On Tue, Jan 5, 2016 at 7:31 PM, Natxo Asenjo <natxo.ase...@gmail.com> wrote:
> includedir /var/lib/sss/pubconf/krb5.include.d/ > #File modified by ipa-client-install > > [libdefaults] > default_realm = IPA.DOMAIN.TLD > dns_lookup_realm = true > dns_lookup_kdc = true > rdns = false > ticket_lifetime = 24h > forwardable = yes > > [realms] > IPA.DOMAIN.TLD = { > pkinit_anchors = FILE:/etc/ipa/ca.crt > } > > [domain_realm] > .ipa.domain.tld = IPA.DOMAIN.TLD > ipa.domain.tld = IPA.DOMAIN.TLD > > ]$ cat /etc/krb5.conf > with this config I can reach any realm, by the way, provided it has srv records. It works for our AD forests as well. -- Groeten, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project