krb5.conf.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

krb5.conf(4) krb5.conf(4)

forwardable If this ﬂag is set, initial tickets by default will be forwardable. The default value

for this ﬂag is false.

proxiable If this ﬂag is set, initial tickets by default will be proxiable. The default value for

this ﬂag is false.

appdefaults Section

Each tag in the

[appdefaults]

section names a Kerberos V5 application or an option that is used by

some Kerberos V5 application(s). The value of the tag is a subsection with relations that deﬁne the

default behaviors for that application. The four ways to set values for options are as follows, in decreas-

ing order of precedence:

#1)

application = {

realm1 = {

option = value

}

realm2 = {

option = value

}

#2)

application = {

option1 = value

option2 = value

}

#3)

realm = {

option = value

}

#4)

option = value

The list of speciﬁable options for each application may be found in the respective application man pages.

The application defaults speciﬁed in this section are overridden by those speciﬁed in the

[realms] sec-

tion.

The

[login] section is used to conﬁgure the behavior of the Kerberos V5 login program,

realms Section

Each tag in the

[realms] section of the ﬁle names a Kerberos realm. The value of the tag is a subsec-

tion where the relations in that subsection deﬁne the properties of that particular realm. For example:

[realms]

ATHENA.MIT.EDU = {

kdc = KERBEROS.MIT.EDU

kdc = KERBEROS-1.MIT.EDU:750

kdc = KERBEROS-2.MIT.EDU:88

admin_server = KERBEROS.MIT.EDU

default_domain = MIT.EDU

v4_instance_convert = {

mit = mit.edu

lithium = lithium.lcs.mit.edu

}

For each realm, the following tags may be speciﬁed in the realm’s subsection:

kdc The value of this relation is the name of a host running a Key Distribution Center

for that realm. An optional port number (preceded by a colon) may be appended to

the hostname.

admin_server Identiﬁes the host where the administration server is running. Typically this is the

Master Kerberos server. NOTE: Listing a secondary admin server may update the

password on the secondary. This may result in an inconsistency if there is no

HP-UX 11i Version 3: September 2010 − 3 − Hewlett-Packard Company 3