The krb5.conf file contains Kerberos configuration information, including the locations of KDCs and admin servers for the Kerberos realms of interest, defaults for the current realm and for Kerberos applications, and mappings of hostnames onto Kerberos realms. You should install your krb5.conf file in the /etc directory. You can override the default location by setting the environment variable KRB5_CONFIG. While managing Novell Kerberos KDC, when you do not specify any of the mandatory parameters, the values are taken from the /etc/krb5.conf file.
For a sample configuration file, refer to Section A.0, Sample krb5.conf File.
Table 3-1 krb5.conf Configuration File Details
|
Parameter |
Description |
|---|---|
|
libdefaults |
|
|
default_realm |
Identifies the default Kerberos realm. |
|
realms |
|
|
max_life |
Specifies the maximum lifetime of the ticket issued. |
|
max_renewable_life |
Specifies the maximum time period during which a valid ticket can be renewed. |
|
acl_file |
Filename and path of the ACL file. |
|
dict_file |
Filename and path of the DICT file. |
|
kdc |
KDC server name for the realm. |
|
admin_server |
Administration server name for the realm. |
|
kpasswd_server |
Password server name for the realm. |
|
database_module |
Database module configuration tag (refer to the one used in the dbmodules section.) |
|
domain_realm |
Domain-realm mappings provides translation from a domain name or hostname to a Kerberos realm. |
|
logging |
|
|
kdc |
Filename and path of the KDC log file. |
|
admin_server |
Filename and path of the Administration server log file. |
|
kpasswd_server |
Filename and path of the Password server log file. |
|
dbdefaults |
|
|
database_module |
Database module configuration tag (refer to the one used in dbmodulessection.) |
|
dbmodules |
|
|
db_module_dir |
Directory in which the LDAP plug-in module (kldap) is present. |
|
db_library |
The library name should be set to kldap. |
|
ldap_kdc_dn |
KDC service object DN. |
|
ldap_kadmind_dn |
Administration service object DN. |
|
ldap_kpasswdd_dn |
Password service object DN. |
|
ldap_root_certificate_file |
Path of the trusted root certificate file. |
|
ldap_service_password_file |
Path of the service password stash file. |
|
ldap_servers |
List of LDAP servers. |
|
ldap_conns_per_server |
Number of LDAP connections to be used by KDC, Administration server, or Password server. This parameter value must be set to 2. In this release, the Kerberos servers require two connections and do not use more than two connections at a time. |