On Wed, Aug 8, 2012 at 11:06 AM, Petr Spacek <pspa...@redhat.com> wrote:
> Best way is to create subdomain UNIX.MYCOMPANY.COM and fill it with proper > SRV records (or let IPA to manage it). Absolutely, this is the best way. > You can configure each all servers and client statically with > /etc/krb5.conf, but it is error-prone and not scalable. You *could* use something like puppet to manage your krb5.conf files (I have to with our AIX machines.) Also, it's important to note that your REALM does NOT need to match your dns domain name It's a convenience, and it's very, very helpful to do so, but it is possible to have a REALM called "MIDDLEEARTH" if you wanted. I'm not sure how IPA would deal with that, but I know you can do it in straight up Kerberos. --Jason _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users