diff options
| author | Hans Insulander <hin@cvs.openbsd.org> | 2001-09-20 22:17:02 +0000 |
|---|---|---|
| committer | Hans Insulander <hin@cvs.openbsd.org> | 2001-09-20 22:17:02 +0000 |
| commit | d6104ea51df5acecfb823b3ee03ac565dda59756 (patch) | |
| tree | ae3f8a477e8a1e2359868c85f49acbe1bd97cfb4 | |
| parent | 6e3901a2a881da516e199475ac583423ed03241b (diff) | |
Example kerberos 5 config file. Based on what works for me.
| -rw-r--r-- | etc/kerberosV/krb5.conf.example | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/etc/kerberosV/krb5.conf.example b/etc/kerberosV/krb5.conf.example new file mode 100644 index 00000000000..3c09b9e14cf --- /dev/null +++ b/etc/kerberosV/krb5.conf.example @@ -0,0 +1,74 @@ +# $OpenBSD: krb5.conf.example,v 1.1 2001/09/20 22:17:01 hin Exp $ +# +# Example Kerberos 5 configuration file. You need to change the defaults +# in this file to match your environment. +# +# See krb5.conf(5) and the heimdal infopage for more information. +# +# Normally, the realm should be your DNS domain name with uppercase +# letters. In this example file, we've written the realm as MY.REALM +# and the domain as my.domain to make it clear what we refer to. + +[libdefaults] + # Set the realm of this host here + default_realm = MY.REALM + + # Maximum allowed time difference between KDC and this host + clockskew = 300 + + # Use DNS to convert Kerberos 4 host instances + v4_instance_resolve = yes + + # Get Kerberos 4 tickets in kauth, login et al. + krb4_get_tickets = yes + + +[realms] + HIN.NU = { + # Specify KDC here + kdc = kerberos.my.domain + + # If you use Kerberos 4 compatibility, you probably want this. + v4_name_convert = { + host = { + rcmd = host + ftp = ftp + pop = pop + } + } + + # Use this/these DNS domains when trying to convert + # Kerberos 4 principals + default_domain = my.domain + v4_domains = my.domain + } + + # Example of a "foreign" realm + OTHER.REALM = { + kdc = kerberos.other.domain + default_domain = other.domain + v4_domains = other.domain + } + +# This sections describes how to figure out a realm given a DNS name +[domain_realm] + .my.domain = MY.REALM + + +[kadmin] + # This is the trickiest part of a Kerberos installation. See the + # heimdal infopage for more information about encryption types. + + # For a k5 only realm, this will be fine +# default_keys = v5 + + # For a k5 realm with k4 compatibilty, you probably want this +# default_keys = v5 v4 + + # For a k5 realm with k4 nodes and AFS, this should work. + # Remember to set your cell name here - used for salting the password +# default_keys = v5 v4 des:afs3-salt:hin.nu + +[logging] + # The KDC logs by default, but i like to have a kadmin log as well. + kadmind = FILE:/var/heimdal/kadmind.log |