[Freeipa-users] how to force switch to another kdc
Natxo Asenjo
natxo.asenjo at gmail.com
Tue Jan 5 18:34:44 UTC 2016
On Tue, Jan 5, 2016 at 7:31 PM, Natxo Asenjo <natxo.asenjo at gmail.com> wrote:
> includedir /var/lib/sss/pubconf/krb5.include.d/
> #File modified by ipa-client-install
>
> [libdefaults]
> default_realm = IPA.DOMAIN.TLD
> dns_lookup_realm = true
> dns_lookup_kdc = true
> rdns = false
> ticket_lifetime = 24h
> forwardable = yes
>
> [realms]
> IPA.DOMAIN.TLD = {
> pkinit_anchors = FILE:/etc/ipa/ca.crt
> }
>
> [domain_realm]
> .ipa.domain.tld = IPA.DOMAIN.TLD
> ipa.domain.tld = IPA.DOMAIN.TLD
>
> ]$ cat /etc/krb5.conf
>
with this config I can reach any realm, by the way, provided it has srv
records. It works for our AD forests as well.
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160105/eb5e8473/attachment.htm>
More information about the Freeipa-users
mailing list