krb5.conf.4 (2010 09)
k
krb5.conf(4) krb5.conf(4)
NERSC.GOV = ES.NET
ES.NET = .
}
TEST.ANL.GOV = {
ANL.GOV = .
}
PNL.GOV = {
ANL.GOV = ES.NET
}
NERSC.GOV = {
ANL.GOV = ES.NET
}
ES.NET = {
ANL.GOV = .
}
The [capaths] section of the configuration file used on
NERSC.GOV systems would look like this:
[capaths]
NERSC.GOV = {
ANL.GOV = ES.NET
TEST.ANL.GOV = ES.NET
TEST.ANL.GOV = ANL.GOV
PNL.GOV = ES.NET
ES.NET = .
}
ANL.GOV = {
NERSC.GOV = ES.NET
}
PNL.GOV = {
NERSC.GOV = ES.NET
}
ES.NET = {
NERSC.GOV = .
}
TEST.ANL.GOV = {
NERSC.GOV = ANL.GOV
NERSC.GOV = ES.NET
}
}
In the above examples, the ordering is not important, except when the same subtag name is used more
then once. The client will use this to determine the path. (It is not important to the server since the tran-
sited field is not sorted.)
If this section is not present, or if the client or server cannot find a client/server path, then normal
hierarchical organization is assumed.
This feature is not currently supported by DCE. DCE security servers can be used with Kerberized
clients and servers, but versions prior to DCE 1.1 did not fill in the transited field and should be used
with caution.
FILES
/etc/krb5.conf
Kerberos configuration file.
/usr/contrib/krb5/sample/krb5.conf.sample
A sample Kerberos configuration file shipped with this product.
6 Hewlett-Packard Company − 6 − HP-UX 11i Version 3: September 2010