O'Reilly logo

Kerberos: The Definitive Guide by Jason Garman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuration File Format

Both MIT and Heimdal use the same basic format for their text configuration file, krb5.conf . This file contains all of the information needed for the Kerberos libraries that are linked into Kerberos clients, servers, administrative utilities, and the KDC itself. Since this file is rather standardized between the major Kerberos implementations on Unix, a krb5.conf file generated for one can easily be used on another implementation, usually with no changes required.

While normally this configuration file is located in /etc, an alternate location can be defined by setting the KRB5_CONFIG environment variable. Both MIT and Heimdal honor this environment variable. For example, in a Bourne shell, the following command would instruct further Kerberos applications to use the /etc/krb5.conf.backup file as the Kerberos configuration file instead:

% export KRB5_CONFIG=/etc/krb5.conf.backup

The krb5.conf file is comprised of a number of key-value pairs, organized into groups, referred to as stanzas . Stanza names are enclosed in opening and closing brackets, and each key/value pair must belong to one stanza. Key/value pairs are separated by an equals sign, with the key name on the left and its associated value on the right of the equals sign. The value in a key/value pair can either be a single value, or it can be another set of key/value pairs, enclosed by braces. The most common example of this is in the realms stanza, where a key is defined for each realm, whose ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required