krb5.conf

The krb5.conf file specifies the defaults for the REALM and for the Kerberos applications, mappings of the hostnames onto Kerberos REALMs, and the location of KDCs for Kerberos REALMs. We recommend that you copy the krb5.conf.sample file from /var/adm/krb5/krb5kdc to krb5.conf file in the /etc directory. Application clients depend on the configuration file /etc/krb5.conf to locate the REALM's KDC.

You can override the default location by setting the environment variable 'KRB5_CONFIG'.

The syntax to set the environment variable is as follows:

export KRB5_CONFIG=<PATH>

The krb5.conf file is setup in the INI file style. The sections is headed by the section name, in square brackets, [ ]. The sections in the krb5.conf file are:

Each section may contain zero or more relations.

The [libdefaults] section of the krb5.conf file specifies various parameters for the Kerberos library and the general Kerberos defaults.

[libdefaults]
default_realm = <realm name>
default_tkt_enctypes = DES-CBC-CRC
default_tgs_enctypes = DES-CBC-CRC

The [realms] section of the krb5.conf file specifies the location of the KDC server and the Kerberos admin server, kadmind, that manages the administration interface to KDC.

The default ports used by Kerberos are: port 88 for the KDC, port 749 for the kadmind service, and port 464 for kpasswd. You can optionally choose to run on other ports, as long as the ports are specified in each host's /etc/services, krb5.conf files, and in the KDC's kdc.conf file.