Configuration Guide for Kerberos Client Products on HP-UX
Configuring the Kerberos Environment
Configuration Files for Kerberos Clients
Chapter 380
}
[domain_realm]
.subdomain.domain.com = KDC1.SUBDOMAIN.DOMAIN.COM
.subdomain.domain.com = KDC2.SUBDOMAIN.DOMAIN.COM
The ldapux_multidomain Option
The ldapux_multidomain option needs to be set to 1 by the
administrator if the realm name of the user needs to be obtained from
the W2K multidomain. See the ldapux (5) manpage for more information
to configure W2K multidomain.
The appdefaults Section
The appdefaults section denotes the default values used by Kerberos V5
applications.
Each tag in the [appdefaults] section names a Kerberos V5
application. The value of the tag is a subsection with relations that
define the default behaviors for that application. For example:
[appdefaults]
kinit = {
forwardable = true
}
You can find the list of options for each application in the respective
application manpages. The application defaults specified in this section
are overridden by those specified in the [realms] section.
See the krb5.conf(4) manpage for more information.
Appendix B, “Sample krb5.conf File,” on page 111 contains a sample copy
of the /etc/krb5.conf file.
In the HP-UX 11i version of the operating system, a sample krb5.conf
file is available as /etc/krb5.conf.sample.
The services File
The services file contains entries that allow client applications to
establish socket connections to the KDC or to the application servers. A
Kerberos client requires the following entries in the /etc/services file:
#
# PAM Kerberos services
#