(heimdal.info) Configuration file
Info Catalog
(heimdal.info) Setting up a realm
(heimdal.info) Setting up a realm
(heimdal.info) Creating the database
Configuration file
==================
To setup a realm you will first have to create a configuration file:
`/etc/krb5.conf'. The `krb5.conf' file can contain many configuration
options, some of which are described here.
There is a sample `krb5.conf' supplied with the distribution.
The configuration file is a hierarchical structure consisting of
sections, each containing a list of bindings (either variable
assignments or subsections). A section starts with `[section-name]'. A
binding consists of a left hand side, an equal (`=') and a right hand
side (the left hand side tag must be separated from the equal with some
whitespace.) Subsections has a `{' as the first non-whitespace
character after the equal. All other bindings are treated as variable
assignments. The value of a variable extends to the end of the line.
[section1]
a-subsection = {
var = value1
other-var = value with {}
sub-sub-section = {
var = 123
}
}
var = some other value
[section2]
var = yet another value
In this manual, names of sections and bindings will be given as strings
separated by slashes (`/'). The `other-var' variable will thus be
`section1/a-subsection/other-var'.
For in-depth information about the contents of the configuration file,
refer to the `krb5.conf' manual page. Some of the more important
sections are briefly described here.
The `libdefaults' section contains a list of library configuration
parameters, such as the default realm and the timeout for KDC
responses. The `realms' section contains information about specific
realms, such as where they hide their KDC. This section serves the same
purpose as the Kerberos 4 `krb.conf' file, but can contain more
information. Finally the `domain_realm' section contains a list of
mappings from domains to realms, equivalent to the Kerberos 4
`krb.realms' file.
To continue with the realm setup, you will have to create a
configuration file, with contents similar to the following.
[libdefaults]
default_realm = MY.REALM
[realms]
MY.REALM = {
kdc = my.kdc my.slave.kdc
kdc = my.third.kdc
}
[domain_realm]
.my.domain = MY.REALM
If you use a realm name equal to your domain name, you can omit the
`libdefaults', and `domain_realm', sections. If you have a SRV-record
for your realm, or your Kerberos server has CNAME called
`kerberos.my.realm', you can omit the `realms' section too.
Info Catalog
(heimdal.info) Setting up a realm
(heimdal.info) Setting up a realm
(heimdal.info) Creating the database
automatically generated byinfo2html