Manualshelf

LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
151152153154155156157158159160
D Sample /etc/krb5.conf file
This appendix provides a sample krkb5.conf file, which supports several domains.
This krb5.conf file has several sections, each controlling specific aspects of the installation:
[libdefaults] Sets defaults for Kerberos on your system, in this case the default realm,
the supported list of session key encryption types that should be returned
by KDC (default_tgs_enctypes), the supported list of session key
encryption types that should be requested by the client
(default_tkt_enctypes), support for multiple domains
(ldapux_multidomain = 1), and the type of cache to be created by
kinit (a Kerberos tool used for obtaining or caching Kerberos
ticket-granting tickets) or when forwarded tickets are received
(ccache_type = 2).
NOTE: The ldapux_multidomain = 1 setting is shown in bold in the
sample file to indicate that this line is a significant modification. The
krb5.conf file created by autosetup does not support multiple domains,
so you have to add this line for such support.
[realms] Specifies the location of the KDC and kpassword for each realm
[domain_realm] Maps domains to realms
[logging] Specifies where and how Kerberos logs errors
[libdefaults]
default_realm = CA.HP.COM
default_tgs_enctypes = AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tkt_enctypes = AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
ldapux_multidomain = 1
ccache_type = 2
[realms]
CA.HP.COM = {
kdc = HPIDM01.CA.HP.COM:88
kpasswd = HPIDM01.CA.HP.COM:464
}
NY.HP.COM = {
kdc = HPIDM02.NY.HP.COM:88
kpasswd = HPIDM02.NY.HP.COM:464
}
[domain_realm]
.ca.hp.com = CA.HP.COM
.ny.hp.com = NY.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
[libdefaults]
default_realm = CA.HP.COM
default_tgs_enctypes = DES-CBC-CRC
default_tkt_enctypes = DES-CBC-CRC
ldapux_multidomain = 1
ccache_type = 2
[realms]
CA.HP.COM = {
kdc = HPSVRC.CA.HP.COM:88
kpasswd_server = HPSVRC.CA.HP.COM:464
}
NY.HP.COM = {
kdc = HPSVRD.NY.HP.COM:88
kpasswd_server = HPSVRD.NY.HP.COM:464
}
[domain_realm]
.ca.hp.com = CA.HP.COM
.ny.hp.com = NY.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
156 Sample /etc/krb5.conf file