HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

201

202

203

204

205

206

207

208

209

210

krb5.conf(4) krb5.conf(4)

appdefaults Section

Each tag in the [appdefaults]

section names a Kerberos V5 application or an option that is used by

some Kerberos V5 application(s). The value of the tag is a subsection with relations that deﬁne the default

behaviors for that application. The four ways to set values for options are as follows, in decreasing order of

precedence:

#1)

application = {

realm1 = {

option = value

}

realm2 = {

option = value

}

#2)

application = {

option1 = value

option2 = value

}

#3)

realm = {

option = value

}

#4)

option = value

The list of speciﬁable options for each application may be found in the respective application man pages.

The application defaults speciﬁed in this section are overridden by those speciﬁed in the

[realms] sec-

tion.

The

[login] section is used to conﬁgure the behavior of the Kerberos V5 login program,

realms Section

Each tag in the

[realms] section of the ﬁle names a Kerberos realm. The value of the tag is a subsection

where the relations in that subsection deﬁne the properties of that particular realm. For example:

[realms]

ATHENA.MIT.EDU = {

kdc = KERBEROS.MIT.EDU

kdc = KERBEROS-1.MIT.EDU:750

kdc = KERBEROS-2.MIT.EDU:88

admin_server = KERBEROS.MIT.EDU

default_domain = MIT.EDU

v4_instance_convert = {

mit = mit.edu

lithium = lithium.lcs.mit.edu

}

For each realm, the following tags may be speciﬁed in the realm’s subsection:

kdc The value of this relation is the name of a host running a Key Distribution Center for

that realm. An optional port number (preceded by a colon) may be appended to the

hostname.

admin_server Identiﬁes the host where the administration server is running. Typically this is the

Master Kerberos server. NOTE: Listing a secondary admin server may update the

password on the secondary. This may result in an inconsistency if there is no pass-

word sync mechanism from the secondary to the Master server. This occurs in the fol-

lowing cases:

• The secondary server is listed above the primary. In this case the

admin_server will ﬁnd the secondary server ﬁrst and update the password

on the secondary server.

202 Hewlett-Packard Company − 3 − HP-UX 11i Version 3: February 2007