Index Index for
Section 4
Index Alphabetical
listing for K
Bottom of page Bottom of
page		 

krb.conf(4)


NAME

  krb.conf - Contains configuration information that describes the default
  realm of the host, the administration server, and Kerberos servers for
  known realms


SYNOPSIS

  /krb5/krb.conf


DESCRIPTION

  The /krb5/krb.conf file is a text file that contains configuration
  information that describes the default realm of the host, the
  administration server, and Kerberos servers for known realms. It lists the
  host computer's default realm and maps known realms to their primary and
  secondary Kerberos servers by host name and network location.


NOTES

  For inter-realm authentication, you must add an entry that maps the foreign
  realm to its host Kerberos server.

  If you can configure your Kerberos server system names using the default
  naming conventions (that is, the ordering convention or the DNS rotary
  convention), you do not need to configure and maintain a krb.conf file.

  If the krb.conf file is not found, is blank, or does not list a valid
  default realm, the Tru64 UNIX operating system converts the host's domain
  name to upper-case letters and uses that as the default realm name. If the
  server information is missing from the configuration file, the Tru64 UNIX
  operating system attempts to locate the server when the default naming
  conventions are in place.

  The order of entries in the krb.conf file is important because the file is
  used to identify the intended order of redundant Kerberos servers.
  Applications that use the file read the entries one at a time in the entry
  order when attempting to connect to a Kerberos server. Redundant Kerberos
  servers are used when another Kerberos server is unavailable or a network
  timeout has occurred (for example, during the authentication sequence when
  the network connection between the client and a Kerberos server is
  interrupted.)

  To create comments, use the number sign (#). Any characters after a number
  sign (#) are ignored to the end of line. Blank lines and any leading or
  trailing white space on a line are also ignored.

  The first line of a krb.conf file is the host computer's default realm.
  This is followed by a line that identifies the primary Kerberos server,
  another line that identifies the secondary Kerberos server, and additional
  lines that identify realms where inter-realm authentication is performed.

  Entries for the primary and secondary Kerberos servers have the following
  fields, where each field on a line must be separated by a space or a tab:

    ·  The first field is the realm name. By convention, realm names are in
       uppercase letters to distinguish them visually from domain names.
       Realm names are case sensitive; you must type the correct case for the
       realm name if your site does not follow the uppercase convention.

    ·  The second field is the fully qualified domain name (FQDN) of the host
       Kerberos server for that realm.

    ·  The remaining field can be used to specify the keywords in the
       following table to configure the host as a primary Kerberos server or
       to support TCP.

       _______________________________________________________________
       Keyword	      Description
       _______________________________________________________________
       admin server

		      Specifies that the server is a primary Kerberos
		      server for the realm. (Do not use this keyword
		      if the server is a secondary server.)
       tcp/port#

		      Specifies that TCP is the communication protocol
		      between servers. UDP is the default
		      communication protocol and does not need to be
		      specified.

		      If you specify TCP, you can specify the port to
		      use to communicate with the Kerberos server. To
		      specify a port value, use a numeric value or a
		      service name listed in /etc/services, such as
		      tcp/88 or tcp/kerberos5.
       _______________________________________________________________


EXAMPLES

  The following is an example, of a krb.conf file:

       BIZ.COM
       BIZ.COM shoe.biz.com admin server
       BIZ.COM sneakers.biz.com
       BIZ.COM boot.biz.com
       FOOTWEAR.BIZ.COM leather.footwear.biz.com admin server
       BABYSHOE.BIZ.COM infant.babyshoe.biz.com admin server

  The entries in this krb.conf file are the names of the following realms and
  servers:

    ·  Line one identifies BIZ.COM as the default realm.

    ·  Line two identifies shoe.biz.com the primary Kerberos server.

    ·  Lines three and four identify sneakers.biz.com and boot.biz.com as the
       secondary Kerberos servers.

    ·  Lines five and six identify FOOTWEAR.BIZ.COM and BABYSHOE.BIZ.COM as
       realms where inter-realm authentication is performed.


SEE ALSO

  Files: krb.realms(4)

Index Index for
Section 4
Index Alphabetical
listing for K
Top of page Top of
page