[28310] in CVS-changelog-for-Kerberos-V5
krb5 commit: Update sample configs to include master_kdc
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Apr 15 11:58:50 2014
Date: Tue, 15 Apr 2014 11:58:43 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201404151558.s3FFwhDp008861@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/3b72cefb1bbf231192a2b92c31f2c91217f7d58c
commit 3b72cefb1bbf231192a2b92c31f2c91217f7d58c
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue Apr 8 14:07:30 2014 -0400
Update sample configs to include master_kdc
Where we have ATHENA.MIT.EDU stanzas in sample or test krb5.conf files
which define kdc entries, also define a master_kdc entry. Remove
default_domain and v4_instance_convert entries in examples as they are
only needed for krb5/krb4 principal conversions. In the krb5_conf.rst
example, remove enctype specifications as we don't want to encourage
their use when they aren't necessary, and remove a redundant
domain_realm entry.
ticket: 7901 (new)
doc/admin/conf_files/krb5_conf.rst | 4 ----
src/config-files/krb5.conf | 9 ++-------
src/lib/krb5/krb/t_krb5.conf | 1 +
src/util/profile/krb5.conf | 2 +-
src/util/profile/profile.5 | 15 ++++++++-------
5 files changed, 12 insertions(+), 19 deletions(-)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index 1518949..19ea9c9 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -1107,8 +1107,6 @@ Here is an example of a generic krb5.conf file:
[libdefaults]
default_realm = ATHENA.MIT.EDU
- default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
- default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_kdc = true
dns_lookup_realm = false
@@ -1119,7 +1117,6 @@ Here is an example of a generic krb5.conf file:
kdc = kerberos-2.mit.edu:750
admin_server = kerberos.mit.edu
master_kdc = kerberos.mit.edu
- default_domain = mit.edu
}
EXAMPLE.COM = {
kdc = kerberos.example.com
@@ -1128,7 +1125,6 @@ Here is an example of a generic krb5.conf file:
}
[domain_realm]
- .mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
[capaths]
diff --git a/src/config-files/krb5.conf b/src/config-files/krb5.conf
index 62fbbd6..9d250bf 100644
--- a/src/config-files/krb5.conf
+++ b/src/config-files/krb5.conf
@@ -4,15 +4,10 @@
[realms]
# use "kdc = ..." if realm admins haven't put SRV records into DNS
ATHENA.MIT.EDU = {
- admin_server = KERBEROS.MIT.EDU
- default_domain = MIT.EDU
- v4_instance_convert = {
- mit = mit.edu
- lithium = lithium.lcs.mit.edu
- }
+ admin_server = kerberos.mit.edu
}
ANDREW.CMU.EDU = {
- admin_server = vice28.fs.andrew.cmu.edu
+ admin_server = kdc-01.andrew.cmu.edu
}
[domain_realm]
diff --git a/src/lib/krb5/krb/t_krb5.conf b/src/lib/krb5/krb/t_krb5.conf
index b25b1d3..a80b4ce 100644
--- a/src/lib/krb5/krb/t_krb5.conf
+++ b/src/lib/krb5/krb/t_krb5.conf
@@ -7,6 +7,7 @@
kdc = KERBEROS-2.MIT.EDU:88
kdc = KERBEROS.MIT.EDU
kdc = KERBEROS-1.MIT.EDU
+ master_kdc = KERBEROS.MIT.EDU
admin_server = KERBEROS.MIT.EDU
default_domain = MIT.EDU
v4_instance_convert = {
diff --git a/src/util/profile/krb5.conf b/src/util/profile/krb5.conf
index aefe4ab..7d38e9e 100644
--- a/src/util/profile/krb5.conf
+++ b/src/util/profile/krb5.conf
@@ -10,8 +10,8 @@
kdc = kerberos-1.mit.edu
kdc = kerberos-2.mit.edu
kdc = kerberos-3.mit.edu
+ master_kdc = kerberos.mit.edu
admin_server = kerberos.mit.edu
- default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
diff --git a/src/util/profile/profile.5 b/src/util/profile/profile.5
index 7f3b36a..1b0748e 100644
--- a/src/util/profile/profile.5
+++ b/src/util/profile/profile.5
@@ -24,11 +24,11 @@ An example profile file might look like this:
[realms]
ATHENA.MIT.EDU = {
- kdc = kerberos.mit.edu:88
- kdc = kerberos-1.mit.edu:88
- kdc = kerberos-2.mit.edu:88
- admin_server = kerberos.mit.edu:88
- default_domain = mit.edu
+ kdc = kerberos.mit.edu
+ kdc = kerberos-1.mit.edu
+ kdc = kerberos-2.mit.edu
+ master_kdc = kerberos.mit.edu
+ admin_server = kerberos.mit.edu
}
CYGNUS.COM = {
kdc = KERBEROS-1.CYGNUS.COM
@@ -65,7 +65,8 @@ sections have been marked as final:
[realms]
ATHENA.MIT.EDU = {
- kdc = kerberos.mit.edu:88
- admin_server = kerberos.mit.edu:88
+ kdc = kerberos.mit.edu
+ master_kdc = kerberos.mit.edu
+ admin_server = kerberos.mit.edu
}*
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
