I have a Linux web server that is looking for a Kerberos realm. I need to give it a .keypass file, which I can do. However, what's really getting me is the KDC. I cannot determine the parent KDC, and I don't know which server would be the admin server. Also, I'm not sure how to go about the process with Ktpass. Has anyone done this before, if so, how did you do it?
This has been really frustrating me as I know the architectural process, but I can't figure it out in a Windows domain with multiple DCs. The linux portion isn't a problem, I know what to do where, but I have no idea how to pull that information from Windows in a way that Tomcat can read.
Any help would be appreciated. Thanks!
In theory, you can map any machine in an DNS domain to any kerberos realm by getting every machine involved to use the same krb5.conf file. However, in practice the machine with DNS name web.foo.com is in the realm FOO.COM.
To find the KDC for a realm, you can generally do dns querys for these SRV records.
dig -t SRV _kerberos._udp.foo.com
AD supports this.