Does IPA only use ‘sssd.conf’ for kerberos authentication? Is there another file used to configure kerberos?
I’ve built a host using Foreman and our puppet configuration usually pushes a krb5.conf file. However, if I delete it, everything still works fine. What if any function does /etc/krb5.conf have now? <snip> [root@ipa_client ggrindle]# cat /etc/krb5.conf cat: /etc/krb5.conf: No such file or directory [root@ipa_client ggrindle]# rpm -qa |grep ipa-client ipa-client-3.0.0-37.el6.x86_64 [root@ipa_client ggrindle]# kdestroy [root@ipa_client ggrindle]# kinit ggrindle Password for ggrin...@dev.example.com: [root@ipa_client ggrindle]# klist Ticket cache: FILE:/tmp/krb5cc_0.1 Default principal: ggrin...@dev.example.com Valid starting Expires Service principal 06/01/16 19:40:19 06/02/16 19:40:14 krbtgt/dev.example....@dev.example.com [root@ipa_client ggrindle]# tcpdump port 88 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 19:40:53.765163 IP ipa_client.test.dev.example.com.49228 > ipa_server.dev.example.com.kerberos: v5 19:40:53.788043 IP ipa_server.dev.example.com.kerberos > ipa_client.test.dev.example.com.49228: 19:41:06.601826 IP ipa_client.test.dev.example.com.52896 > ipa_server.dev.example.com.kerberos: v5 19:41:06.630012 IP ipa_server.dev.example.com.kerberos > ipa_client.test.dev.example.com.52896: v5 ^C 4 packets captured 6 packets received by filter 0 packets dropped by kernel.kerberos: v5 </snip> -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
