NOTE

NOTE

Configuring the Kerberos Server With C-Tree Backend

Configuration Files for the Kerberos Server

The krb.realms file must contain sufficient entries to define the realm used by every service a client computer must access. You can create a krb.realms file that contains all the required entries for your enterprise.

If you support inter-realm authentication, the krb.realms file must contain the required entries to locate the foreign realms.

The krb.realms file does not identify systems as primary or secondary security servers. It does not define the relationship between the primary and secondary security servers. These definitions exist in the krb.conf configuration file.

The krb.realms File Format

Use the format below to add entries in the krb.realms file. See Appendix C, “Sample krb.realms File,” on page 319to see how a sample krb.realms file looks.

Your_Primary_Security_Server Your_Realm_Name

.Your_Secondary_Security_Server Your_Realm_Name

*.Your_Domain_Name Your_Realm_Name

You can add entries to the file to identify various translations from host names to realm names. The order of the entries is insignificant.

Each entry in the file requires two fields that are separated either by a space or by a tab. The following format is generally used:

The first field specifies a name. You can either specify a single host name or specify multiple host names with one entry using the wildcards . (period) or * (asterisk), respectively, as described in Table 5-2.

The second field specifies the associated realm. By convention, realm names must be in uppercase letters to visually distinguish realm names from domain names.

Realm names are case sensitive. You must type the correct case for the realm name if you are not following the uppercase convention.

Chapter 5

67

Page 67
Image 67
HP UX Kerberos Data Security Software manual Krb.realms File Format