In order to align the behaviour of the Kerberos configuration for IPAdev with the current AD one, I disabled rDNS resolution.
After running some tests with the 1.3-1 version, I also realised the
dns_lookup_realm = true parameter superfluous, since domain to realm fallback mechanism (
realm_try_domains = true) was enough.
dns_lookup_kdc parameter was moved to realm definitions, since the global one is not necessary anymore if
dns_lookup_realm is disable. Also this is more in accordance with the modular configuration approach.
The ticket and renewal lifetimes were also update to match AD's ones.