On Tue, Jan 5, 2016 at 7:31 PM, Natxo Asenjo <natxo.ase...@gmail.com> wrote:
> includedir /var/lib/sss/pubconf/krb5.include.d/
> #File modified by ipa-client-install
>
> [libdefaults]
> default_realm = IPA.DOMAIN.TLD
> dns_lookup_realm = true
> dns_lookup_kdc = true
> rdns = false
> ticket_lifetime = 24h
> forwardable = yes
>
> [realms]
> IPA.DOMAIN.TLD = {
> pkinit_anchors = FILE:/etc/ipa/ca.crt
> }
>
> [domain_realm]
> .ipa.domain.tld = IPA.DOMAIN.TLD
> ipa.domain.tld = IPA.DOMAIN.TLD
>
> ]$ cat /etc/krb5.conf
>
with this config I can reach any realm, by the way, provided it has srv
records. It works for our AD forests as well.
--
Groeten,
natxo
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
