Updated Example section in kdc.conf

author: Zhanna Tsitkov <tsitkova@mit.edu> 2012-07-11 10:35:20 -0400
committer: Zhanna Tsitkov <tsitkova@mit.edu> 2012-07-11 10:35:20 -0400
commit: 6281a5c4eff576d64a0af30d09823370105734ca (patch)
tree: 10ab6b986f6cb9d2e8719267c091de838ce2476b /doc/rst_source
parent: 39d15ec390a802e26c77f18bb0b4dcf11ee5d406 (diff)
download: krb5-6281a5c4eff576d64a0af30d09823370105734ca.tar.gz
krb5-6281a5c4eff576d64a0af30d09823370105734ca.tar.xz
krb5-6281a5c4eff576d64a0af30d09823370105734ca.zip
2 files changed, 19 insertions, 5 deletions
diff --git a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst
index 06d92136d2..bcb5e7c248 100644
--- a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst
+++ b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst
@@ -662,12 +662,31 @@ Here's an example of a kdc.conf file:
             max_renewable_life = 7d 0h 0m 0s
             master_key_type = des3-hmac-sha1
             supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
+            database_module = openldap_ldapconf
         }
 
     [logging]
         kdc = FILE:/usr/local/var/krb5kdc/kdc.log
         admin_server = FILE:/usr/local/var/krb5kdc/kadmin.log
 
+    [dbdefaults]
+        ldap_kerberos_container_dn = cn=krbcontainer,dc=mit,dc=edu
+
+    [dbmodules]
+        openldap_ldapconf = {
+            db_library = kldap
+            disable_last_success = true
+            ldap_kdc_dn = "cn=krbadmin,dc=mit,dc=edu"
+                # this object needs to have read rights on
+                # the realm container and principal subtrees
+            ldap_kadmind_dn = "cn=krbadmin,dc=mit,dc=edu"
+                # this object needs to have read and write rights on
+                # the realm container and principal subtrees
+            ldap_service_password_file = /etc/kerberos/service.keyfile
+            ldap_servers = ldaps://kerberos.mit.edu
+            ldap_conns_per_server = 5
+        }
+
 
 FILES
 ------
diff --git a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
index 6f9a282eb6..7c52244af7 100644
--- a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
+++ b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
@@ -996,11 +996,6 @@ Here is an example of a generic krb5.conf file:
             kdc = kerberos-1.example.com
             admin_server = kerberos.example.com
         }
-        OPENLDAP.MIT.EDU = {
-            kdc = kerberos.mit.edu
-            admin_server = kerberos.mit.edu
-            database_module = openldap_ldapconf
-        }
 
     [domain_realm]
         .mit.edu = ATHENA.MIT.EDU
author	Zhanna Tsitkov <tsitkova@mit.edu>	2012-07-11 10:35:20 -0400
committer	Zhanna Tsitkov <tsitkova@mit.edu>	2012-07-11 10:35:20 -0400
commit	6281a5c4eff576d64a0af30d09823370105734ca (patch)
tree	10ab6b986f6cb9d2e8719267c091de838ce2476b /doc/rst_source
parent	39d15ec390a802e26c77f18bb0b4dcf11ee5d406 (diff)
download	krb5-6281a5c4eff576d64a0af30d09823370105734ca.tar.gz krb5-6281a5c4eff576d64a0af30d09823370105734ca.tar.xz krb5-6281a5c4eff576d64a0af30d09823370105734ca.zip