Here is an "anonymized" version of my /etc/krb5.conf:
Code: Select all
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = XXX.YYY.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
XXX.YYY.COM = {
kdc = dc16.xxx.yyy.com
kdc = dc17.xxx.yyy.com
kdc = dc18.xxx.yyy.com
kdc = dc19.xxx.yyy.com
}
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
.xxx.yyy.com = XXX.YYY.COM
xxx.yyy.com = XXX.YYY.COM