Migrating from the deprecated Kerberos realm
This information is intended for those who already connect to CERN machines and services using Kerberos, but who are using the deprecated Kerberos realm.
If your system is running Scientific Linux CERN (SLC 4,5 or 6): please make sure your system is fully updated by running as root: # yum update. Running that command will install up to date lcm-profile package on your system and reconfigure /etc/krb5.conf for current Kerberos realm.
To correct this on non-SLC systems, you need to edit the /etc/krb5.conf file as root. Remove the lines below that start with a '-', and replace them with the lines which start with a '+'. Any line which isn't prefixed with -/+ is there to show you in which section to make the change. Remove the '+' sign after copying the line.
[realms]
...
CERN.CH = {
default_domain = cern.ch
- kdc = afsdb1.cern.ch
- kdc = afsdb2.cern.ch
- kdc = afsdb3.cern.ch
+ kdc = cerndc.cern.ch
}
You can also replace your /etc/krb5.conf file with this one, or use it as a guide.
