Kerberos / krb5.conf / CentOS7
GemNEye
kerberos at gemneye.org
Wed Dec 11 11:51:04 EST 2019
I am trying to configure Kerberos, SSSD, SAMBA, SSSD on CentOS7 servers
(without using winbind).
I have had some success in getting everything to work, but after
reviewing different docs found on the web my understanding of all the
configurations is weak.
In the /etc/krb5.conf file, what is the purpose of the [domain_realm]
stanza? I can see its usage for REALMS that have been defined in the
[realms] stanza, but what other realms and mapping would be configured
in the [domain_realm] stanza? If I could understand how the mappings in
the [domain_realm] stanza are used along with an explanation (outside of
what is available on the MIT doc page), it would be extremely useful.
Plus, I am curious about the files that get created in this location:
/var/lib/sss/pubconf/krb5.include.d/ . The files in this directory get
dynamically created, and when I look at some of the values that are
being configured it appears like values which have been configured in
/etc/krb5.conf get overwritten. For example the value of
udp_preference_limit seems to get set in the dynamic files regardless of
how it is configured in /etc/krb5.conf.
Thank You.
GemNEye
More information about the Kerberos
mailing list