krb.conf man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

krb.conf(4)							   krb.conf(4)

NAME
       krb.conf	 -  Contains  configuration  information  that	describes  the
       default realm of the host,  the	administration	server,	 and  Kerberos
       servers for known realms

SYNOPSIS
       /krb5/krb.conf

DESCRIPTION
       The  /krb5/krb.conf  file  is  a	 text file that contains configuration
       information that describes the default realm of the host, the  adminis‐
       tration	server,	 and  Kerberos	servers for known realms. It lists the
       host computer's default realm and maps known realms  to	their  primary
       and secondary Kerberos servers by host name and network location.

NOTES
       For  inter-realm	 authentication,  you  must add an entry that maps the
       foreign realm to its host Kerberos server.

       If you can configure  your  Kerberos  server  system  names  using  the
       default naming conventions (that is, the ordering convention or the DNS
       rotary convention), you	do  not	 need  to  configure  and  maintain  a
       krb.conf file.

       If  the	krb.conf file is not found, is blank, or does not list a valid
       default realm, the Tru64 UNIX  operating	 system	 converts  the	host's
       domain  name  to	 upper-case letters and uses that as the default realm
       name. If the server information is missing from the configuration file,
       the  Tru64 UNIX operating system attempts to locate the server when the
       default naming conventions are in place.

       The order of entries in the krb.conf file is important because the file
       is  used	 to identify the intended order of redundant Kerberos servers.
       Applications that use the file read the entries one at a	 time  in  the
       entry  order when attempting to connect to a Kerberos server. Redundant
       Kerberos servers are used when another Kerberos server  is  unavailable
       or  a network timeout has occurred (for example, during the authentica‐
       tion sequence when the network connection between the client and a Ker‐
       beros server is interrupted.)

       To  create  comments,  use  the number sign (#). Any characters after a
       number sign (#) are ignored to the end of line.	Blank  lines  and  any
       leading or trailing white space on a line are also ignored.

       The first line of a krb.conf file is the host computer's default realm.
       This is followed by a line that identifies the primary Kerberos server,
       another	line  that identifies the secondary Kerberos server, and addi‐
       tional lines that identify realms where inter-realm  authentication  is
       performed.

       Entries for the primary and secondary Kerberos servers have the follow‐
       ing fields, where each field on a line must be separated by a space  or
       a  tab:	The  first field is the realm name. By convention, realm names
       are in uppercase letters	 to  distinguish  them	visually  from	domain
       names.  Realm  names are case sensitive; you must type the correct case
       for the realm name if your site does not follow the  uppercase  conven‐
       tion.   The  second  field is the fully qualified domain name (FQDN) of
       the host Kerberos server for that realm.	 The remaining	field  can  be
       used  to	 specify  the keywords in the following table to configure the
       host as a primary Kerberos server or to support TCP.

	      ────────────────────────────────────────────────────────────────
	      Keyword	     Description
	      ────────────────────────────────────────────────────────────────
	      admin server   Specifies that the server is a primary  Kerberos
			     server  for  the realm. (Do not use this keyword
			     if the server is a secondary server.)

	      tcp/port#	     Specifies that TCP is the communication protocol
			     between  servers.	UDP is the default communica‐
			     tion protocol and does not need to be specified.

			     If you specify TCP, you can specify the port  to
			     use  to communicate with the Kerberos server. To
			     specify a port value, use a numeric value	or  a
			     service  name  listed  in /etc/services, such as
			     tcp/88 or tcp/kerberos5.
	      ────────────────────────────────────────────────────────────────

EXAMPLES
       The following is an example, of a krb.conf file:

       BIZ.COM BIZ.COM	shoe.biz.com  admin  server  BIZ.COM  sneakers.biz.com
       BIZ.COM	boot.biz.com  FOOTWEAR.BIZ.COM	leather.footwear.biz.com admin
       server BABYSHOE.BIZ.COM infant.babyshoe.biz.com admin server

       The entries in this krb.conf file are the names of the following realms
       and  servers:  Line  one identifies BIZ.COM as the default realm.  Line
       two identifies shoe.biz.com the primary Kerberos server.	  Lines	 three
       and  four  identify  sneakers.biz.com and boot.biz.com as the secondary
       Kerberos servers.  Lines five and  six  identify	 FOOTWEAR.BIZ.COM  and
       BABYSHOE.BIZ.COM	 as  realms  where  inter-realm authentication is per‐
       formed.

SEE ALSO
       Files: krb.realms(4)

								   krb.conf(4)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net