0

Ok I been getting mixed signals on documents that I read online on Kerberos authentication

  1. The KDC servers need to be resolvable by the client for authentication.
  2. Does the reverse also need to be true as well? Say if the client/principal is a host/service. Does the KDC need to resolve the client?

There are some doc's that say that client and host needs to be resolvable both ways.. and in some other reference, I also read that KDC does NOT lookup DNS as it delays the time taken for authentication

Any comments?

Also, could someone shed some light on how KDC and the client validate/establish-trust with each other with/without DNS dependency..

(Note: Not much interested in MS/AD details)

Ram Koti
  • 2,203
  • 7
  • 26
  • 36
rtu
  • 1
  • 2
  • 1
    Welcome to Stack Overflow! Stack Overflow is not a discussion forum, it is a Question and Answer site where you can ask a **specific** programming question that **can be answered** rather than discussed. Please read [How do I ask a good question?](https://stackoverflow.com/help/how-to-ask) and [What topics can I ask about here?](https://stackoverflow.com/help/on-topic) and then edit your question to conform with the site guidelines. Off-topic questions such as this one are routinely closed, but if edited to ask an *answerable* question, can be re-opened again. Thanks. – NightOwl888 Mar 12 '18 at 05:37
  • You are asking way too many questions inside one "question". One at a time, please. Question also seems more suited for serverfault.com than here. – T-Heron Mar 12 '18 at 13:11

0 Answers0