 |
Index for
Section 4 |
|
 |
Alphabetical
listing for K |
|
 |
Bottom of
page |
|
krb.realms(4)
NAME
krb.realms - Contains configuration information that associates host names
with realm names
SYNOPSIS
/krb5/krb.realms
DESCRIPTION
The /krb5/krb.realms file is a text file that associates host names with
their realm names. Secured applications use the krb.realms file to
determine the realm from which to request a ticket to gain access to a
service.
NOTES
By default, the Tru64 UNIX operating system assumes the uppercase
equivalent of the host's domain is its realm name. Thus, if your realm
names are the uppercase equivalents of your domain names, you do not need
to configure and maintain a krb.realms file.
Wildcards are special characters in the krb.realms file that use one entry
to map multiple hosts to a single realm. When secured applications search
the krb.realms file, they check for a matching host name, then a matching
domain name. If they do not find a match, they check for a wildcard match.
There are two permitted wildcard characters:
· Use an asterisk (*) with a domain name to specify all hosts that have
that domain root name. For example, *.biz.com specifies all hosts in
all domains ending in biz.com, such as footwear.exec.biz.com.
· Use a question mark (?) in the first field with a host or domain name
to specify any letter. For example, ???footwear.biz.com identifies any
host in the biz.com domain that has a name with any three letters
preceding footwear, such as bigfootwear.biz.com.
If no associated entry applies or the file does not exist, the host's realm
name is considered to be the host's domain name converted to the uppercase
letter equivalent.
Multiple entries can be added to the file to identify various conversions
from host names to realm names. The order of the entries is not important.
To create comments, use the number sign (#). Any characters after a number
sign are ignored to the end of the line. Blank lines and any leading or
trailing white space on a line are also ignored.
Each entry in the krb.realms file must be on a separate line and requires
the following two fields, separated by a space or a tab:
· The first field is the host name. You can use a domain name to
associate each host in a domain with the same realm name. When you
specify a domain name, precede the name with a period.
· The second field is the associated realm name. By convention, realm
names are in uppercase letters to distinguish them visually from
domain names. Realm names are case sensitive; you must type the
correct case for the realm name if your site does not follow the
uppercase convention.
EXAMPLES
The following is an example of a krb.realms file:
footwear.biz.com SERIOUS.BIZ.COM #map host directly
.admin.biz.com ADMIN.BIZ.COM #all hosts in domain
*.biz.com BIZ.COM #all other hosts
The entries in this krb.realms file achieve the following:
· Line one associates the host footwear.biz.com with the SERIOUS.BIZ.COM
realm.
· Line two associates all hosts in the admin.biz.com domain with the
ADMIN.BIZ.COM realm. The preceding period identifies the first field
as a domain name rather than a host name. Typically, this line is not
required because the realm name is the uppercase letter equivalent of
the domain name. However, in this example, it is required to prevent
the third line from associating the hosts in the admin.biz.com domain
to the BIZ.COM realm.
· Line three associates all other hosts in other domains with the root
name biz.com to the BIZ.COM realm. For example, hosts in sales.biz.com
and support.teams.biz.com domains are mapped to the realm BIZ.COM.
SEE ALSO
Files: krb.conf(4)
|
Index for
Section 4 |
|
|
Alphabetical
listing for K |
|
 |
Top of
page |
|