logo_kerberos.gif

Difference between revisions of "Krb5.conf"

From K5Wiki
Jump to: navigation, search
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
/tmp/krb5_t.conf<br>
+
save it in /tmp/krb5.conf<br>
  +
 
<pre>
 
<pre>
 
[libdefaults]
 
[libdefaults]
Line 10: Line 10:
 
admin_server = A.EXAMPLE.ORG
 
admin_server = A.EXAMPLE.ORG
 
default_domain = EXAMPLE.ORG
 
default_domain = EXAMPLE.ORG
kdc = %(localFQDN)s:8888
+
kdc = localhost.localdomain:8888
 
database_module = LDAP
 
database_module = LDAP
 
}
 
}
Line 29: Line 29:
   
 
[logging]
 
[logging]
kdc = FILE:/tmp/mykdc.log
+
kdc = FILE:/tmp/kdc_fromkrb.log
default = FILE:/tmp/mykrb5.log
+
default = FILE:/tmp/krb5.log
admin_server = FILE:/tmp/myadmin.log
+
admin_server = FILE:/tmp/admin.log
 
</pre>
 
</pre>
   
--------------------------
 
  +
==/tmp/krb5_template.conf==
 
you can save it in /tmp/krb5.conf<br>
 
 
 
<pre>
 
<pre>
 
[libdefaults]
 
[libdefaults]
Line 48: Line 45:
 
admin_server = A.EXAMPLE.ORG
 
admin_server = A.EXAMPLE.ORG
 
default_domain = EXAMPLE.ORG
 
default_domain = EXAMPLE.ORG
kdc = localhost.localdomain:8888
+
kdc = %(localFQDN)s:8888
 
database_module = LDAP
 
database_module = LDAP
 
}
 
}
Line 67: Line 64:
   
 
[logging]
 
[logging]
kdc = FILE:/tmp/mykdc.log
+
kdc = FILE:/tmp/kdc_fromkrb.log
default = FILE:/tmp/mykrb5.log
+
default = FILE:/tmp/krb5.log
admin_server = FILE:/tmp/myadmin.log
+
admin_server = FILE:/tmp/admin.log
</pre>
 
 
Before I had saved it in /home/haoqili/trunk/src/tests/kdc_realm2/sandbox/krb5.conf
 
 
 
<pre>
 
[libdefaults]
 
default_realm = EXAMPLE.ORG
 
# default_keytab_name = FILE:/home/haoqili/trunk/src/tests/kdc_realm2/sandbox/krb5kdc/krb5.keytab
 
default_tkt_enctypes = des3-hmac-sha1 aes128-cts
 
default_tgs_enctypes = des3-hmac-sha1 aes128-cts
 
 
[realms]
 
# use "kdc = ..." if realm admins haven't put SRV records into DNS
 
EXAMPLE.ORG = {
 
admin_server = A.EXAMPLE.ORG
 
# admin_server = localhost.localdomain:8886
 
# kpasswd_server = localhost.localdomain:8887
 
default_domain = EXAMPLE.ORG
 
kdc = localhost.localdomain:8888
 
database_module = LDAP
 
}
 
[dbdefaults]
 
# database_module = LDAP
 
ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
 
 
[dbmodules]
 
LDAP = {
 
db_library = kldap
 
ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
 
ldap_kdc_dn = cn=admin,dc=example,dc=org
 
ldap_kadmind_dn = cn=admin,dc=example,dc=org
 
ldap_service_password_file = /home/haoqili/trunk/src/tests/kdc_realm2/sandbox/krb5kdc/admin.stash
 
# ldap_service_password_file = /usr/local/var/krb5kdc/admin.stash
 
ldap_servers = ldapi:///
 
}
 
[domain_realm]
 
# hamster-schnappi.mit.edu=EXAMPLE.ORG
 
#h.com= EXAMPLE.ORG
 
#.h.com= EXAMPLE.ORG
 
 
[logging]
 
kdc = FILE:/tmp/mykdc.log
 
default = FILE:/tmp/mykrb5.log
 
admin_server = FILE:/tmp/myadmin.log
 
#kdc = CONSOLE
 
 
</pre>
 
</pre>

Latest revision as of 10:55, 18 August 2009

save it in /tmp/krb5.conf

[libdefaults]
        default_realm = EXAMPLE.ORG
        default_tkt_enctypes = des3-hmac-sha1 aes128-cts
        default_tgs_enctypes = des3-hmac-sha1 aes128-cts

[realms]
        EXAMPLE.ORG = {
                admin_server = A.EXAMPLE.ORG
                default_domain = EXAMPLE.ORG
                kdc = localhost.localdomain:8888
                database_module = LDAP
        }

[dbdefaults]
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"

[dbmodules]
        LDAP = {
        db_library = kldap
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
        ldap_kdc_dn = cn=admin,dc=example,dc=org
        ldap_kadmind_dn = cn=admin,dc=example,dc=org
        ldap_service_password_file = /tmp/krb5kdc/admin.stash
        ldap_servers = ldapi:///
        }
[domain_realm]

[logging]
        kdc = FILE:/tmp/kdc_fromkrb.log
        default = FILE:/tmp/krb5.log
        admin_server = FILE:/tmp/admin.log

/tmp/krb5_template.conf

[libdefaults]
        default_realm = EXAMPLE.ORG
        default_tkt_enctypes = des3-hmac-sha1 aes128-cts
        default_tgs_enctypes = des3-hmac-sha1 aes128-cts

[realms]
        EXAMPLE.ORG = {
                admin_server = A.EXAMPLE.ORG
                default_domain = EXAMPLE.ORG
                kdc = %(localFQDN)s:8888
                database_module = LDAP
        }

[dbdefaults]
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"

[dbmodules]
        LDAP = {
        db_library = kldap
        ldap_kerberos_container_dn = "cn=krbContainer,dc=example,dc=org"
        ldap_kdc_dn = cn=admin,dc=example,dc=org
        ldap_kadmind_dn = cn=admin,dc=example,dc=org
        ldap_service_password_file = /tmp/krb5kdc/admin.stash
        ldap_servers = ldapi:///
        }
[domain_realm]

[logging]
        kdc = FILE:/tmp/kdc_fromkrb.log
        default = FILE:/tmp/krb5.log
        admin_server = FILE:/tmp/admin.log