HP-UX Reference (11i v2 04/09) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

161

162

163

164

165

166

167

168

169

170

krb5.conf(4) krb5.conf(4)

NAME

krb5.conf - Kerberos conﬁguration ﬁle

DESCRIPTION

The conﬁguration ﬁle,

krb5.conf, contains information needed by the Kerberos V5 library. This

includes information describing the default Kerberos realm and the location of the Kerberos key distribu-

tion centers for known realms.

The

krb5.conf ﬁle uses an INI-style format. Sections are delimited by square braces,

[].Within

each section, there are relations where tags can be assigned to have speciﬁc values. Tags can also contain

a subsection, which contains further relations or subsections. A tag can be assigned with multiple values.

Given below is an example of the INI-style format that is used by

krb5.conf:

[section1]

tag1 = value_a

tag1 = value_b

tag2 = value_c

[section 2]

tag3 = {

subtag1 = subtag_value_a

subtag1 = subtag_value_b

subtag2 = subtag_value_c

}

tag4 = {

subtag1 = subtag_value_d

subtag2 = subtag_value_e

}

The following sections are currently used in the

krb5.conf ﬁle. A detailed explanation of these sec-

tions is provided in the following sections.

[libdefaults] Contains various default values used by the Kerberos V5 library.

[appdefaults] Contains default values used by Kerberos V5 applications.

[login] Contains default values used by the Kerberos V5 login program, login.krb5.

(Note: The Kerberized login program is not delivered as part of this product.)

[realms] Contains Kerberos realm names which describe where to ﬁnd the Kerberos

servers for a particular realm and other realm-speciﬁc information.

[domain_realm] Contains relations which map subdomains and domain names to Kerberos realm

names. This is used by programs to determine the realm a host should reside in,

based on its fully qualiﬁed domain name.

[logging] Contains relations which determine how Kerberos entities are to perform their

logging.

[capaths] Contains the authentication paths used with non-hierarchical cross-realm.

Entries in this section are used by the client to determine the intermediate realms

which may be used in cross-realm authentication. It is also used by the end-

service for checking the transited ﬁeld for trusted intermediate realms.

libdefaults Section

The following relations are deﬁned in the

[libdefaults] section:

default_keytab_name

This relation speciﬁes the default keytab name to be used by application severs

such as telnetd and rlogind. The default is /etc/krb5.keytab. This formerly

defaulted to /etc/v5srvtab.

default_realm This relation identiﬁes the default realm to be used in a client host’s Kerberos

activity.

default_tgs_enctypes

This relation identiﬁes the supported list of session key encryption types that

should be returned by the Key Distribution Center. The list may be delimited

with commas or whitespaces.

Section 4−−152 Hewlett-Packard Company − 1 − HP-UX 11i Version 2: September 2004