Difference between revisions of "Systems/Services/Kerberos"
Jump to navigation
Jump to search
Amishhammer (talk | contribs) |
Amishhammer (talk | contribs) |
||
Line 11: | Line 11: | ||
<pre> | <pre> | ||
− | + | [libdefaults] | |
− | + | default_realm = AD.PUMPINGSTATIONONE.ORG | |
− | + | ticket_lifetime = 24h | |
− | + | forwardable = yes | |
− | + | kdc_timesync = 1 | |
− | + | ccache_type = 4 | |
+ | forwardable = true | ||
+ | proxiable = true | ||
+ | verify_ap_req_nofail = false | ||
+ | check_pac = no | ||
+ | kdc_timeout = 2 | ||
+ | max_retries = 1 | ||
+ | dns_lookup_realm = false | ||
+ | |||
+ | [realms] | ||
+ | AD.PUMPINGSTATIONONE.ORG = { | ||
+ | default_domain = ad.pumpingstationone.org | ||
+ | kdc = bob.ad.pumpingstationone.org | ||
+ | kdc = dc01.ad.pumpingstationone.org | ||
+ | admin = bob.pumpingstationone.org | ||
+ | } | ||
+ | |||
+ | [domain_realms] | ||
+ | ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG | ||
+ | .ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG | ||
</pre> | </pre> |
Revision as of 16:41, 19 September 2014
Kerberos
The kerberos realm is a part of the Samba AD implementation, the realm name is AD.PUMPINGSTATIONONE.ORG.
PS1 Kerberos Client config:
/etc/krb5.conf
[libdefaults] default_realm = AD.PUMPINGSTATIONONE.ORG ticket_lifetime = 24h forwardable = yes kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true verify_ap_req_nofail = false check_pac = no kdc_timeout = 2 max_retries = 1 dns_lookup_realm = false [realms] AD.PUMPINGSTATIONONE.ORG = { default_domain = ad.pumpingstationone.org kdc = bob.ad.pumpingstationone.org kdc = dc01.ad.pumpingstationone.org admin = bob.pumpingstationone.org } [domain_realms] ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG .ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG