Below is the contents of my krb5.conf...
Autogenerated by esxcfg-auth
pam = {
debug = false
forwardable = true
krb4_convert = false
renew_lifetime = 36000
ticket_lifetime = 36000
}
flhosp.net = FLHOSP.NET
example.com = EXAMPLE.COM
.example.com = EXAMPLE.COM
.domain.com= DOMAIN.COM
flhosp.net = FLHOSP.NET
domain.com = DOMAIN.COM
mydomain.myroot.net = MYDOMAIN.MYROOT.NET
profile = /var/kerberos/krb5kdc/kdc.conf
default_realm = MYDOMAIN.MYROOT.NET
ticket_lifetime = 24000
dns_lookup_realm = false
default_realm = DOMAIN.COM
dns_lookup_kdc = false
default = FILE:/var/log/krb5libs.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
MYDOMAIN.MYROOT.NET = {
admin_server = mydomain.myroot.net:4749
default_domain = mydomain.myroot.net
kdc = dc1.mydomain.myroot.net:88
I also copy krb.conf during install....
Autogenerated by esxcfg-auth
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
v4_mode = nopreauth
I aslo copy krb5.realms during install...
Autogenerated by esxcfg-auth
M01DOMAIN.MYROOT.NET = {
master_key_type = des-cbc-crc
supported_enctypes = des3-cbc-raw:normal des3-cbc-raw:norealm
des3-cbc-raw:onlyrealm des3-cbc-sha1:normal
des3-cbc-sha1:norealm des3-cbc-sha1:onlyrealm
des-cbc-crc:v4 des-cbc-crc:afs3
des-cbc-crc:normal des-cbc-crc:norealm
des-cbc-crc:onlyrealm des-cbc-md4:v4
des-cbc-md4:afs3 des-cbc-md4:normal
des-cbc-md4:norealm des-cbc-md4:onlyrealm
des-cbc-md5:v4 des-cbc-md5:afs3
des-cbc-md5:normal des-cbc-md5:norealm
des-cbc-md5:onlyrealm des-cbc-raw:v4
des-cbc-raw:afs3 des-cbc-raw:normal
des-cbc-raw:norealm des-cbc-raw:onlyrealm
des-cbc-sha1:v4 des-cbc-sha1:afs3
des-cbc-sha1:normal des-cbc-sha1:norealm
des-cbc-sha1:onlyrealm
The accounts are created during install by using the following. I don't set a password.
useradd -m
Any ideas? Do I need to copy the krb5.realms & krb.conf ?
