Add admin_server to the krb5.conf sample and a note about configuring

krb5.conf either maximally (when DNS is not available) or minimally (in the presence of a proper DNS setup). Submitted by: Tillman Hodgson (tillman at seekingfire dot com)
svn path=/head/; revision=22694
2004-10-26 23:14:40 +00:00 · 2004-10-26 23:14:40 +00:00 · d3232e27b9 · 2020-12-08 03:00:23 +00:00
commit d3232e27b9
parent 07cea875d9
1 changed files with 10 additions and 0 deletions
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@ -2342,6 +2342,7 @@ kerberos_stash="YES"</programlisting>
 [realms]
    EXAMPLE.ORG = {
        kdc = kerberos.example.org
+        admin_server = kerberos.example.org
    }
 [domain_realm]
    .example.org = EXAMPLE.ORG</programlisting>
@ -2370,6 +2371,15 @@ _kpasswd._udp       IN  SRV     01 00 464 kerberos.example.org.
 _kerberos-adm._tcp  IN  SRV     01 00 749 kerberos.example.org.
 _kerberos           IN  TXT     EXAMPLE.ORG.</programlisting></note>

+      <note>
+        <para>For clients to be able to find the
+          <application>Kerberos</application> services, you
+          <emphasis>must</emphasis> have either a fully configured
+          <filename>/etc/krb5.conf</filename> or a miminally configured
+          <filename>/etc/krb5.conf</filename> <emphasis>and</emphasis> a
+          properly configured DNS server.</para>
+      </note>
+
      <para>Next we will create the <application>Kerberos</application>
 	database.  This database contains the keys of all principals encrypted
 	with a master password.  You are not