PAM Kerberos Release Note, HP 9000 Networking

Chapter 1 17

PAM Kerberos Release Note

Conﬁguration

• /etc/krb5.conf

The krb5.conf ﬁle speciﬁes the defaults for the realm and for Kerberos applications,

mappings of hostnames onto Kerberos realms, and the location of KDCs for Kerberos

realms. The application clients depend on the conﬁguration ﬁle /etc/krb5.conf to locate

the realm's KDC.

Replace the underlined REALM.HP.COM and hostname.hp.com with the name of your

Kerberos realm and hostname in the following example.

The [libdefaults] section of the krb5.conf ﬁle speciﬁes various parameters for the

Kerberos library. As mentioned previously, it is required to include "ccache_type = 2" for

PAM Kerberos conﬁguration.

[libdefaults]

default_realm =

REALM.HP.COM

default_tkt_enctypes = DES-CBC-CRC

default_tgs_enctypes = DES-CBC-CRC

ccache_type = 2

The [realms] section of the krb5.conf file speciﬁes the KDC server and the Kerberos

admin server, kadmind, which manages the administration interface to KDC.

[realms]

REALM.HP.COM = {

kdc =

hostname.hp.com:88

admin_server =

hostname.hp.com

}

The [logging] section of the krb5.conf ﬁle speciﬁes the logging ﬁles from the KDC and

kadmind. If you prefer your log ﬁles under /var/log, be sure to create a directory for it.

[logging]

kdc = FILE:/var/adm/krb5kdc.log

admin_server = FILE:/var/adm/kadmin.log

default = FILE:/var/adm/krb5lib.log

See Appendix B for a sample copy of /etc/krb5.conf.

• /etc/services

The services ﬁle contains entries that allow client applications to establish socket

connections to the KDC or to the application servers. The entries required for PAM

Kerberos in the ﬁle /etc/services are:

# PAM Kerberos services

kerberos 88/udp kdc # Kerberos V5 kdc

kerberos 88/tcp kdc # Kerberos V5 kdc