708fedd9ea
- v1.4 kadmin client requires a v1.4 kadmind on the server, or use the "-O"
flag to specify that it should communicate with the server using the
older protocol
- new libkrb5support library
- v5passwdd and kadmind4 are gone
- versioned symbols
- pick up $KRB5KDC_ARGS from /etc/sysconfig/krb5kdc, if it exists, and pass
it on to krb5kdc
- pick up $KADMIND_ARGS from /etc/sysconfig/kadmin, if it exists, and pass
it on to kadmind
- pick up $KRB524D_ARGS from /etc/sysconfig/krb524, if it exists, and pass
it on to krb524d *instead of* "-m"
- set "forwardable" in [libdefaults] in the default krb5.conf to match the
default setting which we supply for pam_krb5
- set a default of 24h for "ticket_lifetime" in [libdefaults], reflecting
the compiled-in default
35 lines
657 B
Plaintext
35 lines
657 B
Plaintext
[logging]
|
|
default = FILE:/var/log/krb5libs.log
|
|
kdc = FILE:/var/log/krb5kdc.log
|
|
admin_server = FILE:/var/log/kadmind.log
|
|
|
|
[libdefaults]
|
|
default_realm = EXAMPLE.COM
|
|
dns_lookup_realm = false
|
|
dns_lookup_kdc = false
|
|
ticket_lifetime = 24h
|
|
forwardable = yes
|
|
|
|
[realms]
|
|
EXAMPLE.COM = {
|
|
kdc = kerberos.example.com:88
|
|
admin_server = kerberos.example.com:749
|
|
default_domain = example.com
|
|
}
|
|
|
|
[domain_realm]
|
|
.example.com = EXAMPLE.COM
|
|
example.com = EXAMPLE.COM
|
|
|
|
[kdc]
|
|
profile = /var/kerberos/krb5kdc/kdc.conf
|
|
|
|
[appdefaults]
|
|
pam = {
|
|
debug = false
|
|
ticket_lifetime = 36000
|
|
renew_lifetime = 36000
|
|
forwardable = true
|
|
krb4_convert = false
|
|
}
|