HP-UX Reference (11i v1 05/09) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

151

152

153

154

155

156

157

158

159

160

krb5.conf(4) krb5.conf(4)

NAME

krb5.conf - Kerberos conﬁguration ﬁle

DESCRIPTION

The conﬁguration ﬁle, krb5.conf , contains information needed by the Kerberos V5 library. This includes

information describing the default Kerberos realm and the location of the Kerberos key distribution centers

for known realms.

The

krb5.conf ﬁle uses an INI-style format. Sections are delimited by square braces,

[]. Within each

section, there are relations where tags can be assigned to have speciﬁc values. Tags can also contain a sub-

section, which contains further relations or subsections. A tag can be assigned with multiple values. Here is

an example of the INI-style format used by

krb5.conf:

[section1]

tag1 = value_a

tag1 = value_b

tag2 = value_c

[section 2]

tag3 = {

subtag1 = subtag_value_a

subtag1 = subtag_value_b

subtag2 = subtag_value_c

}

tag4 = {

subtag1 = subtag_value_d

subtag2 = subtag_value_e

}

The following sections are currently used in the

krb5.conf ﬁle. Each of these sections will be explained

in more details in the following sections.

[libdefaults]

Contains various default values used by the Kerberos V5 library.

[login] Contains default values used by the Kerberos V5 login program, login.krb5 (Note. Kerber-

ized login program will not be delivered as part of this product)

[realms] Contains Kerberos realm names which describe where to ﬁnd the Kerberos servers for a

particular realm and other realm-speciﬁc information.

[domain_realm]

Contains relations which map subdomains and domain names to Kerberos realm names.

This is used by programs to determine what realm a host should be in, given its fully

qualiﬁed domain name.

[logging] Contains relations which determine how Kerberos entities are to perform their logging.

[capaths] Contains the authentication paths used with non-hierarchical cross-realm. Entries in this

section are used by the client to determine the intermediate realms which may be used in

cross-realm authentication. It is also used by the end-service for checking the transited ﬁeld

for trusted intermediate realms.

libdefaults Section

The following relations are deﬁned in the [libdefaults] section:

default_keytab_name

This relation speciﬁes the default keytab name to be used by application severs

such as telnetd and rlogind. The default is /etc/krb5.keytab. This form-

erly defaulted to /etc/v5srvtab.

default_realm This relation identiﬁes the default realm to be used in a client host’s Kerberos

activity.

default_tgs_enctypes

This relation identiﬁes the supported list of session key encryption types that

should be returned by the Key Distribution Center. The list may be delimited

with commas or whitespaces.

Section 4−−144 Hewlett-Packard Company − 1 − HP-UX 11i Version 1: September 2005