I'll get straight to the point. I have a default Krb5.conf file which causes issues:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.lo
[libdefaults]
default realm = EXAMPLE 1.COM
ccache_type = 2
renew_lifetime = 36000
ticket lifetime = 2d
forwardable = true
renewable = true
allow_weak_crypto = true
dns_lookup_realm = false
dns_lookup_kdc = true
udp_preference_limit = 3000
[realms]
EXAMPLE_1.COM = {
kdc = example4.ad.com
admin_server = admin.example4.ad.com
kadmind_port = XXX
dns_lookup_kdc = false
auth_to_local = RULE: [1:31]
}
EXAMPLE _2.COM = {
kdc = example3.ad.com
dns_lookup_kdc = false
}
[domain_realm]
.example_1.com = EXAMPLE_1.COM
.example_2.com = EXAMPLE_2.COM
.ghsl.cn = EXAMPLE_1.COM
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krbd_convert = false
[login]
EXAMPLE_1.COM = TRUE
[appdefaults]
debug = false
forward = true
forwardable = true
ticket_lifetime = 36000
renew_lifetime = 36000
krb4_convert = false
If I create a new configuration file and change the .example_1.com = EXAMPLE_1.COM to .example_1.com = EXAMPLE_2.COM then it all works by setting java.security.krb5.conf to the new one. However I would much rather override this one value somehow. I have tried setting java.security.krb5.realm to EXAMPLE_2.COM but it does not seem to work.
Any idea how I could never avert having to create a new configuration file?