Manualshelf

Configuration Guide for Kerberos Client Products on HP-UX

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
71727374757677787980
Configuring the Kerberos Environment
Configuration Files for Kerberos Clients
Chapter 3 79
krb5.conf The krb5.conf file specifies the defaults for the
REALM and Kerberos
applications, mappings of the hostnames onto Kerberos
REALMs, and the
location of KDCs for Kerberos
REALMs. Application clients depend on the
configuration file /etc/krb5.conf to locate the
REALM's KDC.
The [libdefaults] section of the krb5.conf file specifies various
parameters for the Kerberos library. In order for the utility klist to
work with PAM Kerberos, it must include ccache_type = 2.
[libdefaults]
default_realm = KDC.SUBDOMAIN.DOMAIN.COM
default_tkt_enctypes = DES-CBC-CRC
default_tgs_enctypes = DES-CBC-CRC
ccache_type = 2
The [realms] section of the krb5.conf file specifies the KDC server and
the Kerberos admin server, kadmind that manages the administration
interface to KDC.
The default ports used by Kerberos are port 88 for the KDC, port 749 for
the kadmin service, and port 751 for kpasswd. You can optionally choose
to run on other ports, as long as the ports are specified in each hosts
/etc/services, and in the krb5.conf files.
[realms]
KDC.SUBDOMAIN.DOMAIN.COM = {
kdc = hostname.subdomain.domain.com:88
admin_server = hostname.subdomain.domain.com:749
}
To configure for multiple Kerberos REALMs, list them in the order of
priority, as in the following example:
[libdefaults]
default_realm = KDC1.SUBDOMAIN.DOMAIN.COM
default_tkt_enctypes = DES-CBC-CRC
default_tgs_enctypes = DES-CBC-CRC
ccache_type = 2
[realms]
KDC1.SUBDOMAIN.DOMAIN.COM = {
kdc = hostname1.subdomain.domain.com:88
admin_server = hostname1.subdomain.domain.com:749
}
KDC2.SUBDOMAIN.DOMAIN.COM = {
kdc = hostname2.subdomain.domain.com:88
admin_server = hostname2.subdomain.domain.com:749