Next: , Previous: Setting up a realm, Up: Setting up a realm


4.1 Configuration file

To setup a realm you will first have to create a configuration file: /etc/krb5.conf. The krb5.conf file can contain many configuration options, some of which are described here.

There is a sample krb5.conf supplied with the distribution.

The configuration file is a hierarchical structure consisting of sections, each containing a list of bindings (either variable assignments or subsections). A section starts with `[`section-name']'. A binding consists of a left hand side, an equal sign (`=') and a right hand side (the left hand side tag must be separated from the equal sign with some whitespace). Subsections have a `{' as the first non-whitespace character after the equal sign. All other bindings are treated as variable assignments. The value of a variable extends to the end of the line.

     [section1]
             a-subsection = {
                     var = value1
                     other-var = value with {}
                     sub-sub-section = {
                             var = 123
                     }
             }
             var = some other value
     [section2]
             var = yet another value

In this manual, names of sections and bindings will be given as strings separated by slashes (`/'). The `other-var' variable will thus be `section1/a-subsection/other-var'.

For in-depth information about the contents of the configuration file, refer to the krb5.conf manual page. Some of the more important sections are briefly described here.

The `libdefaults' section contains a list of library configuration parameters, such as the default realm and the timeout for KDC responses. The `realms' section contains information about specific realms, such as where they hide their KDC. This section serves the same purpose as the Kerberos 4 krb.conf file, but can contain more information. Finally the `domain_realm' section contains a list of mappings from domains to realms, equivalent to the Kerberos 4 krb.realms file.

To continue with the realm setup, you will have to create a configuration file, with contents similar to the following.

     [libdefaults]
             default_realm = MY.REALM
     [realms]
             MY.REALM = {
                     kdc = my.kdc my.slave.kdc
                     kdc = my.third.kdc
                     kdc = 130.237.237.17
                     kdc = [2001:6b0:1:ea::100]:88
             }
     [domain_realm]
             .my.domain = MY.REALM
     

If you use a realm name equal to your domain name, you can omit the `libdefaults', and `domain_realm', sections. If you have a DNS SRV-record for your realm, or your Kerberos server has DNS CNAME `kerberos.my.realm', you can omit the `realms' section too.

If you want to use a different configuration file then the default you can point a file with the enviroment variable `KRB5_CONFIG'.

     env KRB5_CONFIG=$HOME/etc/krb5.conf kinit user@REALM