summaryrefslogtreecommitdiff
path: root/source4/setup
diff options
context:
space:
mode:
Diffstat (limited to 'source4/setup')
-rw-r--r--source4/setup/krb5.conf17
-rw-r--r--source4/setup/named.conf14
2 files changed, 17 insertions, 14 deletions
diff --git a/source4/setup/krb5.conf b/source4/setup/krb5.conf
new file mode 100644
index 0000000000..7dad63de73
--- /dev/null
+++ b/source4/setup/krb5.conf
@@ -0,0 +1,17 @@
+[libdefaults]
+ default_realm = ${REALM}
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ ticket_lifetime = 24h
+ forwardable = yes
+
+[realms]
+ ${REALM} = {
+ kdc = ${HOSTNAME}.${DNSDOMAIN}:88
+ admin_server = ${HOSTNAME}.${DNSDOMAIN}:749
+ default_domain = ${DNSDOMAIN}
+ }
+
+[domain_realm]
+ .${DNSDOMAIN} = ${REALM}
+ ${DNSDOMAIN} = ${REALM}
diff --git a/source4/setup/named.conf b/source4/setup/named.conf
index 9cf0b48a7c..4f98bbd914 100644
--- a/source4/setup/named.conf
+++ b/source4/setup/named.conf
@@ -66,20 +66,6 @@ zone "123.168.192.in-addr.arpa" in {
tkey-gssapi-credential "DNS/${DNSDOMAIN}";
tkey-domain "${REALM}";
-# - Add settings for the ${REALM} realm to the Kerberos configuration on the DNS
-# server. The easiest way is to add the following blocks to the appropriate
-# sections in /etc/krb5.conf:
-[realms]
- ${REALM} = {
- kdc = ${HOSTNAME}.${DNSDOMAIN}:88
- admin_server = ${HOSTNAME}.${DNSDOMAIN}:749
- default_domain = ${DNSDOMAIN}
- }
-
-[domain_realm]
- .${DNSDOMAIN} = ${REALM}
- ${DNSDOMAIN} = ${REALM}
-
# - Modify BIND init scripts to pass the location of the generated keytab file.
# Fedora 8 & later provide a variable named KEYTAB_FILE in /etc/sysconfig/named
# for this purpose: