Make IPA defaults converge with current AD ones
In order to align the behaviour of the Kerberos configuration for IPAdev with the current AD one, I disabled rDNS resolution.
After running some tests with the 1.3-1 version, I also realised the dns_lookup_realm = true
parameter superfluous, since domain to realm fallback mechanism (realm_try_domains = true
) was enough.
The dns_lookup_kdc
parameter was moved to realm definitions, since the global one is not necessary anymore if dns_lookup_realm
is disable. Also this is more in accordance with the modular configuration approach.
The ticket and renewal lifetimes were also update to match AD's ones.