File: krb5-sync-plugin.README.Debian

package info (click to toggle)
krb5-sync 3.1-1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 2,556 kB
  • ctags: 796
  • sloc: sh: 11,750; ansic: 7,181; perl: 663; makefile: 138
file content (30 lines) | stat: -rw-r--r-- 1,097 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
krb5-sync-plugin for Debian
---------------------------

This package installs the plugin but does not enable it by default since
it requires additional configuration.  To enable it, add a section to
[appdefaults] in krb5.conf like:

    krb5-sync = {
        ad_keytab       = /etc/krb5kdc/ad-keytab
        ad_principal    = service/sync@WINDOWS.EXAMPLE.COM
        ad_realm        = WINDOWS.EXAMPLE.COM
        ad_admin_server = dc1.windows.example.com
        ad_ldap_base    = ou=People,dc=windows,dc=example,dc=com
        ad_instances    = root ipass

        queue_dir       = /var/spool/krb5-sync
    }

(see README.gz in this directory for more information about the meaning of
these settings) and then add to the [plugins] section (creating it if
necessary) of the configuration file for the Kerberos KDC the following:

    kadm5_hook = {
        module = sync:kadm5_hook/sync.so
    }

You will probably also want to install the krb5-sync-tools package, which
provides some additional useful command-line utilities.

 -- Russ Allbery <rra@debian.org>, Mon,  9 Dec 2013 20:58:51 -0800