[38645] in Kerberos
Kerberos / krb5.conf / CentOS7
daemon@ATHENA.MIT.EDU (GemNEye)
Wed Dec 11 11:51:52 2019
MIME-Version: 1.0
Date: Wed, 11 Dec 2019 09:51:04 -0700
From: GemNEye <kerberos@gemneye.org>
To: kerberos@mit.edu
Mail-Reply-To: kerberos@gemneye.org
Message-ID: <fda31671718e6adb3eb1e7e1f5c32708@gemneye.org>
Reply-To: kerberos@gemneye.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I am trying to configure Kerberos, SSSD, SAMBA, SSSD on CentOS7 servers
(without using winbind).
I have had some success in getting everything to work, but after
reviewing different docs found on the web my understanding of all the
configurations is weak.
In the /etc/krb5.conf file, what is the purpose of the [domain_realm]
stanza? I can see its usage for REALMS that have been defined in the
[realms] stanza, but what other realms and mapping would be configured
in the [domain_realm] stanza? If I could understand how the mappings in
the [domain_realm] stanza are used along with an explanation (outside of
what is available on the MIT doc page), it would be extremely useful.
Plus, I am curious about the files that get created in this location:
/var/lib/sss/pubconf/krb5.include.d/ . The files in this directory get
dynamically created, and when I look at some of the values that are
being configured it appears like values which have been configured in
/etc/krb5.conf get overwritten. For example the value of
udp_preference_limit seems to get set in the dynamic files regardless of
how it is configured in /etc/krb5.conf.
Thank You.
GemNEye
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
