Configuring the Kerberos Environment
Configuration Files for Kerberos Clients
}
[domain_realm]
.subdomain.domain.com = KDC1.SUBDOMAIN.DOMAIN.COM
.subdomain.domain.com = KDC2.SUBDOMAIN.DOMAIN.COM
The ldapux_multidomain Option
The ldapux_multidomain option needs to be set to 1 by the administrator if the realm name of the user needs to be obtained from the W2K multidomain. See the ldapux (5) manpage for more information to configure W2K multidomain.
The appdefaults Section
The appdefaults section denotes the default values used by Kerberos V5 applications.
Each tag in the [appdefaults] section names a Kerberos V5 application. The value of the tag is a subsection with relations that define the default behaviors for that application. For example:
[appdefaults] kinit = {
forwardable = true
}
You can find the list of options for each application in the respective application manpages. The application defaults specified in this section are overridden by those specified in the [realms] section.
See the krb5.conf(4) manpage for more information.
Appendix B, “Sample krb5.conf File,” on page 111 contains a sample copy of the /etc/krb5.conf file.
In the
The services File
The services file contains entries that allow client applications to establish socket connections to the KDC or to the application servers. A Kerberos client requires the following entries in the /etc/services file:
#
#PAM Kerberos services
80 | Chapter 3 |