[CentOS] help on kerberos5
Kanwar Ranbir Sandhu
m3freak at thesandhufamily.ca
Wed Mar 25 18:08:37 UTC 2009
On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:
> my domain name is===> baladia.local
> Windows 2003 AD server computer name is====> kmun
>
> my /etc/krb5.conf file is
>
> ----
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> ticket_lifetime=24000
> default_realm=BALADIA.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> BALADIA.LOCAL={
> kdc=172.16.2.227:88
> # admin_server=kmun.baladia.local:749
> default_domain=BALADIA.LOCAL
> kdc=BALADIA.LOCAL
> }
You only need one kdc here. Choose one, comment/delete the other.
> [domain_realm]
> .baladia.local=BALADIA.LOCAL
> baladia.local=BALADIA.LOCAL
>
> kerberos 88/udp kdc # Kerberos key server
> kerberos 88/tcp kdc # Kerberos key server
What are these "kerberos" lines for? Why have you put them here? They
don't belong - comment/delete them.
> [kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
>
> [appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
> }
kinit should work after making the changes above.
Regards,
Ranbir
--
Kanwar Ranbir Sandhu
Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux
14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18
More information about the CentOS
mailing list