Work has been done to make
krb5 configurationless, and unbreak the default
/etc/krb5.conf that was distributed with Fedora 17 and earlier.
- Make sure you have an Active Directory to access. We'll use
- First run the test below with the config. Move
/etc/krb5.confaway if it exists:
$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak
- Now run the test below with a default
/etc/krb5.conffile. Copy the attached config file into place.
$ sudo vi /etc/krb5.conf
How to test
- Do a kinit against your Active Directory domain. Yes it's vital that you use the fully capitalized form of the domain name.
$ kinit Administrator@AD.EXAMPLE.COM
- You should be prompted for a password, and no error message should be printed.
kinit should complete successfully
Look at the ticket that
kinit retrieved. It should look something like:
$ klist -e Ticket cache: DIR::/run/user/1000/krb5cc_... Default principal: Administrator@AD.EXAMPLE.COM Valid starting Expires Service principal 10/15/12 00:52:34 10/15/12 10:52:34 krbtgt/AD.EXAMPLE.COM@AD.EXAMPLE.COM renew until 10/16/12 00:52:39, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96