The sample
kdc.conf file named kdc.conf.sample is available in the /var/adm/krb5/krb5kdc directory. Copy this sample file to kdc.conf file and modify it to reflect your realm name
for your realm.
 |
| |
|
 | NOTE: The realm names are case sensitive. |
|
| |
|
Replace the underlined Your_Realm_Name and
hostname.subdomain.domain.com with the name of your Kerberos REALM and
hostname. The other fields contain the default values, which you
could change according to your needs.
[kdcdefaults]
kdc_ports = 88, 750 |
[realms]
Your_Realm_Name = {
database_name = /var/adm/krb5/krb5kdc/kadm/principal
admin_keytab = /var/adm/krb5/krb5kdc/kadm5.keytab
acl_file = /var/adm/krb5/krb5kdc/kadm5.acl
dict_file = /var/adm/krb5/krb5kdc/kadm5.dict
key_stash_file = /var/adm/krb5/krb5kdc/.k5.Your_Realm_Name
kadmin_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0s
master_key_type = des-cbc-crc
supported_encytpes = des-cbc-crc:normal
}
|
The first section, [kdcdefaults], contains information of the port numbers on which the
KDC listens for requests. By default, the Kerberos V5 server listens
to requests on port 88 and on port 750.
If you want the KDC to use a different port to listen for
requests, your first section in this configuration file should look
like this:
[kdcdefaults]
kdc_ports = 1234 |
The second section, [realms], contains information on the realms administered by the
KDC. The information for this realm includes the port on which the
administration server listens and attributes tickets and encryption
types. Most of the information here have the defaults values. But
if, for instance, you want to modify the maximum life of a ticket,
you would write the stanza as follows:
[realms]
Your_Realm_Name = {
max_life = 18h 5m 5s
} |
This would set the maximum life of a ticket to 18 hours 5
minutes and 5 seconds.
Printable version
