From d9fb5cb52b9450f6ac514b75ec4b74ec3d30affa Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 9 Mar 2017 12:49:54 -0500
Subject: Configure KDC to use certs after they are deployed

Certmonger needs to access the KDC when it tries to obtain certs,
so make sure the KDC can run, then reconfigure it to use pkinit anchors
once certs are deployed.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 install/share/kdc.conf.template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'install')

diff --git a/install/share/kdc.conf.template b/install/share/kdc.conf.template
index ec53a1ff5..c9d5c2829 100644
--- a/install/share/kdc.conf.template
+++ b/install/share/kdc.conf.template
@@ -12,6 +12,6 @@
   dict_file = $DICT_WORDS
   default_principal_flags = +preauth
 ;  admin_keytab = $KRB5KDC_KADM5_KEYTAB
-  pkinit_identity = FILE:$KDC_CERT,$KDC_KEY
-  pkinit_anchors = FILE:$CACERT_PEM
+$NOPK  pkinit_identity = FILE:$KDC_CERT,$KDC_KEY
+$NOPK  pkinit_anchors = FILE:$CACERT_PEM
  }
-- 
cgit