# $OpenBSD: krb5.conf.example,v 1.3 2002/06/09 06:15:15 todd Exp $ # # Example Kerberos 5 configuration file. You need to change the defaults # in this file to match your environment. # # See krb5.conf(5) and the heimdal infopage for more information. # # Normally, the realm should be your DNS domain name with uppercase # letters. In this example file, we've written the realm as MY.REALM # and the domain as my.domain to make it clear what we refer to. [libdefaults] # Set the realm of this host here default_realm = MY.REALM # Maximum allowed time difference between KDC and this host clockskew = 300 # Use DNS to convert Kerberos 4 host instances v4_instance_resolve = yes # Get Kerberos 4 tickets in kauth, login et al. krb4_get_tickets = yes # Uncomment this if you run NAT on the client side of kauth. # This may be considered a security issue though. # no-addresses = yes [realms] MY.REALM = { # Specify KDC here kdc = kerberos.my.domain # If you use Kerberos 4 compatibility, you probably want this. v4_name_convert = { host = { rcmd = host ftp = ftp pop = pop } } # Use this/these DNS domains when trying to convert # Kerberos 4 principals default_domain = my.domain v4_domains = my.domain } # Example of a "foreign" realm OTHER.REALM = { kdc = kerberos.other.domain default_domain = other.domain v4_domains = other.domain } # This sections describes how to figure out a realm given a DNS name [domain_realm] .my.domain = MY.REALM [kadmin] # This is the trickiest part of a Kerberos installation. See the # heimdal infopage for more information about encryption types. # For a k5 only realm, this will be fine # default_keys = v5 # For a k5 realm with k4 compatibilty, you probably want this # default_keys = v5 v4 # For a k5 realm with k4 nodes and AFS, this should work. # Remember to set your cell name here - used for salting the password # default_keys = v5 v4 des:afs3-salt:my.afs.cell [logging] # The KDC logs by default, but it's nice to have a kadmind log as well. kadmind = FILE:/var/heimdal/kadmind.log