Difference between revisions of "Systems/Services/Kerberos"
Jump to navigation
Jump to search
Amishhammer (talk | contribs) |
Amishhammer (talk | contribs) |
||
| Line 11: | Line 11: | ||
<pre> | <pre> | ||
| − | + | [libdefaults] | |
| − | + | default_realm = AD.PUMPINGSTATIONONE.ORG | |
| − | + | ticket_lifetime = 24h | |
| − | + | forwardable = yes | |
| − | + | kdc_timesync = 1 | |
| − | + | ccache_type = 4 | |
| + | forwardable = true | ||
| + | proxiable = true | ||
| + | verify_ap_req_nofail = false | ||
| + | check_pac = no | ||
| + | kdc_timeout = 2 | ||
| + | max_retries = 1 | ||
| + | dns_lookup_realm = false | ||
| + | |||
| + | [realms] | ||
| + | AD.PUMPINGSTATIONONE.ORG = { | ||
| + | default_domain = ad.pumpingstationone.org | ||
| + | kdc = bob.ad.pumpingstationone.org | ||
| + | kdc = dc01.ad.pumpingstationone.org | ||
| + | admin = bob.pumpingstationone.org | ||
| + | } | ||
| + | |||
| + | [domain_realms] | ||
| + | ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG | ||
| + | .ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG | ||
</pre> | </pre> | ||
Revision as of 16:41, 19 September 2014
Kerberos
The kerberos realm is a part of the Samba AD implementation, the realm name is AD.PUMPINGSTATIONONE.ORG.
PS1 Kerberos Client config:
/etc/krb5.conf
[libdefaults]
default_realm = AD.PUMPINGSTATIONONE.ORG
ticket_lifetime = 24h
forwardable = yes
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
verify_ap_req_nofail = false
check_pac = no
kdc_timeout = 2
max_retries = 1
dns_lookup_realm = false
[realms]
AD.PUMPINGSTATIONONE.ORG = {
default_domain = ad.pumpingstationone.org
kdc = bob.ad.pumpingstationone.org
kdc = dc01.ad.pumpingstationone.org
admin = bob.pumpingstationone.org
}
[domain_realms]
ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG
.ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG