summaryrefslogtreecommitdiff
path: root/etc/kerberosV/krb5.conf.example
blob: c496e8b546c14bd540d749703cd6491492ea86f3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# $OpenBSD: krb5.conf.example,v 1.3 2002/06/09 06:15:15 todd Exp $
#
# Example Kerberos 5 configuration file. You need to change the defaults
# in this file to match your environment.
#
# See krb5.conf(5) and the heimdal infopage for more information.
#
# Normally, the realm should be your DNS domain name with uppercase
# letters. In this example file, we've written the realm as MY.REALM
# and the domain as my.domain to make it clear what we refer to.

[libdefaults]
	# Set the realm of this host here
        default_realm = MY.REALM

	# Maximum allowed time difference between KDC and this host
	clockskew = 300

	# Use DNS to convert Kerberos 4 host instances
	v4_instance_resolve = yes

	# Get Kerberos 4 tickets in kauth, login et al.
	krb4_get_tickets = yes

	# Uncomment this if you run NAT on the client side of kauth.
	# This may be considered a security issue though.
	# no-addresses = yes

[realms]
	MY.REALM = {
		# Specify KDC here
		kdc = kerberos.my.domain

		# If you use Kerberos 4 compatibility, you probably want this.
		v4_name_convert = {
			host = {
				rcmd = host
				ftp = ftp
				pop = pop
			}
		}

		# Use this/these DNS domains when trying to convert
		# Kerberos 4 principals
		default_domain = my.domain
		v4_domains = my.domain
	}

	# Example of a "foreign" realm
	OTHER.REALM = {
		kdc = kerberos.other.domain
		default_domain = other.domain
		v4_domains = other.domain
	}

# This sections describes how to figure out a realm given a DNS name
[domain_realm]
	.my.domain = MY.REALM


[kadmin]
	# This is the trickiest part of a Kerberos installation. See the
	# heimdal infopage for more information about encryption types.

	# For a k5 only realm, this will be fine
#	default_keys = v5

	# For a k5 realm with k4 compatibilty, you probably want this
#	default_keys = v5 v4

	# For a k5 realm with k4 nodes and AFS, this should work.
	# Remember to set your cell name here - used for salting the password
#	default_keys = v5 v4 des:afs3-salt:my.afs.cell

[logging]
	# The KDC logs by default, but it's nice to have a kadmind log as well.
	kadmind = FILE:/var/heimdal/kadmind.log