Re: help on kerberos5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, Mar 25, 2009 at 1:08 PM, Kanwar Ranbir Sandhu
<m3freak@xxxxxxxxxxxxxxxxxx> wrote:
> On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:
>> my domain name is===> baladia.local
>> Windows 2003 AD server computer name is====> kmun
>>
>> my /etc/krb5.conf file is
>>
>> ----
>> [logging]
>>  default = FILE:/var/log/krb5libs.log
>>  kdc = FILE:/var/log/krb5kdc.log
>>  admin_server = FILE:/var/log/kadmind.log
>>
>> [libdefaults]
>>  ticket_lifetime=24000
>>  default_realm=BALADIA.LOCAL
>>  dns_lookup_realm = false
>>  dns_lookup_kdc = false
>>
>> [realms]
>>  BALADIA.LOCAL={
>>   kdc=172.16.2.227:88
>> #  admin_server=kmun.baladia.local:749
>>   default_domain=BALADIA.LOCAL
>>   kdc=BALADIA.LOCAL
>>  }
>
> You only need one kdc here.  Choose one, comment/delete the other.
>
>> [domain_realm]
>> .baladia.local=BALADIA.LOCAL
>> baladia.local=BALADIA.LOCAL
>>
>> kerberos  88/udp   kdc  # Kerberos key server
>> kerberos  88/tcp   kdc  # Kerberos key server
>
> What are these "kerberos" lines for? Why have you put them here? They
> don't belong - comment/delete them.
>
>
>> [kdc]
>>   profile = /var/kerberos/krb5kdc/kdc.conf
>>
>> [appdefaults]
>>  pam = {
>>    debug = false
>>    ticket_lifetime = 36000
>>    renew_lifetime = 36000
>>    forwardable = true
>>    krb4_convert = false
>>  }
>
> kinit should work after making the changes above.
>
> Regards,
>
> Ranbir
>
> --
> Kanwar Ranbir Sandhu
> Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux
> 14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>

it would be so much easier if all configuration files were written in
XML and by default would have an enforcing document type definition.
Self commenting, would make sure syntax is correct, and further could
ensure "grammar" is correct for the desired configuration.  Namespaces
can make XML less verbose;.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux