Answer the question
In order to leave comments, you need to log in
M
M
MeroVingeR2019-03-27 12:15:50
MeroVingeR, 2019-03-27 12:15:50
How to change the domain when authorizing kerberos on centos?
Greetings!
Setting up domain authorization for CentOS 6.10.
Our domain looks like: very.long.domain.name. For simplicity, authorization of the form [email protected] is configured for users.
Authorization works fine for very.long.domain.name: #kinit [email protected]
or simpler #kinit UserName
However #kinit [email protected]
returns
kinit: Realm not local to KDC while getting initial credentials.keytab is created with the command:
ktpass -out file.keytab -princ HTTP/[email protected] -mapuser [email protected] -mapOp set -pass ******* -ptype KRB5_NT_PRINCIPAL -crypto AES256-SHA1
Our config
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = VERY.LONG.DOMAIN.NAME
default_keytab_name = FILE:/opt/config/file.keytab
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
VERY.LONG.DOMAIN.NAME = {
default_domain = company.name
kdc = kdc01.very.long.domain.name
kdc = kdc02.very.long.domain.name
kdc = kdc03.very.long.domain.name
admin_server = adminserver.very.long.domain.name
}
[domain_realm]
.VERY.LONG.DOMAIN.NAME = VERY.LONG.DOMAIN.NAME
VERY.LONG.DOMAIN.NAME = VERY.LONG.DOMAIN.NAME
.very.long.domain.name = VERY.LONG.DOMAIN.NAME
very.long.domain.name = VERY.LONG.DOMAIN.NAME
.company.name = VERY.LONG.DOMAIN.NAME
company.name = VERY.LONG.DOMAIN.NAME
Similar questions
I
Ilya Derevyannykh2020-10-07 22:21:50
Is it possible to automatically change prices in Woocommerc?
4Reply
B
J
V
Q
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question