Configuration File Format
Both MIT and Heimdal use the same basic format for their text configuration file, krb5.conf . This file contains all of the information needed for the Kerberos libraries that are linked into Kerberos clients, servers, administrative utilities, and the KDC itself. Since this file is rather standardized between the major Kerberos implementations on Unix, a krb5.conf file generated for one can easily be used on another implementation, usually with no changes required.
While normally this configuration file is located in /etc, an alternate location can be defined by setting the KRB5_CONFIG environment variable. Both MIT and Heimdal honor this environment variable. For example, in a Bourne shell, the following command would instruct further Kerberos applications to use the /etc/krb5.conf.backup file as the Kerberos configuration file instead:
% export KRB5_CONFIG=/etc/krb5.conf.backup
The krb5.conf file is comprised of a number of key-value pairs, organized into groups, referred to as stanzas . Stanza names are enclosed in opening and closing brackets, and each key/value pair must belong to one stanza. Key/value pairs are separated by an equals sign, with the key name on the left and its associated value on the right of the equals sign. The value in a key/value pair can either be a single value, or it can be another set of key/value pairs, enclosed by braces. The most common example of this is in the realms stanza, where a key is defined for each realm, whose ...
Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
