of c...@albrecht.name> wrote:
Am I going to run into any trouble if use a CNAME that redirects to my KDCs
actual hostnames instead of explicitly listing all of them in krb5.conf on
the clients? That way I wouldn't have to copy new krb5.confs to the client
hosts, just update the DNS entry.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
We do something similar; check out the krb5.conf linked at
https://uit.stanford.edu/service/kerberos/unix_install
krb5auth[1,2,3].stanford.edu are CNAMEs to whichever KDC we want people to
query first/second/third.
--
A. Karl Kornel | System Administrator
Research Computing | Stanford University
+1 (650) 736-9327
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
