From 0d31833317ccbcfc9b22e88e7c3ed5eaf0c5f154 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 16 Aug 2012 13:16:55 +0200 Subject: Set master_kdc and dns_lookup_kdc to true https://fedorahosted.org/freeipa/ticket/2515 --- contrib/RHEL4/ipa-client-setup | 3 ++- install/share/krb5.conf.template | 3 ++- install/share/krb5.ini.template | 1 + install/tools/ipa-replica-conncheck | 3 ++- ipa-client/ipa-install/ipa-client-install | 1 + 5 files changed, 8 insertions(+), 3 deletions(-) diff --git a/contrib/RHEL4/ipa-client-setup b/contrib/RHEL4/ipa-client-setup index 1a8761036..4d1fead98 100644 --- a/contrib/RHEL4/ipa-client-setup +++ b/contrib/RHEL4/ipa-client-setup @@ -307,7 +307,7 @@ def main(): #[libdefaults] libopts = [{'name':'default_realm', 'type':'option', 'value':ipasrv.getRealmName()}] libopts.append({'name':'dns_lookup_realm', 'type':'option', 'value':'false'}) - libopts.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'false'}) + libopts.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'true'}) libopts.append({'name':'ticket_lifetime', 'type':'option', 'value':'24h'}) libopts.append({'name':'forwardable', 'type':'option', 'value':'yes'}) @@ -316,6 +316,7 @@ def main(): #[realms] kropts =[{'name':'kdc', 'type':'option', 'value':ipasrv.getServerName()+':88'}, + {'name':'master_kdc', 'type':'option', 'value':ipasrv.getServerName()+':88'}, {'name':'admin_server', 'type':'option', 'value':ipasrv.getServerName()+':749'}, {'name':'default_domain', 'type':'option', 'value':ipasrv.getDomainName()}] ropts = [{'name':ipasrv.getRealmName(), 'type':'subsection', 'value':kropts}] diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template index eda8ba6fe..f8b1a6f09 100644 --- a/install/share/krb5.conf.template +++ b/install/share/krb5.conf.template @@ -6,7 +6,7 @@ [libdefaults] default_realm = $REALM dns_lookup_realm = false - dns_lookup_kdc = false + dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes @@ -14,6 +14,7 @@ [realms] $REALM = { kdc = $FQDN:88 + master_kdc = $FQDN:88 admin_server = $FQDN:749 default_domain = $DOMAIN pkinit_anchors = FILE:/etc/ipa/ca.crt diff --git a/install/share/krb5.ini.template b/install/share/krb5.ini.template index 89f4a3701..01cc1369f 100644 --- a/install/share/krb5.ini.template +++ b/install/share/krb5.ini.template @@ -8,6 +8,7 @@ $REALM = { admin_server = $FQDN kdc = $FQDN + master_kdc = $FQDN default_domain = $REALM } diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 8e4536cf6..169e9dc9f 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -177,7 +177,7 @@ def configure_krb5_conf(realm, kdc, filename): #[libdefaults] libdefaults = [{'name':'default_realm', 'type':'option', 'value':realm}] libdefaults.append({'name':'dns_lookup_realm', 'type':'option', 'value':'false'}) - libdefaults.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'false'}) + libdefaults.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'true'}) libdefaults.append({'name':'rdns', 'type':'option', 'value':'false'}) libdefaults.append({'name':'ticket_lifetime', 'type':'option', 'value':'24h'}) libdefaults.append({'name':'forwardable', 'type':'option', 'value':'yes'}) @@ -188,6 +188,7 @@ def configure_krb5_conf(realm, kdc, filename): #the following are necessary only if DNS discovery does not work #[realms] realms_info =[{'name':'kdc', 'type':'option', 'value':ipautil.format_netloc(kdc, 88)}, + {'name':'master_kdc', 'type':'option', 'value':ipautil.format_netloc(kdc, 88)}, {'name':'admin_server', 'type':'option', 'value':ipautil.format_netloc(kdc, 749)}] realms = [{'name':realm, 'type':'subsection', 'value':realms_info}] diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index aca6e3912..a1233fd8a 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -756,6 +756,7 @@ def configure_krb5_conf(cli_realm, cli_domain, cli_server, cli_kdc, dnsok, #[realms] for server in cli_server: kropts.append({'name':'kdc', 'type':'option', 'value':ipautil.format_netloc(server, 88)}) + kropts.append({'name':'master_kdc', 'type':'option', 'value':ipautil.format_netloc(server, 88)}) kropts.append({'name':'admin_server', 'type':'option', 'value':ipautil.format_netloc(server, 749)}) kropts.append({'name':'default_domain', 'type':'option', 'value':cli_domain}) kropts.append({'name':'pkinit_anchors', 'type':'option', 'value':'FILE:/etc/ipa/ca.crt'}) -- cgit