...
Code Block |
---|
# ntpdate -u localhost
14 May 10:57:15 ntpdate[DIRxSRVx10:602]: adjust time server 127.0.0.1 offset -0.000259 sec
|
...
Code Block |
---|
# kinit -f akarasulu@EXAMPLE.COM
Password for akarasulu@EXAMPLE.COM: maxwell
[DIRxSRVx10:root@localhost ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: akarasulu@EXAMPLE.COM
Valid starting Expires Service principal
05/14/06 10:54:24 05/15/06 10:54:22 krbtgt/EXAMPLE.COM@EXAMPLE.COM
|
8) Change Password works but the setup is even more complicated and to make matters worse we have password policy enforcement in place. But, the gnome-kerberos client will do password changes.
Code Block |
---|
[DIRxSRVx10:logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [DIRxSRVx10:libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes default_tgs_enctypes = des-cbc-md5 default_tkt_enctypes = des-cbc-md5 preferred_enctypes = des-cbc-md5 permitted_enctypes = des-cbc-md5 [DIRxSRVx10:realms] EXAMPLE.COM = { kdc = localhost:88 kpasswd_server = localhost:464 default_domain = example.com } [DIRxSRVx10:domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM [DIRxSRVx10:kdc] profile = /var/kerberos/krb5kdc/kdc.conf [DIRxSRVx10:appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } |