System Administration Guide: Security Services

Kerberos Files

Table 27–1 Kerberos Files

File Name 

Description 

~/.gkadmin

Default values for creating new principals in the SEAM Administration Tool

~/.k5login

List of principals that grant access to a Kerberos account

/etc/krb5/kadm5.acl

Kerberos access control list file, which includes principal names of KDC administrators and their Kerberos administration privileges

/etc/krb5/kadm5.keytab

Obsolete: This file was removed in the Solaris Express Community Edition, build 102 release.

/etc/krb5/kdc.conf

KDC configuration file

/etc/krb5/kpropd.acl

Kerberos database propagation configuration file

/etc/krb5/krb5.conf

Kerberos realm configuration file

/etc/krb5/krb5.keytab

Keytab file for network application servers

/etc/krb5/warn.conf

Kerberos ticket expiration warning and automatic renewal configuration file

/etc/pam.conf

PAM configuration file

/tmp/krb5cc_uid

Default credentials cache, where uid is the decimal UID of the user

/tmp/ovsec_adm.xxxxxx

Temporary credentials cache for the lifetime of the password changing operation, where xxxxxx is a random string

/var/krb5/.k5.REALM

KDC stash file, which contains a copy of the KDC master key

/var/krb5/kadmin.log

Log file for kadmind

/var/krb5/kdc.log

Log file for the KDC

/var/krb5/principal

Kerberos principal database

/var/krb5/principal.kadm5

Kerberos administrative database, which contains policy information

/var/krb5/principal.kadm5.lock

Kerberos administrative database lock file

/var/krb5/principal.ok

Kerberos principal database initialization file that is created when the Kerberos database is initialized successfully

/var/krb5/principal.ulog

Kerberos update log, which contains updates for incremental propagation

/var/krb5/slave_datatrans

Backup file of the KDC that the kprop_script script uses for propagation

/var/krb5/slave_datatrans_slave

Temporary dump file that is created when full updates are made to the specified slave