mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
22c3a681da
Add pointer to self to /etc/hosts to avoid chicken/egg problems when restarting DNS. On servers set both dns_lookup_realm and dns_lookup_kdc to false so we don't attempt to do any resolving. Leave it to true on clients. Set rdns to false on both server and client. https://fedorahosted.org/freeipa/ticket/931
45 lines
951 B
Plaintext
45 lines
951 B
Plaintext
[logging]
|
|
default = FILE:/var/log/krb5libs.log
|
|
kdc = FILE:/var/log/krb5kdc.log
|
|
admin_server = FILE:/var/log/kadmind.log
|
|
|
|
[libdefaults]
|
|
default_realm = $REALM
|
|
dns_lookup_realm = false
|
|
dns_lookup_kdc = false
|
|
rdns = false
|
|
ticket_lifetime = 24h
|
|
forwardable = yes
|
|
|
|
[realms]
|
|
$REALM = {
|
|
kdc = $FQDN:88
|
|
admin_server = $FQDN:749
|
|
default_domain = $DOMAIN
|
|
pkinit_anchors = FILE:/etc/ipa/ca.crt
|
|
}
|
|
|
|
[domain_realm]
|
|
.$DOMAIN = $REALM
|
|
$DOMAIN = $REALM
|
|
|
|
[appdefaults]
|
|
pam = {
|
|
debug = false
|
|
ticket_lifetime = 36000
|
|
renew_lifetime = 36000
|
|
forwardable = true
|
|
krb4_convert = false
|
|
}
|
|
|
|
[dbmodules]
|
|
$REALM = {
|
|
db_library = kldap
|
|
ldap_servers = ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket
|
|
ldap_kerberos_container_dn = cn=kerberos,$SUFFIX
|
|
ldap_kdc_dn = uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX
|
|
ldap_kadmind_dn = uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX
|
|
ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd
|
|
}
|
|
|