Hello,
I just recently redid my krb5 set up to use LDAP as backend (for less
hassle replication since the LDAP servers were already doing that) and I
was wondering what the best/easiest ways were to deal with cases where
multiple kerberos principals would be logically associated with a single
acco
lly add another
krbPrincipalName attribute with it to the dn=uid=cory,... object? And
something similar for the machine principals?
On Fri, Aug 21, 2015 at 11:49 PM, Greg Hudson wrote:
> On 08/21/2015 12:35 AM, Cory Albrecht wrote:
> > I just recently redid my krb5 set up to use L
Hello all,
Since I changed my kerberos over to the LDAP backend, my FreeBSD server has
been failing ssh logins, with PAM saying that the account is expired. if I
disable kerberos auth and just go with LDAP, things are hunky-dory. The
kerberos principal started off with no expiry dates, and now has
Hello all,
I'm trying to replicate my Ubuntu kerberos servers in FreeBSD 11.2 as I
move things from AWS to Digital Ocean. I'm using 1.16 in both places, but
on FreeBSD the programmes do not seem to honour the database_name field in
kdc.conf. Not in the [realms] section, nor in the [dbmodules] sect
Oh for crying out loud! Why is the config file located in the local state
dir for instead of in the local sysconfig dir?!?
😡
On Sat, Aug 18, 2018 at 9:11 PM Greg Hudson wrote:
> On 08/18/2018 06:58 PM, Cory Albrecht wrote:
> > I'm trying to replicate my Ubuntu kerberos servers i
Am I going to run into any trouble if use a CNAME that redirects to my KDCs
actual hostnames instead of explicitly listing all of them in krb5.conf on
the clients? That way I wouldn't have to copy new krb5.confs to the client
hosts, just update the DNS entry.
___
