NOTE

Configuration

krb.realms

krb.realms

The realms file defines host-to-realmor domain-to-realmname mapping data. The krb.realms file is located only on the Kerberos Server systems. This file maps hostnames to realms names. The krb.realms is located in the following directory:

/opt/krb5

The realms file ensures that all systems on the network understand the other systems that reside in each realm. The krb.realms file enables secure applications to determine the realm from which a request for a ticket can be made, in order to gain access to a service.

If you have decided to follow the default realm naming convention, it not necessary to maintain this file. The default naming convention is the upper-case letter equivalent to the domain name.

The Kerberos Server, by default, assumes the upper-case equivalent of the host’s domain in its realm name. Thus, if the realm names are the upper-case equivalents of your domain name, you do not need to configure and maintain a krb.realms file on your client systems.

The realm names are case sensitive.

Secure applications initially search for a matching hostname and then a matching domain name in the krb.realms file. If a match is not found, a wildcard match is initiated.

If no translation entry applies or the file does not exist, the host’s realm name is considered to be the host’s domain name. This domain name is converted to the upper-case equivalent.

The realms file must contain sufficient entries to define the realm used by every service a client computer must access. One version of the realms file that contains all required entries for your enterprise, can be created.

If you support inter-realm authentication, the realms file must contain the required entries to locate the foreign realms.

Chapter 5

73