On Wed, Jul 11, 2018 at 09:16:19PM -0000, Mike Conner via FreeIPA-users wrote:
> To the /etc/krb5.conf file on the client, I changed from this:
>
> [realms]
> CS.GRINNELL.EDU = {
> kdc = ipa.cs.grinnell.edu:88
> master_kdc = ipa.cs.grinnell.edu:88
> admin_server = ipa.cs.grinnell.edu:749
> kpasswd_server = ipa.cs.grinnell.edu:464
> default_domain = cs.grinnell.edu
> pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
> pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
>
> }
>
>
> To this:
> [realms]
> CS.DOMAIN.DOM = {
> kdc = ipa.cs.domain.dom:88
> master_kdc = ipa.cs.domain.dom:88
> admin_server = ipa.cs.domain.dom:749
> kpasswd_server = ipa.cs.domain.dom:464
> default_domain = cs.domain.dom
> pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
> pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
>
> }
> DOMAIN.DOM = {
> kdc = kdc1.domain.dom
> admin_server = kdc1.domain.dom
> }
OK and just to confirm the theory, does running kinit for a user from
DOMAIN.COM finish faster than when the DOMAIN.COM entry is commented
out?
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]/message/J4MDAEMRPFUTVAAYOPFUPAKGAVMFEZ3G/
