[Freeipa-devel] KDC proxy URI records

[Martin Bašti]

Hello all,

I'm going to implement automatic URI records for kdc proxy and I'd like 
to clarify if following URI records are the right one.


_kerberos-adm.example.com. IN URI <prio> 0 
"krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy"

_krb5kdc.example.com. IN URI <prio> 0 
"krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy"

_kpasswd.example.com. IN URI <prio> 0 
"krb5srv:M:kkdcp:https://ipaserver.example.com/KdcProxy"


I assume we want to use "kkdcp" and "https", and "M" flag as all IPA 
servers are masters, please confirm.


Sources:

https://k5wiki.kerberos.org/wiki/Projects/KDC_Discovery

https://tools.ietf.org/id/draft-mccallum-kitten-krb-service-discovery-02.txt


Thank you

-- 
Martin Bašti
Software Engineer
Red Hat Czech