Kerberos / krb5.conf / CentOS7

GemNEye kerberos at
Wed Dec 11 11:51:04 EST 2019

I am trying to configure Kerberos, SSSD, SAMBA, SSSD on CentOS7 servers 
(without using winbind).

I have had some success in getting everything to work, but after 
reviewing different docs found on the web my understanding of all the 
configurations is weak.

In the /etc/krb5.conf file, what is the purpose of the [domain_realm] 
stanza?  I can see its usage for REALMS that have been defined in the 
[realms] stanza, but what other realms and mapping would be configured 
in the [domain_realm] stanza?  If I could understand how the mappings in 
the [domain_realm] stanza are used along with an explanation (outside of 
what is available on the MIT doc page), it would be extremely useful.

Plus, I am curious about the files that get created in this location: 
/var/lib/sss/pubconf/krb5.include.d/ .  The files in this directory get 
dynamically created, and when I look at some of the values that are 
being configured it appears like values which have been configured in 
/etc/krb5.conf get overwritten.  For example the value of 
udp_preference_limit seems to get set in the dynamic files regardless of 
how it is configured in /etc/krb5.conf.

Thank You.

More information about the Kerberos mailing list