realmd |
---|
realmd can discover generic Kerberos realms. Since there is no standard way to enroll a computer against a Kerberos server, it is not possible to do this with realmd.
realmd discovers which domains or realms it can use or configure. It can discover and identify Kerberos domains by looking up the appropriate DNS SRV records.
The following DNS SRV record is required to be present for realmd to identify a provided realm as a Kerberos domain.
# In this example the Kerberos domain is 'domain.example.com'
_kerberos._udp.domain.example.com.
$ realm --verbose discover domain.example.com
* Searching for kerberos SRV records for domain: _kerberos._udp.domain.example.com
* Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.domain.example.com
* dc.domain.example.com:88
* Trying to retrieve IPA certificate from dc.domain.example.com
! Couldn't read certificate via HTTP: No PEM-encoded certificate found
! Couldn't discover IPA KDC: No PEM-encoded certificate found
* Found kerberos DNS records for: domain.example.com
* Successfully discovered: domain.example.com
...