All Kerberos clients, including the Java Krb5LoginModule, require OS client configuration. Luckily this is pretty easy to do but Unfortunately, this is platform specific. This HOWTO covers OS configurations configuration of the Kerberos client subystem of clients on various operating systems.
*NIX /etc/krb5.conf Configuration
On most UNIX platforms Kerberos clients look for the krb5.conf file located in the /etc directory of the host. This file contains configuration settings for both servers and clients however we're only concerned with the client configuration aspect.
...
| Wiki Markup |
|---|
The last section that we're concerned with is the \[domain_realm\] section. Here we map the DNS domain name to the Kerberos realm name. Note that the first line has a '.' in front of the domain name. You must also add a dot and substitute the search domain for the kdc and the kpasswd_server. |
Windows krb5.ini Configuration
Windows uses the same exact file format as does *NIX platforms (meaning syntax) except the name of the file is different and the file paths inside are Windows file paths. Other than this you can use the same information above for configuring Windows Kerberos client settings.
| Note |
|---|
Even though different Windows versions have different system directories (i.e. C:\Windows or C:\WINNT) the krb5.ini file is always expected to be present within the C:\WINNT directory even if there exists a C:\Windows directory and no WINNT directory. If the C:\WINNT directory does not exist just create it and add this file. |
MacOSX Kerberos Configuration
The Kerberos configuration on MacOSX is stored in a plist configuration file named edu.mit.Kerberos.KerberosLogin.plist. It contains imilar settings as the krb5.conf file however it is located in specific places. More details on how to configure MacOSX for Kerberos consult the following page:
...