HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

191

192

193

194

195

196

197

198

199

200

krb5.conf(4) krb5.conf(4)

NAME

krb5.conf - Kerberos conﬁguration ﬁle

DESCRIPTION

The conﬁguration ﬁle, krb5.conf , contains information needed by the Kerberos V5 library. This

includes information describing the default Kerberos realm and the location of the Kerberos key distribu-

tion centers for known realms.

The

krb5.conf ﬁle uses an INI-style format. Sections are delimited by square brackets,

[].Within

each section, there are relations where tags can be assigned to have speciﬁc values. Tags can also contain a

subsection, which contains further relations or subsections. A tag can be assigned with multiple values.

Here is an example of the INI-style format used by

krb5.conf:

[section1]

tag1 = value_a

tag1 = value_b

tag2 = value_c

[section2]

tag3 = {

subtag1 = subtag_value_a

subtag1 = subtag_value_b

subtag2 = subtag_value_c

}

tag4 = {

subtag1 = subtag_value_d

subtag2 = subtag_value_e

}

The following sections are currently used in the krb5.conf ﬁle. Each will be explained in more details.

[libdefaults] Contains various default values used by the Kerberos V5 library.

[appdefaults] Contains default values used by Kerberos V5 applications.

[login] Contains default values used by the Kerberos V5 login program, login.krb5.

(Note: The Kerberized login program is not delivered as part of this product.)

[realms] Contains Kerberos realm names which describe where to ﬁnd the Kerberos servers for

a particular realm and other realm-speciﬁc information.

[domain_realm]

Contains relations which map subdomains and domain names to Kerberos realm

names. This is used by programs to determine what realm a host should be in, given

its fully qualiﬁed domain name.

[logging] Contains relations which determine how Kerberos entities are to perform their log-

ging.

[capaths] Contains the authentication paths used with non-hierarchical cross-realm. Entries in

this section are used by the client to determine the intermediate realms which may be

used in cross-realm authentication. It is also used by the end-service for checking the

transited ﬁeld for trusted intermediate realms.

libdefaults Section

The following relations are deﬁned in the [libdefaults] section:

default_keytab_name

Speciﬁes the default keytab name to be used by application severs such as telnetd and

rlogind. The default is /etc/krb5.keytab. This formerly defaulted to

/etc/v5srvtab .

default_realm Identiﬁes the default realm to be used in a client host’s Kerberos activity.

default_tgs_enctypes

Identiﬁes the supported list of session key encryption types that should be returned by

the Key Distribution Center. The list may be delimited with commas or white spaces.

default_tkt_enctypes

Identiﬁes the supported list of session key encryption types that should be requested

200 Hewlett-Packard Company − 1 − HP-UX 11i Version 3: February 2007