logo_kerberos.gif

Difference between revisions of "Krb5.conf"

From K5Wiki
Jump to: navigation, search
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
/tmp/krb5_t.conf<br>
 +
save it in /tmp/krb5.conf<br>
  +
 
<pre>
  
<pre>
 
[libdefaults]
  
[libdefaults]
Line 10: Line 10:
 
admin_server = A.EXAMPLE.ORG
  
admin_server = A.EXAMPLE.ORG
 
default_domain = EXAMPLE.ORG
  
default_domain = EXAMPLE.ORG
kdc = %(localFQDN)s:8888
 +
kdc = localhost.localdomain:8888
 
database_module = LDAP
  
database_module = LDAP
 
}
  
}
Line 29: Line 29:
   
 
[logging]
  
[logging]
kdc = FILE:/tmp/mykdc.log
 +
kdc = FILE:/tmp/kdc_fromkrb.log
default = FILE:/tmp/mykrb5.log
 +
default = FILE:/tmp/krb5.log
admin_server = FILE:/tmp/myadmin.log
 +
admin_server = FILE:/tmp/admin.log
 
</pre>
  
</pre>
   
--------------------------
  
  +
==/tmp/krb5_template.conf==
 
you can save it in /tmp/krb5.conf<br>
  
 
 
<pre>
  
<pre>
 
[libdefaults]
  
[libdefaults]
Line 48: Line 45:
 
admin_server = A.EXAMPLE.ORG
  
admin_server = A.EXAMPLE.ORG
 
default_domain = EXAMPLE.ORG
  
default_domain = EXAMPLE.ORG
kdc = localhost.localdomain:8888
 +
kdc = %(localFQDN)s:8888
 
database_module = LDAP
  
database_module = LDAP
 
}
  
}
Line 67: Line 64:
   
 
[logging]
  
[logging]
kdc = FILE:/tmp/mykdc.log
 +
kdc = FILE:/tmp/kdc_fromkrb.log
default = FILE:/tmp/mykrb5.log
 +
default = FILE:/tmp/krb5.log
admin_server = FILE:/tmp/myadmin.log
 +
admin_server = FILE:/tmp/admin.log
</pre>
  
 
Before I had saved it in /home/haoqili/trunk/src/tests/kdc_realm2/sandbox/krb5.conf
  
 
 
<pre>
  
[libdefaults]
  
default_realm = EXAMPLE.ORG
  
# default_keytab_name = FILE:/home/haoqili/trunk/src/tests/kdc_realm2/sandbox/krb5kdc/krb5.keytab
  
default_tkt_enctypes = des3-hmac-sha1 aes128-cts
  
default_tgs_enctypes = des3-hmac-sha1 aes128-cts
  
 
[realms]
  
# use "kdc = ..." if realm admins haven't put SRV records into DNS
  
EXAMPLE.ORG = {
  
admin_server = A.EXAMPLE.ORG
  
# admin_server = localhost.localdomain:8886
  
# kpasswd_server = localhost.localdomain:8887
  
default_domain = EXAMPLE.ORG
  
kdc = localhost.localdomain:8888
  
database_module = LDAP
  
}
  
[dbdefaults]
  
# database_module = LDAP
  
ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
  
 
[dbmodules]
  
LDAP = {
  
db_library = kldap
  
ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
  
ldap_kdc_dn = cn=admin,dc=example,dc=org
  
ldap_kadmind_dn = cn=admin,dc=example,dc=org
  
ldap_service_password_file = /home/haoqili/trunk/src/tests/kdc_realm2/sandbox/krb5kdc/admin.stash
  
# ldap_service_password_file = /usr/local/var/krb5kdc/admin.stash
  
ldap_servers = ldapi:///
  
}
  
[domain_realm]
  
# hamster-schnappi.mit.edu=EXAMPLE.ORG
  
#h.com= EXAMPLE.ORG
  
#.h.com= EXAMPLE.ORG
  
 
[logging]
  
kdc = FILE:/tmp/mykdc.log
  
default = FILE:/tmp/mykrb5.log
  
admin_server = FILE:/tmp/myadmin.log
  
#kdc = CONSOLE
  
 
</pre>
  
</pre>

Latest revision as of 10:55, 18 August 2009

save it in /tmp/krb5.conf

[libdefaults]
        default_realm = EXAMPLE.ORG
        default_tkt_enctypes = des3-hmac-sha1 aes128-cts
        default_tgs_enctypes = des3-hmac-sha1 aes128-cts

[realms]
        EXAMPLE.ORG = {
                admin_server = A.EXAMPLE.ORG
                default_domain = EXAMPLE.ORG
                kdc = localhost.localdomain:8888
                database_module = LDAP
        }

[dbdefaults]
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"

[dbmodules]
        LDAP = {
        db_library = kldap
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
        ldap_kdc_dn = cn=admin,dc=example,dc=org
        ldap_kadmind_dn = cn=admin,dc=example,dc=org
        ldap_service_password_file = /tmp/krb5kdc/admin.stash
        ldap_servers = ldapi:///
        }
[domain_realm]

[logging]
        kdc = FILE:/tmp/kdc_fromkrb.log
        default = FILE:/tmp/krb5.log
        admin_server = FILE:/tmp/admin.log

/tmp/krb5_template.conf

[libdefaults]
        default_realm = EXAMPLE.ORG
        default_tkt_enctypes = des3-hmac-sha1 aes128-cts
        default_tgs_enctypes = des3-hmac-sha1 aes128-cts

[realms]
        EXAMPLE.ORG = {
                admin_server = A.EXAMPLE.ORG
                default_domain = EXAMPLE.ORG
                kdc = %(localFQDN)s:8888
                database_module = LDAP
        }

[dbdefaults]
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"

[dbmodules]
        LDAP = {
        db_library = kldap
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
        ldap_kdc_dn = cn=admin,dc=example,dc=org
        ldap_kadmind_dn = cn=admin,dc=example,dc=org
        ldap_service_password_file = /tmp/krb5kdc/admin.stash
        ldap_servers = ldapi:///
        }
[domain_realm]

[logging]
        kdc = FILE:/tmp/kdc_fromkrb.log
        default = FILE:/tmp/krb5.log
        admin_server = FILE:/tmp/admin.log
Retrieved from "https://k5wiki.kerberos.org/wiki?title=Krb5.conf&oldid=2118"