diff options
| author | Ben Kaduk <kaduk@mit.edu> | 2013-08-12 13:47:42 -0400 |
|---|---|---|
| committer | Ben Kaduk <kaduk@mit.edu> | 2013-08-12 15:28:07 -0400 |
| commit | 8f5ce824012f2caab6770df464f096c38dc4cb2e (patch) | |
| tree | 80c2374cf7b3a2a3d0ef0c173ba9eb41c5f69cd4 /src | |
| parent | 37eb601a1294244b179cb0e6e6cfb4a16709ccfa (diff) | |
| download | krb5-8f5ce824012f2caab6770df464f096c38dc4cb2e.tar.gz krb5-8f5ce824012f2caab6770df464f096c38dc4cb2e.tar.xz krb5-8f5ce824012f2caab6770df464f096c38dc4cb2e.zip | |
Remove redundant domain_realm mappings
This fixes a long-standing documentation bug where we claimed that
a domain_realm mapping for a host name would not affect entries
under that domain name. The code has always had the behavior where
a host name mapping implies the corresponding domain name mapping,
since the 1.0 release.
While here, replace media-lab with csail in example files, as the
media lab realm is no longer in use. Also strip port 88 from KDC
specifications, and drop the harmful default_{tgs,tkt}_enctypes
lines from src/util/profile/krb5.conf.
Further cleanup on these files to remove defunct realms may be in order.
ticket: 7690 (new)
tags: pullup
target_version: 1.11.4
Diffstat (limited to 'src')
| -rw-r--r-- | src/config-files/krb5.conf | 4 | ||||
| -rw-r--r-- | src/util/profile/krb5.conf | 19 | ||||
| -rw-r--r-- | src/windows/installer/wix/athena/krb5.ini | 3 |
3 files changed, 8 insertions, 18 deletions
diff --git a/src/config-files/krb5.conf b/src/config-files/krb5.conf index 210348fa18..62fbbd6006 100644 --- a/src/config-files/krb5.conf +++ b/src/config-files/krb5.conf @@ -16,10 +16,8 @@ } [domain_realm] - .mit.edu = ATHENA.MIT.EDU mit.edu = ATHENA.MIT.EDU - .media.mit.edu = MEDIA-LAB.MIT.EDU - media.mit.edu = MEDIA-LAB.MIT.EDU + csail.mit.edu = CSAIL.MIT.EDU .ucsc.edu = CATS.UCSC.EDU [logging] diff --git a/src/util/profile/krb5.conf b/src/util/profile/krb5.conf index 73f58b90ca..aefe4abb96 100644 --- a/src/util/profile/krb5.conf +++ b/src/util/profile/krb5.conf @@ -1,18 +1,15 @@ [libdefaults] default_realm = ATHENA.MIT.EDU - default_tgs_enctypes = des-cbc-crc - default_tkt_enctypes = des-cbc-crc - default_keytab_name = FILE:/etc/krb5.keytab kdc_timesync = 1 ccache_type = 4 [realms] ATHENA.MIT.EDU = { # kdc = kerberos-2000.mit.edu - kdc = kerberos.mit.edu:88 - kdc = kerberos-1.mit.edu:88 - kdc = kerberos-2.mit.edu:88 - kdc = kerberos-3.mit.edu:88 + kdc = kerberos.mit.edu + kdc = kerberos-1.mit.edu + kdc = kerberos-2.mit.edu + kdc = kerberos-3.mit.edu admin_server = kerberos.mit.edu default_domain = mit.edu } @@ -26,8 +23,8 @@ admin_server = casio.mit.edu } MOOF.MIT.EDU = { - kdc = three-headed-dogcow.mit.edu:88 - kdc = three-headed-dogcow-1.mit.edu:88 + kdc = three-headed-dogcow.mit.edu + kdc = three-headed-dogcow-1.mit.edu admin_server = three-headed-dogcow.mit.edu } CYGNUS.COM = { @@ -45,10 +42,8 @@ } [domain_realm] - .mit.edu = ATHENA.MIT.EDU mit.edu = ATHENA.MIT.EDU - .media.mit.edu = MEDIA-LAB.MIT.EDU - media.mit.edu = MEDIA-LAB.MIT.EDU + csail.mit.edu = CSAIL.MIT.EDU [login] krb4_convert = true diff --git a/src/windows/installer/wix/athena/krb5.ini b/src/windows/installer/wix/athena/krb5.ini index 169f8b1ac3..49b10fdc7e 100644 --- a/src/windows/installer/wix/athena/krb5.ini +++ b/src/windows/installer/wix/athena/krb5.ini @@ -3,9 +3,6 @@ allow_weak_crypto = true [domain_realm] - .mit.edu = ATHENA.MIT.EDU mit.edu = ATHENA.MIT.EDU - .win.mit.edu = WIN.MIT.EDU win.mit.edu = WIN.MIT.EDU - .csail.mit.edu = CSAIL.MIT.EDU csail.mit.edu = CSAIL.MIT.EDU |