Hello can someone please help me with the following question
if I have a Krb5.conf file like the following
[libdefaults]
default_realm = MyDomain.Pri
default_tkt_enctypes = aes256-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 rc4-hmac
forwardable = true
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
DEV.LOCAL = {
kdc = DC01.MyDomain.Pri
kdc = DC02.MyDomain.Pri
kdc = SDC03.MyDomain.Pri
admin_server = DC03.MyDomain.Pri
default_domain = MyDomain.Pri
}
[domain_realm]
.MyDomain.Pri = MyDomain.Pri
MyDomain.Pri = MyDomain.Pri
can I use CNAMEs rather than host FQDN, for example can I replace
kdc = DC01.MyDomain.Pri
with
kdc = DC-VIP.MyDomain.Pri
I would like to use a CNAME so I can change the backend server (AD Domain Controllers in this case), e.g. repoint the CNAME record at a later date without the necessity to update the Krb5.conf file, or the CNAME points to a load balancer
Any advice most welcome
Thanks everyone
CXMelga
if I have a Krb5.conf file like the following
[libdefaults]
default_realm = MyDomain.Pri
default_tkt_enctypes = aes256-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 rc4-hmac
forwardable = true
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
DEV.LOCAL = {
kdc = DC01.MyDomain.Pri
kdc = DC02.MyDomain.Pri
kdc = SDC03.MyDomain.Pri
admin_server = DC03.MyDomain.Pri
default_domain = MyDomain.Pri
}
[domain_realm]
.MyDomain.Pri = MyDomain.Pri
MyDomain.Pri = MyDomain.Pri
can I use CNAMEs rather than host FQDN, for example can I replace
kdc = DC01.MyDomain.Pri
with
kdc = DC-VIP.MyDomain.Pri
I would like to use a CNAME so I can change the backend server (AD Domain Controllers in this case), e.g. repoint the CNAME record at a later date without the necessity to update the Krb5.conf file, or the CNAME points to a load balancer
Any advice most welcome
Thanks everyone
CXMelga