From Fedora Project Wiki

Revision as of 12:27, 16 October 2012 by Stefw (talk | contribs) (Initial test case)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


Work has been done to make krb5 configurationless, and unbreak the default /etc/krb5.conf that was distributed with Fedora 17 and earlier.


  1. Make sure you have an Active Directory to access. We'll use AD.EXAMPLE.COM
  2. First run the test below with the config. Move /etc/krb5.conf away if it exists:
    $ sudo mv /etc/krb5.conf /etc/krb5.conf.bak
  3. Now run the test below with a default /etc/krb5.conf file. Copy the attached config file into place.
    $ sudo vi /etc/krb5.conf

How to test

  1. Do a kinit against your Active Directory domain. Yes it's vital that you use the fully capitalized form of the domain name.
    $ kinit Administrator@AD.EXAMPLE.COM
    You should be prompted for a password, and no error message should be printed.

Expected Results

The kinit should complete successfully

Look at the ticket that kinit retrieved. It should look something like:

$ klist -e
Ticket cache: DIR::/run/user/1000/krb5cc_...
Default principal: Administrator@AD.EXAMPLE.COM

Valid starting     Expires            Service principal
10/15/12 00:52:34  10/15/12 10:52:34  krbtgt/AD.EXAMPLE.COM@AD.EXAMPLE.COM
        renew until 10/16/12 00:52:39, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96