From b9c782cdc832fca6288e449cd11bfc1efc11a40e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Mar 2023 14:00:33 -0700
Subject: [PATCH] fasjson: try and get it to use dns to lookup kdc

We have been hard coding the kdc into the config here, but if we drop
that it should just look up the kdc from dns. This should also allow it
to use ipa02 and ipa03 instead of just fixating on 01. Hopefully that
will spread some load around and prevent timeouts we have been seeing.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/openshift-apps/fasjson/templates/krb5.conf | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/roles/openshift-apps/fasjson/templates/krb5.conf b/roles/openshift-apps/fasjson/templates/krb5.conf
index 302bad5386..8759f3fe90 100644
--- a/roles/openshift-apps/fasjson/templates/krb5.conf
+++ b/roles/openshift-apps/fasjson/templates/krb5.conf
@@ -2,10 +2,6 @@ includedir /etc/krb5.conf.d/
 
 [libdefaults]
   default_realm = {{ ipa_realm }}
-  dns_lookup_realm = false
-  dns_lookup_kdc = false
-  rdns = false
-  dns_canonicalize_hostname = false
   ticket_lifetime = 24h
   forwardable = true
   udp_preference_limit = 0
@@ -13,10 +9,6 @@ includedir /etc/krb5.conf.d/
 
 [realms]
   {{ ipa_realm }} = {
-    kdc = {{ ipa_server }}:88
-    master_kdc = {{ ipa_server }}:88
-    admin_server = {{ ipa_server }}:749
-    kpasswd_server = {{ ipa_server }}:464
     default_domain = {{ ipa_realm | lower }}
     pkinit_anchors = FILE:/etc/ipa/ca.crt
     pkinit_pool = FILE:/etc/ipa/ca.crt