# $OpenBSD: krb5.conf.example,v 1.6 2005/02/07 06:08:10 david Exp $ # # Example Kerberos 5 configuration file. You may need to change the defaults # in this file to match your environment. # # See krb5.conf(5) and the heimdal infopage for more information. # # Normally, the realm should be your DNS domain name with uppercase # letters. In this example file, we've written the realm as MY.REALM # and the domain as my.domain to make it clear what we refer to. # # Normally, it is not necessary to do any changes on client-only # machines, as it's recommended that the information needed is put # in DNS. # On server machines, it is not strictly necessary, but it is recommended # to have local configuration. # [libdefaults] # Set the realm of this host here default_realm = MY.REALM # Maximum allowed time difference between KDC and this host clockskew = 300 # Uncomment this if you run NAT on the client side of kauth. # This may be considered a security issue though. # no-addresses = yes [realms] MY.REALM = { # Specify KDC here kdc = kerberos.my.domain # Administration server, used for creating users etc. admin_server = kerberos.my.domain } # Example of a "foreign" realm OTHER.REALM = { kdc = kerberos.other.domain default_domain = other.domain v4_domains = other.domain } # This sections describes how to figure out a realm given a DNS name [domain_realm] .my.domain = MY.REALM [kadmin] # This is the trickiest part of a Kerberos installation. See the # heimdal infopage for more information about encryption types. # For a k5 only realm, this will be fine # default_keys = v5 [logging] # The KDC logs by default, but it's nice to have a kadmind log as well. kadmind = FILE:/var/heimdal/kadmind.log