Skip to content

Commit

Permalink
Update sample configs to include master_kdc
Browse files Browse the repository at this point in the history 
Where we have ATHENA.MIT.EDU stanzas in sample or test krb5.conf files
which define kdc entries, also define a master_kdc entry.  Remove
default_domain and v4_instance_convert entries in examples as they are
only needed for krb5/krb4 principal conversions.  In the krb5_conf.rst
example, remove enctype specifications as we don't want to encourage
their use when they aren't necessary, and remove a redundant
domain_realm entry.

ticket: 7901 (new)
  • Loading branch information
@greghudson
greghudson committed Apr 15, 2014
1 parent 82aa5f5 commit 3b72cef
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 19 deletions.
4 changes: 0 additions & 4 deletions doc/admin/conf_files/krb5_conf.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1107,8 +1107,6 @@ Here is an example of a generic krb5.conf file:

[libdefaults]
default_realm = ATHENA.MIT.EDU
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_kdc = true
dns_lookup_realm = false

Expand All @@ -1119,7 +1117,6 @@ Here is an example of a generic krb5.conf file:
kdc = kerberos-2.mit.edu:750
admin_server = kerberos.mit.edu
master_kdc = kerberos.mit.edu
default_domain = mit.edu
}
EXAMPLE.COM = {
kdc = kerberos.example.com
Expand All @@ -1128,7 +1125,6 @@ Here is an example of a generic krb5.conf file:
}

[domain_realm]
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU

[capaths]
Expand Down
9 changes: 2 additions & 7 deletions src/config-files/krb5.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,10 @@
[realms]
# use "kdc = ..." if realm admins haven't put SRV records into DNS
ATHENA.MIT.EDU = {
admin_server = KERBEROS.MIT.EDU
default_domain = MIT.EDU
v4_instance_convert = {
mit = mit.edu
lithium = lithium.lcs.mit.edu
}
admin_server = kerberos.mit.edu
}
ANDREW.CMU.EDU = {
admin_server = vice28.fs.andrew.cmu.edu
admin_server = kdc-01.andrew.cmu.edu
}

[domain_realm]
Expand Down
1 change: 1 addition & 0 deletions src/lib/krb5/krb/t_krb5.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
kdc = KERBEROS-2.MIT.EDU:88
kdc = KERBEROS.MIT.EDU
kdc = KERBEROS-1.MIT.EDU
master_kdc = KERBEROS.MIT.EDU
admin_server = KERBEROS.MIT.EDU
default_domain = MIT.EDU
v4_instance_convert = {
Expand Down
2 changes: 1 addition & 1 deletion src/util/profile/krb5.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@
kdc = kerberos-1.mit.edu
kdc = kerberos-2.mit.edu
kdc = kerberos-3.mit.edu
master_kdc = kerberos.mit.edu
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
Expand Down
15 changes: 8 additions & 7 deletions src/util/profile/profile.5
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,11 @@ An example profile file might look like this:

[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
admin_server = kerberos.mit.edu:88
default_domain = mit.edu
kdc = kerberos.mit.edu
kdc = kerberos-1.mit.edu
kdc = kerberos-2.mit.edu
master_kdc = kerberos.mit.edu
admin_server = kerberos.mit.edu
}
CYGNUS.COM = {
kdc = KERBEROS-1.CYGNUS.COM
Expand Down Expand Up @@ -65,7 +65,8 @@ sections have been marked as final:

[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
admin_server = kerberos.mit.edu:88
kdc = kerberos.mit.edu
master_kdc = kerberos.mit.edu
admin_server = kerberos.mit.edu
}*

0 comments on commit 3b72cef

Please sign in to comment.