The Kerberos configuration file (i.e. krb5.conf ) is
required by the Kerberos system to configure the location of the
Kerberos KDC, supported encryption algorithms, and default realms.
The file is required by both Kerberos Clients and Services that are
configured for the Enterprise Gateway. Kerberos Clients need to know the
location of the KDC so that they can obtain a Ticket Granting Ticket
(TGT). They also need to know what encryption algorithms to use and to
what realm they belong.
A Kerberos Client or Service will know what realm they belong to
because either the realm is appended to the principal name after the "@"
symbol or, on the other hand, if the realm is not specified in the
principal name they are assumed to be in the "default_realm" as specified
in the krb5.conf file.
Kerberos Services do not need to talk to the KDC to request a TGT.
However, they still require the information about supported
encryption algorithms and default realms contained within the
krb5.conf file. There is only one "default_realm"
specified in this file, but it is possible to specify a number of
additional named realms. The "default_realm" setting can be found in the
[libdefaults] section of the
krb5.conf file. It will point to a realm in the
[realms] section. This setting is not required.
A default krb5.conf is displayed in the text area,
which can be modified where appropriate and then uploaded to the
Enterprise Gateway's configuration by clicking the OK button.
Alternatively, if you already have a krb5.conf file
that you want to use, browse to this file using the
Load File button. The contents of the file will be
displayed in the text area and can subsequently be uploaded by clicking
the OK button.
Note that it is also possible to type directly into the text area to
modify the krb5.conf contents. Please refer to your
Kerberos documentation for more information on the settings that can be
configured within the krb5.conf file.
|