All Machines: Edit the Kerberos Client Configuration File
The /etc/krb5/krb5.conf configuration file provides information that Kerberos clients require in order to communicate with the KDC.
Edit the /etc/krb5/krb5.conf configuration file on the KDC machine, the Directory Server machine, and any client machines that will authenticate to the Directory Server using Kerberos.
-
Replace every occurrence of "___default_realm___" with "EXAMPLE.COM".
-
Replace every occurrence of "___master_kdc___" with "kdc.example.com".
-
Remove the line that contains "___slave_kdcs___" as there will be only a single Kerberos server.
-
Replace "___domain_mapping___" with ".example.com = EXAMPLE.COM" (note the initial period in .example.com).
The updated /etc/krb5/krb5.conf configuration file should look like the contents of the following example.
Example 5–1 Edited Kerberos Client Configuration File /etc/krb5/krb5.conf
#pragma ident "@(#)krb5.conf 1.2 99/07/20 SMI"
# Copyright (c) 1999, by Sun Microsystems, Inc.
# All rights reserved.
#
# krb5.conf template
# In order to complete this configuration file
# you will need to replace the __<name\>__ placeholders
# with appropriate values for your network.
#
[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = kdc.example.com
admin_server = kdc.example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.
period = 1d
# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
gkadmin = {
help_url =
http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
}
|
- © 2010, Oracle Corporation and/or its affiliates