logo_kerberos.gif

Krb5.conf

From K5Wiki
Jump to: navigation, search

save it in /tmp/krb5.conf

[libdefaults]
        default_realm = EXAMPLE.ORG
        default_tkt_enctypes = des3-hmac-sha1 aes128-cts
        default_tgs_enctypes = des3-hmac-sha1 aes128-cts

[realms]
        EXAMPLE.ORG = {
                admin_server = A.EXAMPLE.ORG
                default_domain = EXAMPLE.ORG
                kdc = localhost.localdomain:8888
                database_module = LDAP
        }

[dbdefaults]
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"

[dbmodules]
        LDAP = {
        db_library = kldap
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
        ldap_kdc_dn = cn=admin,dc=example,dc=org
        ldap_kadmind_dn = cn=admin,dc=example,dc=org
        ldap_service_password_file = /tmp/krb5kdc/admin.stash
        ldap_servers = ldapi:///
        }
[domain_realm]

[logging]
        kdc = FILE:/tmp/kdc_fromkrb.log
        default = FILE:/tmp/krb5.log
        admin_server = FILE:/tmp/admin.log

/tmp/krb5_template.conf

[libdefaults]
        default_realm = EXAMPLE.ORG
        default_tkt_enctypes = des3-hmac-sha1 aes128-cts
        default_tgs_enctypes = des3-hmac-sha1 aes128-cts

[realms]
        EXAMPLE.ORG = {
                admin_server = A.EXAMPLE.ORG
                default_domain = EXAMPLE.ORG
                kdc = %(localFQDN)s:8888
                database_module = LDAP
        }

[dbdefaults]
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"

[dbmodules]
        LDAP = {
        db_library = kldap
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
        ldap_kdc_dn = cn=admin,dc=example,dc=org
        ldap_kadmind_dn = cn=admin,dc=example,dc=org
        ldap_service_password_file = /tmp/krb5kdc/admin.stash
        ldap_servers = ldapi:///
        }
[domain_realm]

[logging]
        kdc = FILE:/tmp/kdc_fromkrb.log
        default = FILE:/tmp/krb5.log
        admin_server = FILE:/tmp/admin.log