Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide

All Machines: Edit the Kerberos Client Configuration File

The /etc/krb5/krb5.conf configuration file provides information that Kerberos clients require in order to communicate with the KDC.

Edit the /etc/krb5/krb5.conf configuration file on the KDC machine, the Directory Server machine, and any client machines that will authenticate to the Directory Server using Kerberos.

The updated /etc/krb5/krb5.conf configuration file should look like the contents of the following example.

Example 6–1 Edited Kerberos Client Configuration File /etc/krb5/krb5.conf

#pragma ident   "@(#)krb5.conf  1.2     99/07/20 SMI"
# Copyright (c) 1999, by Sun Microsystems, Inc.
# All rights reserved.
# krb5.conf template
# In order to complete this configuration file
# you will need to replace the __<name\>__ placeholders
# with appropriate values for your network.

        default_realm = EXAMPLE.COM
        EXAMPLE.COM = {
                kdc =
                admin_server =
[domain_realm] = EXAMPLE.COM
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
        kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.
                period = 1d

# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
                versions = 10

        kinit = {
                renewable = true
                forwardable= true
        gkadmin = {
                help_url =