The Kerberos configuration file (krb5.conf ) is
required by the Kerberos system to configure the location of the
Kerberos KDC, supported encryption algorithms, and default realms.
The file is required by both Kerberos Clients and Services that are
configured for the Enterprise Gateway. Kerberos Clients need to know the
location of the KDC so that they can obtain a Ticket Granting Ticket
(TGT). They also need to know what encryption algorithms to use and to
what realm they belong.
A Kerberos Client or Service knows what realm it belongs to because
either the realm is appended to the principal name after the @
symbol. Alternatively, if the realm is not specified in the principal name,
it is assumed to be in the default_realm as specified in the
krb5.conf file.
Kerberos Services do not need to talk to the KDC to request a TGT. However,
they still require the information about supported encryption algorithms and
default realms contained in the krb5.conf file. There is
only one default_realm specified in this file, but you can specify
a number of additional named realms. The default_realm setting is
found in the [libdefaults] section of the
krb5.conf file. It points to a realm in the
[realms] section. This setting is not required.
A default krb5.conf is displayed in the text area,
which can be modified where appropriate and then uploaded to the
Enterprise Gateway's configuration by clicking the OK button.
Alternatively, if you already have a krb5.conf file
that you want to use, browse to this file using the Load File
button. The contents of the file are displayed in the text area, and can
subsequently be uploaded by clicking the OK button.
Note:
You can also type directly into the text area to modify the
krb5.conf contents. Please refer to your
Kerberos documentation for more information on the settings that
can be configured in the krb5.conf file.
|