HP UX Kerberos Data Security Software manual 69

Configuration

krb.conf

krb.conf

The krb.conf file contains information about the default realm of the host, the administration server, and security servers for known realms. We recommend that you copy the krb.conf.sample file from /opt/krb5/example/krb.conf to the /opt/krb5/krb.conf directory.

This file must reside in the /opt/krb5 directory and must have the following permissions assigned to it:

The configuration file identifies the servers that support authentication for the designated realm and defines the default realm for the host where the file is stored.

The krb.conf file lists the host system’s default realm and maps known realms to their Primary and Secondary Security Servers by hostname and network location.

The krb.conf file allows the client to locate servers on the network for authenticaton requests. For inter-realm authentication, an entry that maps the foreign realm to its host Security Server needs to be added to the configuration file.

Assuming your network environment performs load-balancing and redundancy, you must create multiple versions of the krb.conf file. It is important that Secondary Servers are configured to act as authentication servers. This allows the Primary Server to be available for tasks other than authentication.

This file is used during propagation configuration. The realm specified in the first line of the configuration file is regarded as the server’s default realm. This has to be the first realm created in the database containing the K/M principal.

krb.conf Format

Your_Realm_Name

Your_Realm_Name Your_Secondary_Server1

Your_Realm_Name Your_Secondary_Server2

Your_Realm_Name host.subdomain.domain.com admin server