At least for my own experience I had to make a few changes for this doc to work. 1) The ktadd step needs all servers not just the slaves 2) kpropd.acl only goes on the slaves 3) the kdc master service start and master password steps need to be flipped ( daemon won't start until that password is set ) 4) minor change, you have a copy/paste bug in your automation script - has values from the mit kerberos doc which uses different paths than rhel 5) suggestion, tweak the cipher suites to not include weak crypto ( just use the aes ones ) This doc was very helpful thanks! Tweak change #1 for the ktadd - I was getting goofy errors about not being able to find a principal. I don't think even the mit kerberos docs included that step they just had you export the slaves too iirc.
... View more
