Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
MeroVingeR2019-03-27 12:15:50
linux
MeroVingeR, 2019-03-27 12:15:50

How to change the domain when authorizing kerberos on centos?

Greetings!
Setting up domain authorization for CentOS 6.10.
Our domain looks like: very.long.domain.name. For simplicity, authorization of the form [email protected] is configured for users.
Authorization works fine for very.long.domain.name:
#kinit [email protected]
or simpler
#kinit UserName
However
#kinit [email protected]
returns

kinit: Realm not local to KDC while getting initial credentials.

keytab is created with the command:
ktpass -out file.keytab -princ HTTP/[email protected] -mapuser [email protected] -mapOp set -pass ******* -ptype KRB5_NT_PRINCIPAL -crypto AES256-SHA1
Our config
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = VERY.LONG.DOMAIN.NAME 
default_keytab_name = FILE:/opt/config/file.keytab 
dns_lookup_realm = true 
dns_lookup_kdc = true 
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
VERY.LONG.DOMAIN.NAME  = {
default_domain = company.name 
kdc = kdc01.very.long.domain.name
kdc = kdc02.very.long.domain.name
kdc = kdc03.very.long.domain.name
admin_server = adminserver.very.long.domain.name
}

[domain_realm] 
.VERY.LONG.DOMAIN.NAME  = VERY.LONG.DOMAIN.NAME 
VERY.LONG.DOMAIN.NAME  = VERY.LONG.DOMAIN.NAME 
.very.long.domain.name = VERY.LONG.DOMAIN.NAME 
very.long.domain.name = VERY.LONG.DOMAIN.NAME 
.company.name  = VERY.LONG.DOMAIN.NAME 
company.name = VERY.LONG.DOMAIN.NAME

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
N
NBN2015-09-08 19:50:23
How to reverse engineer a PCI-E video capture card? 4Reply
J
jeruthadam2017-08-13 18:59:25
Convenient audio editor for Linux? 1Reply
S
SideWest2020-01-16 15:53:16
How to set up a Linux Mint proxy? 2Reply
H
HaruAtari2015-09-09 13:35:11
How to build an event model for connecting different binary applications? 2Reply
S
Sinot2017-08-14 16:01:28
How to make mdadm start rebuilding on disk hot-plugging? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question