[Freeipa-users] IPA KDC Proxy
Alexander Bokovoy
abokovoy at redhat.com
Mon Jan 25 07:36:46 UTC 2016
----- Original Message -----
> Great,
>
> Changing
>
> /etc/ipa/kdcproxy/kdcproxy.conf
> [global]
> configs = mit
> use_dns = false
>
> to
>
> # cat /etc/ipa/kdcproxy/kdcproxy.conf
> [global]
> configs = mit
> use_dns = true
>
> along with adding the windows realm to krb5.conf on the clients did the
> trick; I am able to obtain aan AD TGT ticket by using the KDC proxy
>
> Is there a special reason why "use_dns = false" was used in kdcproxy.conf?
Yes -- it allows to explicitly control what gets proxied, with no surprises.
> Will this work on CentosOS /RHEL 6 as well?
No. RHEL 6.x libkrb5 has no support for KDC proxy and it is non-trivial to backport.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list