fasjson: try and get it to use dns to lookup kdc

We have been hard coding the kdc into the config here, but if we drop that it should just look up the kdc from dns. This should also allow it to use ipa02 and ipa03 instead of just fixating on 01. Hopefully that will spread some load around and prevent timeouts we have been seeing. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2023-03-25 14:00:33 -07:00 · 2023-03-25 14:00:33 -07:00 · b9c782cdc8
commit b9c782cdc8
parent 05388b37e1
1 changed files with 0 additions and 8 deletions
--- a/roles/openshift-apps/fasjson/templates/krb5.conf
+++ b/roles/openshift-apps/fasjson/templates/krb5.conf
@ -2,10 +2,6 @@ includedir /etc/krb5.conf.d/

 [libdefaults]
  default_realm = {{ ipa_realm }}
-  dns_lookup_realm = false
-  dns_lookup_kdc = false
-  rdns = false
-  dns_canonicalize_hostname = false
  ticket_lifetime = 24h
  forwardable = true
  udp_preference_limit = 0
@ -13,10 +9,6 @@ includedir /etc/krb5.conf.d/

 [realms]
  {{ ipa_realm }} = {
-    kdc = {{ ipa_server }}:88
-    master_kdc = {{ ipa_server }}:88
-    admin_server = {{ ipa_server }}:749
-    kpasswd_server = {{ ipa_server }}:464
    default_domain = {{ ipa_realm | lower }}
    pkinit_anchors = FILE:/etc/ipa/ca.crt
    pkinit_pool = FILE:/etc/ipa/ca.crt