HP-UX Reference (11i v2 07/12) - 4 File Formats (vol 8)
k
krb5.conf(4) krb5.conf(4)
NAME
krb5.conf - Kerberos configuration file
DESCRIPTION
The configuration file, krb5.conf , contains information needed by the Kerberos V5 library. This
includes information describing the default Kerberos realm and the location of the Kerberos key distribu-
tion centers for known realms.
The
krb5.conf file uses an INI-style format. Sections are delimited by square braces,
[]. Within each
section, there are relations where tags can be assigned to have specific values. Tags can also contain a sub-
section, which contains further relations or subsections. A tag can be assigned with multiple values. Given
below is an example of the INI-style format that is used by
krb5.conf:
[section1]
tag1 = value_a
tag1 = value_b
tag2 = value_c
[section 2]
tag3 = {
subtag1 = subtag_value_a
subtag1 = subtag_value_b
subtag2 = subtag_value_c
}
tag4 = {
subtag1 = subtag_value_d
subtag2 = subtag_value_e
}
The following sections are currently used in the
krb5.conf file. A detailed explanation of these sections
is provided in the following sections.
[libdefaults] Contains various default values used by the Kerberos V5 library.
[appdefaults] Contains default values used by Kerberos V5 applications.
[login] Contains default values used by the Kerberos V5 login program, login.krb5 .
(Note: The Kerberized login program is not delivered as part of this product.)
[realms] Contains Kerberos realm names which describe where to find the Kerberos servers
for a particular realm and other realm-specific information.
[domain_realm] Contains relations which map subdomains and domain names to Kerberos realm
names. This is used by programs to determine the realm a host should reside in,
based on its fully qualified domain name.
[logging] Contains relations which determine how Kerberos entities are to perform their log-
ging.
[capaths] Contains the authentication paths used with non-hierarchical cross-realm. Entries
in this section are used by the client to determine the intermediate realms which
may be used in cross-realm authentication. It is also used by the end-service for
checking the transited field for trusted intermediate realms.
libdefaults Section
The following relations are defined in the [libdefaults] section:
default_keytab_name
This relation specifies the default keytab name to be used by application severs such
as telnetd and rlogind. The default is /etc/krb5.keytab. This formerly
defaulted to /etc/v5srvtab.
default_realm This relation identifies the default realm to be used in a client host’s Kerberos
activity.
default_tgs_enctypes
This relation identifies the supported list of session key encryption types that should
be returned by the Key Distribution Center. The list may be delimited with
HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 177