LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Installing LDAP-UX Client Services
Configuring LDAP-UX Client Services
Chapter 2 43
depends on the configuration to locate the realm’s KDC. The
following is an example of /etc/krb5.conf which has the realm
CUP.HP.COM, and machine myhost.cup.hp.com as KDC:
default_realm = CUP.HP.COM
default_tgs_enctypes = DES-CBC-CRC
default_tkt_enctypes = DES-CBC-CRC
ldapux_multidomain = 1 (this line added only if using
Mutiple Domains)
ccache_type = 2
[realms]
CUP.HP.COM = {
kdc = MYHOST.CUP.HP.COM:88
kpasswd_server = MYHOST.CUP.HP.COM:464
}
[domain_realm]
cup.hp.com = CUP.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
NOTE The permissions of the /etc/krb5.conf file should be set to 644 and
ownership should be root user.
2. For Multiple Domains
For each domain you configure in LDAP-UX, you need to add its KDC
entry into the /etc/krb5.conf file.
For a sample file that supports two domains, refer toAppendix E,
“Sample /etc/krb5.conf File,” on page 183.
3. Add the Kerberos services to the /etc/services file if they do not
exist yet. A Kerberos client requires the following entries in the
/etc/services file for the Kerberos PAM services:
kerberos5 88/udp kdc # Kerberos V5 kdc
kerberos5 88/tcp kdc # Kerberos V5 kdc
kerberos-sec 88/udp kdc # Kerberos V5 kdc
kerberos-sec 88/tcp kdc # Kerberos V5 kdc
kerberos 750/udp kdc # Kerberos V5 kdc
kerberos 750/tcp kdc # Kerberos V5 kdc
klogin 543/tcp # Kerberos rlogin -kfall