diff options
| author | Andrew Kroeger <andrew@sprocks.gotdns.com> | 2008-05-21 18:12:36 -0500 |
|---|---|---|
| committer | Andrew Kroeger <andrew@sprocks.gotdns.com> | 2008-05-21 20:46:15 -0500 |
| commit | bf3f3af92677bce8f03b0dd2be552d6c8c730ca1 (patch) | |
| tree | 02b56d24b78183e6b9bd9ba75ff18ee71387b129 /source4/setup | |
| parent | d95b3aa35d8a24494dd63c92da00d3ecc0890d9b (diff) | |
| download | samba-bf3f3af92677bce8f03b0dd2be552d6c8c730ca1.tar.gz samba-bf3f3af92677bce8f03b0dd2be552d6c8c730ca1.tar.bz2 samba-bf3f3af92677bce8f03b0dd2be552d6c8c730ca1.zip | |
provision: Generate krb5.conf template separate from named.conf template.
(This used to be commit ebf130e9e57b640129cf0d05dbd7d210b71ea371)
Diffstat (limited to 'source4/setup')
| -rw-r--r-- | source4/setup/krb5.conf | 17 | ||||
| -rw-r--r-- | source4/setup/named.conf | 14 |
2 files changed, 17 insertions, 14 deletions
diff --git a/source4/setup/krb5.conf b/source4/setup/krb5.conf new file mode 100644 index 0000000000..7dad63de73 --- /dev/null +++ b/source4/setup/krb5.conf @@ -0,0 +1,17 @@ +[libdefaults] + default_realm = ${REALM} + dns_lookup_realm = false + dns_lookup_kdc = false + ticket_lifetime = 24h + forwardable = yes + +[realms] + ${REALM} = { + kdc = ${HOSTNAME}.${DNSDOMAIN}:88 + admin_server = ${HOSTNAME}.${DNSDOMAIN}:749 + default_domain = ${DNSDOMAIN} + } + +[domain_realm] + .${DNSDOMAIN} = ${REALM} + ${DNSDOMAIN} = ${REALM} diff --git a/source4/setup/named.conf b/source4/setup/named.conf index 9cf0b48a7c..4f98bbd914 100644 --- a/source4/setup/named.conf +++ b/source4/setup/named.conf @@ -66,20 +66,6 @@ zone "123.168.192.in-addr.arpa" in { tkey-gssapi-credential "DNS/${DNSDOMAIN}"; tkey-domain "${REALM}"; -# - Add settings for the ${REALM} realm to the Kerberos configuration on the DNS -# server. The easiest way is to add the following blocks to the appropriate -# sections in /etc/krb5.conf: -[realms] - ${REALM} = { - kdc = ${HOSTNAME}.${DNSDOMAIN}:88 - admin_server = ${HOSTNAME}.${DNSDOMAIN}:749 - default_domain = ${DNSDOMAIN} - } - -[domain_realm] - .${DNSDOMAIN} = ${REALM} - ${DNSDOMAIN} = ${REALM} - # - Modify BIND init scripts to pass the location of the generated keytab file. # Fedora 8 & later provide a variable named KEYTAB_FILE in /etc/sysconfig/named # for this purpose: |