diff options
| author | Sumit Bose <sbose@redhat.com> | 2012-08-16 13:16:55 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-09-19 20:47:12 -0400 |
| commit | 0d31833317ccbcfc9b22e88e7c3ed5eaf0c5f154 (patch) | |
| tree | 2e3601db9779f24c218ac5ec427f1ec641e2ba08 | |
| parent | dd72ed62125a1de5af88c443a8b0e4621b269e16 (diff) | |
| download | freeipa-0d31833317ccbcfc9b22e88e7c3ed5eaf0c5f154.tar.gz freeipa-0d31833317ccbcfc9b22e88e7c3ed5eaf0c5f154.tar.xz freeipa-0d31833317ccbcfc9b22e88e7c3ed5eaf0c5f154.zip | |
Set master_kdc and dns_lookup_kdc to true
https://fedorahosted.org/freeipa/ticket/2515
| -rw-r--r-- | contrib/RHEL4/ipa-client-setup | 3 | ||||
| -rw-r--r-- | install/share/krb5.conf.template | 3 | ||||
| -rw-r--r-- | install/share/krb5.ini.template | 1 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-conncheck | 3 | ||||
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 1 |
5 files changed, 8 insertions, 3 deletions
diff --git a/contrib/RHEL4/ipa-client-setup b/contrib/RHEL4/ipa-client-setup index 1a8761036..4d1fead98 100644 --- a/contrib/RHEL4/ipa-client-setup +++ b/contrib/RHEL4/ipa-client-setup @@ -307,7 +307,7 @@ def main(): #[libdefaults] libopts = [{'name':'default_realm', 'type':'option', 'value':ipasrv.getRealmName()}] libopts.append({'name':'dns_lookup_realm', 'type':'option', 'value':'false'}) - libopts.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'false'}) + libopts.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'true'}) libopts.append({'name':'ticket_lifetime', 'type':'option', 'value':'24h'}) libopts.append({'name':'forwardable', 'type':'option', 'value':'yes'}) @@ -316,6 +316,7 @@ def main(): #[realms] kropts =[{'name':'kdc', 'type':'option', 'value':ipasrv.getServerName()+':88'}, + {'name':'master_kdc', 'type':'option', 'value':ipasrv.getServerName()+':88'}, {'name':'admin_server', 'type':'option', 'value':ipasrv.getServerName()+':749'}, {'name':'default_domain', 'type':'option', 'value':ipasrv.getDomainName()}] ropts = [{'name':ipasrv.getRealmName(), 'type':'subsection', 'value':kropts}] diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template index eda8ba6fe..f8b1a6f09 100644 --- a/install/share/krb5.conf.template +++ b/install/share/krb5.conf.template @@ -6,7 +6,7 @@ [libdefaults] default_realm = $REALM dns_lookup_realm = false - dns_lookup_kdc = false + dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes @@ -14,6 +14,7 @@ [realms] $REALM = { kdc = $FQDN:88 + master_kdc = $FQDN:88 admin_server = $FQDN:749 default_domain = $DOMAIN pkinit_anchors = FILE:/etc/ipa/ca.crt diff --git a/install/share/krb5.ini.template b/install/share/krb5.ini.template index 89f4a3701..01cc1369f 100644 --- a/install/share/krb5.ini.template +++ b/install/share/krb5.ini.template @@ -8,6 +8,7 @@ $REALM = {
admin_server = $FQDN
kdc = $FQDN
+ master_kdc = $FQDN
default_domain = $REALM
}
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 8e4536cf6..169e9dc9f 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -177,7 +177,7 @@ def configure_krb5_conf(realm, kdc, filename): #[libdefaults] libdefaults = [{'name':'default_realm', 'type':'option', 'value':realm}] libdefaults.append({'name':'dns_lookup_realm', 'type':'option', 'value':'false'}) - libdefaults.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'false'}) + libdefaults.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'true'}) libdefaults.append({'name':'rdns', 'type':'option', 'value':'false'}) libdefaults.append({'name':'ticket_lifetime', 'type':'option', 'value':'24h'}) libdefaults.append({'name':'forwardable', 'type':'option', 'value':'yes'}) @@ -188,6 +188,7 @@ def configure_krb5_conf(realm, kdc, filename): #the following are necessary only if DNS discovery does not work #[realms] realms_info =[{'name':'kdc', 'type':'option', 'value':ipautil.format_netloc(kdc, 88)}, + {'name':'master_kdc', 'type':'option', 'value':ipautil.format_netloc(kdc, 88)}, {'name':'admin_server', 'type':'option', 'value':ipautil.format_netloc(kdc, 749)}] realms = [{'name':realm, 'type':'subsection', 'value':realms_info}] diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index aca6e3912..a1233fd8a 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -756,6 +756,7 @@ def configure_krb5_conf(cli_realm, cli_domain, cli_server, cli_kdc, dnsok, #[realms] for server in cli_server: kropts.append({'name':'kdc', 'type':'option', 'value':ipautil.format_netloc(server, 88)}) + kropts.append({'name':'master_kdc', 'type':'option', 'value':ipautil.format_netloc(server, 88)}) kropts.append({'name':'admin_server', 'type':'option', 'value':ipautil.format_netloc(server, 749)}) kropts.append({'name':'default_domain', 'type':'option', 'value':cli_domain}) kropts.append({'name':'pkinit_anchors', 'type':'option', 'value':'FILE:/etc/ipa/ca.crt'}) |