docs: update for modern kerberos libs

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
index 53b7d1aedc2a2958c10cc52930fe1b0750a5eba9..fb81ac0b34d3e9485aaf3a267413c2fde2cf02e2 100644 (file)
--- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
@@ -913,11 +913,7 @@ When manually configuring <filename>krb5.conf</filename>, the minimal configurat
 <screen>
 [libdefaults]
        default_realm = YOUR.KERBEROS.REALM
 <screen>
 [libdefaults]
        default_realm = YOUR.KERBEROS.REALM

-
-[realms]
-       YOUR.KERBEROS.REALM = {
-       kdc = your.kerberos.server
-       }
+       dns_lookup_kdc = true

 
 [domain_realms]
        .kerberos.server = YOUR.KERBEROS.REALM
 
 [domain_realms]
        .kerberos.server = YOUR.KERBEROS.REALM


@@ -925,13 +921,10 @@ When manually configuring <filename>krb5.conf</filename>, the minimal configurat
 </para>
 
 <para>
 </para>
 
 <para>

-<indexterm><primary>Heimdal</primary></indexterm>
-When using Heimdal versions before 0.6, use the following configuration settings:
+If you must specify the KDC directly, the minimal configuration is:

 <screen>
 [libdefaults]
        default_realm      = YOUR.KERBEROS.REALM
 <screen>
 [libdefaults]
        default_realm      = YOUR.KERBEROS.REALM

-       default_etypes     = des-cbc-crc des-cbc-md5
-       default_etypes_des = des-cbc-crc des-cbc-md5

 
 [realms]
         YOUR.KERBEROS.REALM = {
 
 [realms]
         YOUR.KERBEROS.REALM = {


@@ -951,19 +944,6 @@ Test your config by doing a <userinput>kinit
 making sure that your password is accepted by the Win2000 KDC.
 </para>
 
 making sure that your password is accepted by the Win2000 KDC.
 </para>
 

-<para>
-<indexterm><primary>Heimdal</primary></indexterm>
-<indexterm><primary>ADS</primary></indexterm>
-<indexterm><primary>KDC</primary></indexterm>
-<indexterm><primary>Windows 2003</primary></indexterm>
-With Heimdal versions earlier than 0.6.x you can use only newly created accounts
-in ADS or accounts that have had the password changed once after migration, or
-in case of <constant>Administrator</constant> after installation. At the
-moment, a Windows 2003 KDC can only be used with Heimdal releases later than 0.6
-(and no default etypes in krb5.conf). Unfortunately, this whole area is still
-in a state of flux.
-</para>
-

 <note><para>
 <indexterm><primary>realm</primary></indexterm>
 <indexterm><primary>uppercase</primary></indexterm>
 <note><para>
 <indexterm><primary>realm</primary></indexterm>
 <indexterm><primary>uppercase</primary></indexterm>


@@ -988,25 +968,6 @@ great while getting initial credentials</errorname></quote> if the time differen
 Clock skew limits are configurable in the Kerberos protocols. The default setting is five minutes.
 </para>
 
 Clock skew limits are configurable in the Kerberos protocols. The default setting is five minutes.
 </para>
 

-<para>
-<indexterm><primary>DNS</primary></indexterm>
-<indexterm><primary>KDC</primary></indexterm>
-<indexterm><primary>hostname</primary></indexterm>
-<indexterm><primary>realm</primary></indexterm>
-You also must ensure that you can do a reverse DNS lookup on the IP address of your KDC. Also, the name that
-this reverse lookup maps to must either be the NetBIOS name of the KDC (i.e., the hostname with no domain
-attached) or it can be the NetBIOS name followed by the realm.
-</para>
-
-<para>
-<indexterm><primary>/etc/hosts</primary></indexterm>
-<indexterm><primary>KDC</primary></indexterm>
-<indexterm><primary>realm</primary></indexterm>
-The easiest way to ensure you get this right is to add a <filename>/etc/hosts</filename> entry mapping the IP
-address of your KDC to its NetBIOS name. If you do not get this correct, then you will get a <errorname>local
-error</errorname> when you try to join the realm.
-</para>
-

 <para>
 <indexterm><primary>Kerberos</primary></indexterm>
 <indexterm><primary>Create the Computer Account</primary></indexterm>
 <para>
 <indexterm><primary>Kerberos</primary></indexterm>
 <indexterm><primary>Create the Computer Account</primary></indexterm>


@@ -1094,15 +1055,6 @@ name, it may need to be quadrupled to pass through the shell escape and ldap esc
        <replaceable>USERNAME</replaceable>@<replaceable>REALM</replaceable></userinput>.
        <replaceable>USERNAME</replaceable> must be a user who has rights to add a machine to the domain.
        </para></listitem></varlistentry>
        <replaceable>USERNAME</replaceable>@<replaceable>REALM</replaceable></userinput>.
        <replaceable>USERNAME</replaceable> must be a user who has rights to add a machine to the domain.
        </para></listitem></varlistentry>

-
-       <varlistentry><term>Unsupported encryption/or checksum types</term>
-       <listitem><para>
-       <indexterm><primary>/etc/krb5.conf</primary></indexterm>
-       <indexterm><primary>unsupported encryption</primary></indexterm>
-       <indexterm><primary>Kerberos</primary></indexterm>
-       Make sure that the <filename>/etc/krb5.conf</filename> is correctly configured
-       for the type and version of Kerberos installed on the system.
-       </para></listitem></varlistentry>

 </variablelist>
 </para>
 
 </variablelist>
 </para>