Page History

...

8) Change Password works but the setup is even more complicated and to make matters worse we have password policy enforcement in place. But, the gnome-kerberos client will do password changes.

Code Block

[DIRxSRVx10:logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[DIRxSRVx10:libdefaults]
 default_realm = EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

 ticket_lifetime = 24h
 forwardable = yes

 default_tgs_enctypes = des-cbc-md5
 default_tkt_enctypes = des-cbc-md5
 preferred_enctypes = des-cbc-md5
 permitted_enctypes = des-cbc-md5

[DIRxSRVx10:realms]
 EXAMPLE.COM = {
  kdc = localhost:88
  kpasswd_server = localhost:464
  default_domain = example.com
 }

[DIRxSRVx10:domain_realm]
 .example.com = EXAMPLE.COM
 example.com = EXAMPLE.COM

[DIRxSRVx10:kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[DIRxSRVx10:appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

Child pages

Versions Compared

Old Version 3

New Version 4

Key