HP-UX Reference (11i v2 03/08) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

161

162

163

164

165

166

167

168

169

170

krb5.conf(4) krb5.conf(4)

mit = mit.edu

lithium = lithium.lcs.mit.edu

}

For each realm, the following tags may be speciﬁed in the realm’s subsection:

kdc The value of this relation is the name of a host running a Key Distribution

Center for that realm. An optional port number (preceded by a colon)

may be appended to the hostname.

admin_server This relation identiﬁes the host where the administration server is run-

ning. Typically this is the Master Kerberos server.

default_domain

This relation identiﬁes the default domain for the hosts in the realm. This

is needed for translating V4 principal names (which do not contain a

domain name) to V5 principal names (which do contain a domain name).

v4_instance_convert

This subsection allows the administrator to conﬁgure exceptions to the

default_domain mapping rule. It contains V4 instances (the tag name)

which should be translated to some speciﬁc hostname (the tag value) simi-

lar to the second component in a Kerberos V5 principal name.

domain_realm Section

The

[domain_realm] section provides a translation from a hostname to the Kerberos realm name for

the services provided by that host.

The tag name can be a hostname or a domain name, where domain names are indicated by a preﬁx of a

period (’.’) character. The value of the relation is the Kerberos realm name for that particular host or

domain. Host names and domain names should be in lower case.

If no translation entry applies, the host’s realm is considered to be the hostname’s domain portion con-

verted to upper case. For example, the following

[domain_realm]

section:

[domain_realm]

.mit.edu = ATHENA.MIT.EDU

mit.edu = ATHENA.MIT.EDU

dodo.mit.edu = SMS_TEST.MIT.EDU

.ucsc.edu = CATS.UCSC.EDU

maps

dodo.mit.edu into the SMS_TEST.MIT.EDU

realm. All other hosts in the MIT.EDU domain to

the

ATHENA.MIT.EDU realm, and all hosts in the

UCSC.EDU domain into the CATS.UCSC.EDU realm.

ucbvax.berkeley.edu

would be mapped by the default rules to the BERKELEY.EDU realm.

sage.lcs.mit.edu would be mapped to the

LCS.MIT.EDU realm.

logging Section

The

[logging] section indicates how a particular entity is to perform its logging. The relations

speciﬁed in this section assign one or more values to the entity name.

Currently, the following entities are used:

kdc These entries specify how the Key Distribution Center is to perform its logging.

admin_server These entries specify how the administrative server is to perform its logging.

default These entries specify how to perform logging in the absence of explicit

speciﬁcations otherwise.

Values are of the following forms:

FILE=filename

FILE:filename This value causes the entity’s logging messages to go to the speciﬁed ﬁle.

If the = form is used, then the ﬁle is overwritten. Otherwise, the ﬁle is

appended to.

STDERR This value causes the entity’s logging messages to go to its standard error

stream.

CONSOLE This value causes the entity’s logging messages to go to the console if the

system supports it.

Section 4−−154 Hewlett-Packard Company − 3 − HP-UX 11i Version 2: August 2003