Update sample configs to include master_kdc

Where we have ATHENA.MIT.EDU stanzas in sample or test krb5.conf files
which define kdc entries, also define a master_kdc entry.  Remove
default_domain and v4_instance_convert entries in examples as they are
only needed for krb5/krb4 principal conversions.  In the krb5_conf.rst
example, remove enctype specifications as we don't want to encourage
their use when they aren't necessary, and remove a redundant
domain_realm entry.

ticket: 7901 (new)

5 files changed, 12 insertions, 19 deletions

diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index 151894937..19ea9c904 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -1107,8 +1107,6 @@ Here is an example of a generic krb5.conf file:
 
     [libdefaults]
         default_realm = ATHENA.MIT.EDU
-        default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
-        default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
         dns_lookup_kdc = true
         dns_lookup_realm = false
 
@@ -1119,7 +1117,6 @@ Here is an example of a generic krb5.conf file:
             kdc = kerberos-2.mit.edu:750
             admin_server = kerberos.mit.edu
             master_kdc = kerberos.mit.edu
-            default_domain = mit.edu
         }
         EXAMPLE.COM = {
             kdc = kerberos.example.com
@@ -1128,7 +1125,6 @@ Here is an example of a generic krb5.conf file:
         }
 
     [domain_realm]
-        .mit.edu = ATHENA.MIT.EDU
         mit.edu = ATHENA.MIT.EDU
 
     [capaths]
diff --git a/src/config-files/krb5.conf b/src/config-files/krb5.conf
index 62fbbd600..9d250bfa9 100644
--- a/src/config-files/krb5.conf
+++ b/src/config-files/krb5.conf
@@ -4,15 +4,10 @@
 [realms]
 # use "kdc = ..." if realm admins haven't put SRV records into DNS
 	ATHENA.MIT.EDU = {
-		admin_server = KERBEROS.MIT.EDU
-		default_domain = MIT.EDU
-		v4_instance_convert = {
-			mit = mit.edu
-			lithium = lithium.lcs.mit.edu
-		}
+		admin_server = kerberos.mit.edu
 	}
 	ANDREW.CMU.EDU = {
-		admin_server = vice28.fs.andrew.cmu.edu
+		admin_server = kdc-01.andrew.cmu.edu
 	}
 
 [domain_realm]
diff --git a/src/lib/krb5/krb/t_krb5.conf b/src/lib/krb5/krb/t_krb5.conf
index b25b1d38a..a80b4ce2a 100644
--- a/src/lib/krb5/krb/t_krb5.conf
+++ b/src/lib/krb5/krb/t_krb5.conf
@@ -7,6 +7,7 @@
 		kdc = KERBEROS-2.MIT.EDU:88
 		kdc = KERBEROS.MIT.EDU
 		kdc = KERBEROS-1.MIT.EDU
+		master_kdc = KERBEROS.MIT.EDU
 		admin_server = KERBEROS.MIT.EDU
 		default_domain = MIT.EDU
 		v4_instance_convert = {
diff --git a/src/util/profile/krb5.conf b/src/util/profile/krb5.conf
index aefe4abb9..7d38e9e53 100644
--- a/src/util/profile/krb5.conf
+++ b/src/util/profile/krb5.conf
@@ -10,8 +10,8 @@
 		kdc = kerberos-1.mit.edu
 		kdc = kerberos-2.mit.edu
 		kdc = kerberos-3.mit.edu
+		master_kdc = kerberos.mit.edu
 		admin_server = kerberos.mit.edu
-		default_domain = mit.edu
 	} 
 	MEDIA-LAB.MIT.EDU = {
 		kdc = kerberos.media.mit.edu
diff --git a/src/util/profile/profile.5 b/src/util/profile/profile.5
index 7f3b36ab5..1b0748e61 100644
--- a/src/util/profile/profile.5
+++ b/src/util/profile/profile.5
@@ -24,11 +24,11 @@ An example profile file might look like this:
 
 [realms]
 	ATHENA.MIT.EDU = {
-		kdc = kerberos.mit.edu:88
-		kdc = kerberos-1.mit.edu:88
-		kdc = kerberos-2.mit.edu:88
-		admin_server = kerberos.mit.edu:88
-		default_domain = mit.edu
+		kdc = kerberos.mit.edu
+		kdc = kerberos-1.mit.edu
+		kdc = kerberos-2.mit.edu
+		master_kdc = kerberos.mit.edu
+		admin_server = kerberos.mit.edu
 	}
 	CYGNUS.COM = {
 		kdc = KERBEROS-1.CYGNUS.COM
@@ -65,7 +65,8 @@ sections have been marked as final:
 
 [realms]
 	ATHENA.MIT.EDU = {
-		kdc = kerberos.mit.edu:88
-		admin_server = kerberos.mit.edu:88
+		kdc = kerberos.mit.edu
+		master_kdc = kerberos.mit.edu
+		admin_server = kerberos.mit.edu
 	}*