logo_kerberos.gif

Projects/NAPTR

From K5Wiki
< Projects
Revision as of 19:33, 23 February 2015 by Npmccallum (talk | contribs) (New page: = Background = The original driver of this proposal is the desire to enable automatic detection of MS-KKDCP compliant proxies. However, after researching the new proposed standard for the...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Background

The original driver of this proposal is the desire to enable automatic detection of MS-KKDCP compliant proxies. However, after researching the new proposed standard for the URI Record type and its relation to NAPTR records, I think NAPTR provides improvements in other areas as well.

The URI Record

This is basically an equivalent for SRV records but for URIs. An example might be:

_ms_kkdcp IN URI 10 1 "https://kdc.example.com/kdc"

A URI record on its own might suffice. However, getting the interaction right between this and the two SRV records may be challenging. Notice that the URI record type provides priority and weight fields. While this gives us an indication of how to prioritize traffic across multiple proxy URIs, it does not explain how to do the same between MS-KKDCP and TCP/UDP.

The NAPTR Record

The NAPTR record type can alleviate this interaction problem. NAPTR records are evaluated with a string, which in this case will be the principal (including the realm), and a domain (which is only the realm).

(More to come...)

Retrieved from "https://k5wiki.kerberos.org/wiki?title=Projects/NAPTR&oldid=5428"