From de60e04e6528cfbfcacf19b9de5f0c213dec0f0e Mon Sep 17 00:00:00 2001 From: hin <> Date: Thu, 20 Sep 2001 22:17:01 +0000 Subject: [PATCH] Example kerberos 5 config file. Based on what works for me. --- src/etc/kerberosV/krb5.conf.example | 74 +++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 src/etc/kerberosV/krb5.conf.example diff --git a/src/etc/kerberosV/krb5.conf.example b/src/etc/kerberosV/krb5.conf.example new file mode 100644 index 00000000..3c09b9e1 --- /dev/null +++ b/src/etc/kerberosV/krb5.conf.example @@ -0,0 +1,74 @@ +# $OpenBSD: krb5.conf.example,v 1.1 2001/09/20 22:17:01 hin Exp $ +# +# Example Kerberos 5 configuration file. You need to change the defaults +# in this file to match your environment. +# +# See krb5.conf(5) and the heimdal infopage for more information. +# +# Normally, the realm should be your DNS domain name with uppercase +# letters. In this example file, we've written the realm as MY.REALM +# and the domain as my.domain to make it clear what we refer to. + +[libdefaults] + # Set the realm of this host here + default_realm = MY.REALM + + # Maximum allowed time difference between KDC and this host + clockskew = 300 + + # Use DNS to convert Kerberos 4 host instances + v4_instance_resolve = yes + + # Get Kerberos 4 tickets in kauth, login et al. + krb4_get_tickets = yes + + +[realms] + HIN.NU = { + # Specify KDC here + kdc = kerberos.my.domain + + # If you use Kerberos 4 compatibility, you probably want this. + v4_name_convert = { + host = { + rcmd = host + ftp = ftp + pop = pop + } + } + + # Use this/these DNS domains when trying to convert + # Kerberos 4 principals + default_domain = my.domain + v4_domains = my.domain + } + + # Example of a "foreign" realm + OTHER.REALM = { + kdc = kerberos.other.domain + default_domain = other.domain + v4_domains = other.domain + } + +# This sections describes how to figure out a realm given a DNS name +[domain_realm] + .my.domain = MY.REALM + + +[kadmin] + # This is the trickiest part of a Kerberos installation. See the + # heimdal infopage for more information about encryption types. + + # For a k5 only realm, this will be fine +# default_keys = v5 + + # For a k5 realm with k4 compatibilty, you probably want this +# default_keys = v5 v4 + + # For a k5 realm with k4 nodes and AFS, this should work. + # Remember to set your cell name here - used for salting the password +# default_keys = v5 v4 des:afs3-salt:hin.nu + +[logging] + # The KDC logs by default, but i like to have a kadmin log as well. + kadmind = FILE:/var/heimdal/kadmind.log