Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Configuration
krb.realms
Chapter 5 73
krb.realms
The realms file defines host-to-realm or domain-to-realm name
mapping data. The krb.realms file is located only on the Kerberos
Server systems. This file maps hostnames to realms names. The
krb.realms is located in the following directory:
/opt/krb5
The realms file ensures that all systems on the network understand the
other systems that reside in each realm. The krb.realms file enables
secure applications to determine the realm from which a request for a
ticket can be made, in order to gain access to a service.
If you have decided to follow the default realm naming convention, it not
necessary to maintain this file. The default naming convention is the
upper-case letter equivalent to the domain name.
The Kerberos Server, by default, assumes the upper-case equivalent of
the host’s domain in its realm name. Thus, if the realm names are the
upper-case equivalents of your domain name, you do not need to
configure and maintain a krb.realms file on your client systems.
NOTE The realm names are case sensitive.
Secure applications initially search for a matching hostname and then a
matching domain name in the krb.realms file. If a match is not found, a
wildcard match is initiated.
If no translation entry applies or the file does not exist, the host’s realm
name is considered to be the host’s domain name. This domain name is
converted to the upper-case equivalent.
The realms file must contain sufficient entries to define the realm used
by every service a client computer must access. One version of the realms
file that contains all required entries for your enterprise, can be created.
If you support inter-realm authentication, the realms file must contain
the required entries to locate the foreign realms.