Versions Compared

Old Version 2

changes.mady.by.user Christine Koppelt

Saved on

compared with

New Version 3

changes.mady.by.user Christine Koppelt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
# ntpdate -u localhost
14 May 10:57:15 ntpdate[DIRxSRVx10:602]: adjust time server 127.0.0.1 offset -0.000259 sec

...

Code Block
# kinit -f akarasulu@EXAMPLE.COM
Password for akarasulu@EXAMPLE.COM: maxwell

[DIRxSRVx10:root@localhost ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: akarasulu@EXAMPLE.COM

Valid starting     Expires            Service principal
05/14/06 10:54:24  05/15/06 10:54:22  krbtgt/EXAMPLE.COM@EXAMPLE.COM

8) Change Password works but the setup is even more complicated and to make matters worse we have password policy enforcement in place. But, the gnome-kerberos client will do password changes.

Code Block
[DIRxSRVx10:logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[DIRxSRVx10:libdefaults]
 default_realm = EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

 ticket_lifetime = 24h
 forwardable = yes

 default_tgs_enctypes = des-cbc-md5
 default_tkt_enctypes = des-cbc-md5
 preferred_enctypes = des-cbc-md5
 permitted_enctypes = des-cbc-md5

[DIRxSRVx10:realms]
 EXAMPLE.COM = {
  kdc = localhost:88
  kpasswd_server = localhost:464
  default_domain = example.com
 }

[DIRxSRVx10:domain_realm]
 .example.com = EXAMPLE.COM
 example.com = EXAMPLE.COM

[DIRxSRVx10:kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[DIRxSRVx10:appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }