...
Code Block |
---|
10.0.0.2 kdc.example.com |
In the \ [libdefaults] section the most important parameter to configure is the default_realm.unmigrated-wiki-markup Wiki Markup
In the \ [realms\] section you want to configure the EXAMPLE.COM realm. Remember case makes a difference and realm names need to be in all uppercase. In this section you can configure the server and port for the KDC. Apache Directory is the KDC and Kerberos by default runs on port 88.
In the \ [domain_realm\] section we map the DNS domain name to the Kerberos realm name. Note that the first line has a '.' in front of the domain name. Wiki Markup
Below is a minimal example krb5.conf configuration file from a Linux workstation setup for the EXAMPLE.COM realm:
...
Slightly more advanced configuration
...
The \ [realms] section here demonstrates a few configuration options. First, you can adjust the service ports to connect to. Second, you can configure a *kpasswd_server*. This is for the Change Password protocol service which also runs on Apache Directory. The default port for the Change Password protocol is 464. The last parameter in this section is the *default_domain*. This is the DNS domain name to use to locate the *kdc* and the *kpasswd_server* if they cannot be resolved by the non-qualified host name specified.
No Format |
---|
[libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { kdc = kdc.example.com:88 kpasswd_server = kdc.example.com:464 default_domain = example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM |
...