krb5.conf.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

krb5.conf(4) krb5.conf(4)

password sync mechanism from the secondary to the Master server. This occurs in

the following cases:

• The secondary server is listed above the primary. In this case the

admin_server will ﬁnd the secondary server ﬁrst and update the password

on the secondary server.

• If none of the servers listed above the secondary server respond, then

admin_server will update the password on the secondary.

default_domain

Identiﬁes the default domain for the hosts in the realm. This is needed for translat-

ing V4 principal names (which do not contain a domain name) to V5 principal

names (which do contain a domain name).

v4_instance_convert

This subsection allows the administrator to conﬁgure exceptions to the

default_domain mapping rule. It contains V4 instances (the tag name) which

should be translated to some speciﬁc hostname (the tag value) similar to the second

component in a Kerberos V5 principal name.

domain_realm Section

The

[domain_realm]

section provides a translation from a hostname to the Kerberos realm name for

the services provided by that host.

The tag name can be a hostname or a domain name, where domain names are indicated by a preﬁx of a

period (".") character. The value of the relation is the Kerberos realm name for that particular host or

domain. Host names and domain names should be in lower case.

If no translation entry applies, the host’s realm is considered to be the hostname’s domain portion con-

verted to upper case. For example, the following

[domain_realm]

section:

[domain_realm]

.mit.edu = ATHENA.MIT.EDU

mit.edu = ATHENA.MIT.EDU

dodo.mit.edu = SMS_TEST.MIT.EDU

.ucsc.edu = CATS.UCSC.EDU

maps dodo.mit.edu into the SMS_TEST.MIT.EDU

realm. All other hosts in the MIT.EDU domain to

the

ATHENA.MIT.EDU realm, and all hosts in the

UCSC.EDU domain into the CATS.UCSC.EDU realm.

ucbvax.berkeley.edu

would be mapped by the default rules to the BERKELEY.EDU realm.

sage.lcs.mit.edu would be mapped to the

LCS.MIT.EDU realm.

logging Section

The

[logging] section indicates how a particular entity is to perform its logging. The relations

speciﬁed in this section assign one or more values to the entity name.

Currently, the following entities are used:

kdc These entries specify how the Key Distribution Center is to perform its logging.

admin_server These entries specify how the administrative server is to perform its logging.

default These entries specify how to perform logging in the absence of explicit speciﬁcations

otherwise.

Values for each of these entries take the form entry = value where entry is one of

kdc, admin_server,

or default and value is one of the following:

FILE=filename

FILE:filename This value causes the entity’s logging messages to go to the speciﬁed ﬁle. If the =

form is used, then the ﬁle is overwritten. Otherwise, the ﬁle is appended to.

STDERR This value causes the entity’s logging messages to go to its standard error stream.

CONSOLE This value causes the entity’s logging messages to go to the console if the system

supports it.

DEVICE=devicename

This causes the entity’s logging messages to go to the speciﬁed device.

4 Hewlett-Packard Company − 4 − HP-UX 11i Version 3: September 2010