From b075eb6418ba08df157bf166f45edf0ba87545e3 Mon Sep 17 00:00:00 2001
From: Francis Kayiwa <kayiwa@pobox.com>
Date: Sun, 24 Nov 2024 09:15:03 -0500
Subject: [PATCH] simplify the kerberos config

---
 roles/sssd_ad/tasks/main.yml         | 12 ------------
 roles/sssd_ad/templates/krb5.conf.j2 | 14 +-------------
 2 files changed, 1 insertion(+), 25 deletions(-)

diff --git a/roles/sssd_ad/tasks/main.yml b/roles/sssd_ad/tasks/main.yml
index 58d77c9e23..4c38215644 100644
--- a/roles/sssd_ad/tasks/main.yml
+++ b/roles/sssd_ad/tasks/main.yml
@@ -51,13 +51,6 @@
   register: realm_discovery
   changed_when: false
 
-- name: Sssd_ad | Ensure domain can be discovered
-  ansible.builtin.fail:
-    msg: "Failed to discover {{ ad_domain }}. Check DNS and network settings"
-  when:
-    - running_on_server
-    - "'realm-name: {{ ad_domain }}' not in realm_discover.stdout"
-
 - name: Sssd_ad | join the domain
   ansible.builtin.command: realm join -U {{ ad_admin_user }} {{ ad_domain }}
   vars:
@@ -73,11 +66,6 @@
   register: realm_list
   changed_when: false
 
-- name: Sssd_ad | Ensure domain is listed
-  ansible.builtin.fail:
-    msg: "The domain {{ ad_domain }} is not listed. Join may have failed."
-  when: "'realm-name: {{ ad_domain }}' not in realm_list.stdout"
-
 - name: Sssd_ad | Configure sssd.conf
   ansible.builtin.template:
     src: sssd.conf.j2
diff --git a/roles/sssd_ad/templates/krb5.conf.j2 b/roles/sssd_ad/templates/krb5.conf.j2
index 11bdefb99a..3ff43c9cc4 100644
--- a/roles/sssd_ad/templates/krb5.conf.j2
+++ b/roles/sssd_ad/templates/krb5.conf.j2
@@ -1,15 +1,3 @@
 [libdefaults]
+    udp_preference_limit = 0
     default_realm = {{ ad_domain | upper }}
-    dns_lookup_realm = false
-    dns_lookup_kdc = true
-
-[realms]
-    {{ ad_domain | upper }} = {
-        kdc = {{ ad_domain }}
-        admin_server = {{ ad_domain }}
-    }
-
-[domain_realm]
-    .{{ ad_domain }} = {{ ad_domain | upper }}
-    {{ ad_domain }} = {{ ad_domain | upper }}
-