krb.realms(4)krb.realms(4)NAMEkrb.realms - Contains configuration information that associates host
names with realm names
SYNOPSIS
/krb5/krb.realms
DESCRIPTION
The /krb5/krb.realms file is a text file that associates host names
with their realm names. Secured applications use the krb.realms file to
determine the realm from which to request a ticket to gain access to a
service.
NOTES
By default, the Tru64 UNIX operating system assumes the uppercase
equivalent of the host's domain is its realm name. Thus, if your realm
names are the uppercase equivalents of your domain names, you do not
need to configure and maintain a krb.realms file.
Wildcards are special characters in the krb.realms file that use one
entry to map multiple hosts to a single realm. When secured applica‐
tions search the krb.realms file, they check for a matching host name,
then a matching domain name. If they do not find a match, they check
for a wildcard match.
There are two permitted wildcard characters: Use an asterisk (*) with a
domain name to specify all hosts that have that domain root name. For
example, *.biz.com specifies all hosts in all domains ending in
biz.com, such as footwear.exec.biz.com. Use a question mark (?) in the
first field with a host or domain name to specify any letter. For exam‐
ple, ???footwear.biz.com identifies any host in the biz.com domain that
has a name with any three letters preceding footwear, such as big‐
footwear.biz.com.
If no associated entry applies or the file does not exist, the host's
realm name is considered to be the host's domain name converted to the
uppercase letter equivalent.
Multiple entries can be added to the file to identify various conver‐
sions from host names to realm names. The order of the entries is not
important.
To create comments, use the number sign (#). Any characters after a
number sign are ignored to the end of the line. Blank lines and any
leading or trailing white space on a line are also ignored.
Each entry in the krb.realms file must be on a separate line and
requires the following two fields, separated by a space or a tab: The
first field is the host name. You can use a domain name to associate
each host in a domain with the same realm name. When you specify a
domain name, precede the name with a period. The second field is the
associated realm name. By convention, realm names are in uppercase let‐
ters to distinguish them visually from domain names. Realm names are
case sensitive; you must type the correct case for the realm name if
your site does not follow the uppercase convention.
EXAMPLES
The following is an example of a krb.realms file:
footwear.biz.com SERIOUS.BIZ.COM #map host directly .admin.biz.com
ADMIN.BIZ.COM #all hosts in domain *.biz.com BIZ.COM #all other hosts
The entries in this krb.realms file achieve the following: Line one as‐
sociates the host footwear.biz.com with the SERIOUS.BIZ.COM realm.
Line two associates all hosts in the admin.biz.com domain with the
ADMIN.BIZ.COM realm. The preceding period identifies the first field as
a domain name rather than a host name. Typically, this line is not
required because the realm name is the uppercase letter equivalent of
the domain name. However, in this example, it is required to prevent
the third line from associating the hosts in the admin.biz.com domain
to the BIZ.COM realm. Line three associates all other hosts in other
domains with the root name biz.com to the BIZ.COM realm. For example,
hosts in sales.biz.com and support.teams.biz.com domains are mapped to
the realm BIZ.COM.
SEE ALSO
Files: krb.conf(4)krb.realms(4)