blob: 9d430af9cc11235cc332a564205fbd0652e62441 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
# $OpenBSD: krb5.conf.example,v 1.5 2003/08/22 13:46:10 hin Exp $
#
# Example Kerberos 5 configuration file. You may need to change the defaults
# in this file to match your environment.
#
# See krb5.conf(5) and the heimdal infopage for more information.
#
# Normally, the realm should be your DNS domain name with uppercase
# letters. In this example file, we've written the realm as MY.REALM
# and the domain as my.domain to make it clear what we refer to.
#
# Normally, it is not necessary to do any changes on client-only
# machines, as it's recommended that the information needed is put
# in DNS.
# On server machines, it is not strictly necessary, but it is recommended
# to have local configuration.
#
[libdefaults]
# Set the realm of this host here
default_realm = MY.REALM
# Maximum allowed time difference between KDC and this host
clockskew = 300
# Uncomment this if you run NAT on the client side of kauth.
# This may be considered a security issue though.
# no-addresses = yes
[realms]
MY.REALM = {
# Specify KDC here
kdc = kerberos.my.domain
# Administration server, used for creating users etc.
admin_server = kerberos.my.domain
}
# Example of a "foreign" realm
OTHER.REALM = {
kdc = kerberos.other.domain
default_domain = other.domain
v4_domains = other.domain
}
# This sections describes how to figure out a realm given a DNS name
[domain_realm]
.my.domain = MY.REALM
[kadmin]
# This is the trickiest part of a Kerberos installation. See the
# heimdal infopage for more information about encryption types.
# For a k5 only realm, this will be fine
# default_keys = v5
[logging]
# The KDC logs by default, but it's nice to have a kadmind log as well.
kadmind = FILE:/var/heimdal/kadmind.log
|
