Use id.fp.o for krb everywhere

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-11-28 08:57:20 +00:00 · 2016-11-28 08:57:20 +00:00 · 39672c66f2
commit 39672c66f2
parent 29bc6303fe
1 changed files with 5 additions and 26 deletions
--- a/roles/base/templates/krb5.conf.j2
+++ b/roles/base/templates/krb5.conf.j2
@ -4,14 +4,9 @@
 admin_server = FILE:/var/log/kadmind.log
 [libdefaults]
-{% if env == "production" %}
+ default_realm = {{ ipa_realm }}
- default_realm = FEDORAPROJECT.ORG
+ rdns = false
 {% else %}
 default_realm = STG.FEDORAPROJECT.ORG
 {% endif %}
 {% if inventory_hostname.startswith('buildvm') and env=="staging" %}
 dns_canonicalize_hostname = false
 {% endif %}
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
@ -19,30 +14,14 @@
 forwardable = true
 [realms]
-{% if env == "production" %}
+ {{ ipa_realm }} = {
- FEDORAPROJECT.ORG = {
+  kdc = https://id{{ env_suffix }}.fedoraproject.org/KdcProxy
 {% if datacenter == "phx2" and not krb_builder %}
  kdc = ipa01.phx2.fedoraproject.org
  kdc = ipa02.phx2.fedoraproject.org
 {% else %}
  kdc = https://id.fedoraproject.org/KdcProxy
 {% endif %}
 }
 {% else %}
 STG.FEDORAPROJECT.ORG = {
 {% if datacenter == "phx2" %}
  kdc = ipa01.stg.phx2.fedoraproject.org
 {% else %}
  kdc = https://id.stg.fedoraproject.org/KdcProxy
 {% endif %}
 }
 {% endif %}
 [domain_realm]
 {{env_suffix}}.fedoraproject.org = FEDORAPROJECT.ORG
 {% if env == "production" %}
 .fedoraproject.org = FEDORAPROJECT.ORG
 fedoraproject.org = FEDORAPROJECT.ORG
 {% else %}
 .stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
 stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
 {% endif %}