Configuring the Kerberos Server With C-Tree Backend

Configuration Files for the Kerberos Server

NOTE

Realm names are case sensitive; you must type the realm name correctly

 

if your site does not follow the uppercase convention.

 

 

The subsequent lines require fields that identify the security server host names. Each field in the line must be separated by a space or a tab. The second field indicates the Fully Qualified Domain Name (FQDN) of the host security server for that realm.

The order of entries in the krb.conf file is important on the client system, because it is used to identify the intended order of redundant security servers. Applications attempting to connect to the security server use this file to read the entries in the listed order. Redundant security servers are used when higher priority security servers are unavailable or when a network timeout has occurred.

To create comments, use the hash sign(#). Ignore blank lines, leading or trailing white spaces in a line, and characters after a hash (#) symbol.

The krb.realms File

The krb.realms file defines host-to-realm or domain-to-realm name mapping data. The krb.realms file is located only on Kerberos server systems in the /opt/krb5 directory.

The krb.realms file ensures that all systems on the network can identify the other systems that reside in each realm.

Because, the realm name is case sensitive, the Kerberos Server looks for a domain name that is in uppercase characters. If you decide to follow the default realm naming convention, the realm names are already in uppercase characters, and you need not configure and maintain the krb.realms file on your client system.

Secure applications initially search for a matching host name and then a matching domain name in the krb.realms file. If a match is not found, the application initiates a wildcard match.

If no translation entry applies or the file does not exist, the realm name of the host is considered as the domain name of the host’s domain. This domain name is converted to the uppercase equivalent.

66

Chapter 5

Page 66
Image 66
HP UX Kerberos Data Security Software manual Krb.realms File