[Freeipa-users] clarification regarding krb5.conf file
Ben .T.George
bentech4you at gmail.com
Wed Jan 7 11:36:21 UTC 2015
HI
If i check IPA client machine enrolled with ipa-client, the krb5.conf file
looks like below:
[root at kwttestmrbs001 krb5.include.d]# more /etc/krb5.conf
#File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = SOLIPA.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
SOLIPA.LOCAL = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.solipa.local = SOLIPA.LOCAL
solipa.local = SOLIPA.LOCAL
and the includedir /var/lib/sss/pubconf/krb5.include.d/ is including :
[root at kwttestmrbs001 krb5.include.d]# more domain_realm_solipa_local
[domain_realm]
.kwttestdc.com = KWTTESTDC.COM
kwttestdc.com = KWTTESTDC.COM
anyone please help me to prepare proper krb5.conf file for solaris box
IPA Server is : kwtpocpbis01.solipa.local
Solaris (client) : kwttestsolaris10.solipa.local
Active Directory: kwttestdc001.kwttestdc.com
Regards,
Ben
On Wed, Jan 7, 2015 at 2:11 PM, Ben .T.George <bentech4you at gmail.com> wrote:
> Hi List
>
> correct me if i am wrong.
>
> currently my client krb5.conf holding AD details. and my client is Solaris
>
> here is my file.
>
> bash-3.2# more /etc/krb5/krb5.conf
> [libdefaults]
> default_realm = KWTTESTDC.COM
>
> [realms]
> KWTTESTDC.COM = {
> kdc = kwttestdc001.kwttestdc.com:88
> admin_server = kwttestdc001.kwttestdc.com:749
> }
>
> [domain_realm]
> .kwttestdc.com = KWTTESTDC.COM
> kwttestdc.com = KWTTESTDC.COM
>
> [logging]
> default = FILE:/var/krb5/kdc.log
> kdc = FILE:/var/krb5/kdc.log
> kdc_rotate = {
> period = 1d
> versions = 10
> }
>
> [appdefaults]
> kinit = {
> renewable = true
> forwardable= true
> }
>
>
> please anyone varify this is right or wrong
>
> Regards,
> Ben
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150107/623d0e64/attachment.htm>
More information about the Freeipa-users
mailing list