LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
E Sample /etc/krb5.conf file
This appendix provides a sample krb5.conf file, which supports several domains.
This krb5.conf file has several sections, each controlling specific aspects of the installation:
[libdefaults] Sets defaults for Kerberos on your system, in this case the default realm,
the supported list of session key encryption types that should be returned
by KDC (default_tgs_enctypes), the supported list of session key
encryption types that should be requested by the client
(default_tkt_enctypes), support for multiple domains
(ldapux_multidomain = 1), and the type of cache to be created by
kinit (a Kerberos tool used for obtaining or caching Kerberos
ticket-granting tickets) or when forwarded tickets are received
(ccache_type = 2).
NOTE: The ldapux_multidomain = 1 setting is shown in bold in the
sample file to indicate that this line is a significant modification. The
krb5.conf file created by autosetup does not support multiple domains,
so you have to add this line for such support.
[realms] Specifies the location of the KDC and kpassword for each realm, giving
the IP address and port number the Kerberos client can use to connect to
the Kerberos server to authenticate the user or to change the user password
[domain_realm] Maps domains to realms
[logging] Specifies where and how Kerberos logs errors
[libdefaults]
default_realm = CA.HP.COM
default_tgs_enctypes = AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tkt_enctypes = AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
ldapux_multidomain = 1
ccache_type = 2
[realms]
CA.HP.COM = {
kdc = HPIDM01.CA.HP.COM:88
kpasswd = HPIDM01.CA.HP.COM:464
admin_server = HPIDM01.CA.HP.COM:749
}
NY.HP.COM = {
kdc = HPIDM02.NY.HP.COM:88
kpasswd = HPIDM02.NY.HP.COM:464
admin_server = HPIDM02.NY.HP.COM:749
}
[domain_realm]
.ca.hp.com = CA.HP.COM
.ny.hp.com = NY.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
NOTE: Bold entry is required for multi-domain configuration.
434 Sample /etc/krb5.conf file