Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Configuration
krb.conf
Chapter 5 69
krb.conf
The krb.conf file contains information about the default realm of the
host, the administration server, and security servers for known
realms. We recommend that you copy the krb.conf.sample file from
/opt/krb5/example/krb.conf to the /opt/krb5/krb.conf directory.
This file must reside in the /opt/krb5 directory and must have the
following permissions assigned to it:
-rw-r--r-- root 3
The configuration file identifies the servers that support authentication
for the designated realm and defines the defaultrealm for the host where
the file is stored.
The krb.conf file lists the host system’s default realm and maps known
realms to their Primary and Secondary Security Servers by hostname
and network location.
The krb.conf file allows the client to locate servers on the network for
authenticaton requests. For inter-realm authentication, an entry that
maps the foreign realm to its host Security Server needs to be added to
the configuration file.
Assuming your network environment performs load-balancing and
redundancy, you must create multiple versions of the krb.conf file. It is
important that Secondary Servers are configured to act as
authentication servers. This allows the Primary Server to be available
for tasks other than authentication.
This file is used during propagation configuration. The realm specified in
the first line of the configuration file is regarded as the server’s default
realm. This has to be the first realm created in the database containing
the K/M principal.
krb.conf Format
Your_Realm_Name
Your_Realm_Name Your_Secondary_Server1
Your_Realm_Name Your_Secondary_Server2
Your_Realm_Name host.subdomain.domain.com admin server