blob: 84b9df8810c5e3e01fa95b6d0176f99adeaf2b84 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
.. _mitK5defaults:
MIT Kerberos defaults
=====================
General defaults
----------------
========================================== ============================= ====================
Description Default Environment
========================================== ============================= ====================
:ref:`keytab_definition` file |keytab| **KRB5_KTNAME**
Client :ref:`keytab_definition` file |ckeytab| **KRB5_CLIENT_KTNAME**
Kerberos config file :ref:`krb5.conf(5)` |krb5conf|\ ``:``\ **KRB5_CONFIG**
|sysconfdir|\ ``/krb5.conf``
KDC config file :ref:`kdc.conf(5)` |kdcdir|\ ``/kdc.conf`` **KRB5_KDC_PROFILE**
KDC database path (DB2) |kdcdir|\ ``/principal``
Master key :ref:`stash_definition` |kdcdir|\ ``/.k5.``\ *realm*
Admin server ACL file :ref:`kadm5.acl(5)` |kdcdir|\ ``/kadm5.acl``
Plugin base directory |libdir|\ ``/krb5/plugins``
:ref:`rcache_definition` directory ``/var/tmp`` **KRB5RCACHEDIR**
Master key default enctype |defmkey|
Supported :ref:`Encryption_and_salt_types` |defkeysalts|
Permitted enctypes |defetypes|
KDC default port 88
Second KDC default port 750
Admin server port 749
Password change port 464
========================================== ============================= ====================
Slave KDC propagation defaults
------------------------------
This table shows defaults used by the :ref:`kprop(8)` and
:ref:`kpropd(8)` programs.
========================== ============================== ===========
Description Default Environment
========================== ============================== ===========
kprop database dump file |kdcdir|\ ``/slave_datatrans``
kpropd temporary dump file |kdcdir|\ ``/from_master``
kdb5_util location |sbindir|\ ``/kdb5_util``
kprop location |sbindir|\ ``/kprop``
kpropd ACL file |kdcdir|\ ``/kpropd.acl``
kprop port 754 KPROP_PORT
========================== ============================== ===========
.. _paths:
Default paths for Unix-like systems
-----------------------------------
On Unix-like systems, some paths used by MIT krb5 depend on parameters
chosen at build time. For a custom build, these paths default to
subdirectories of ``/usr/local``. When MIT krb5 is integrated into an
operating system, the paths are generally chosen to match the
operating system's filesystem layout.
========================== ============= =========================== ===========================
Description Symbolic name Custom build path Typical OS path
========================== ============= =========================== ===========================
User programs BINDIR ``/usr/local/bin`` ``/usr/bin``
Libraries and plugins LIBDIR ``/usr/local/lib`` ``/usr/lib``
Parent of KDC state dir LOCALSTATEDIR ``/usr/local/var`` ``/var``
Administrative programs SBINDIR ``/usr/local/sbin`` ``/usr/sbin``
Alternate krb5.conf dir SYSCONFDIR ``/usr/local/etc`` ``/etc``
Default ccache name DEFCCNAME ``FILE:/tmp/krb5cc_%{uid}`` ``FILE:/tmp/krb5cc_%{uid}``
Default keytab name DEFKTNAME ``FILE:/etc/krb5.keytab`` ``FILE:/etc/krb5.keytab``
========================== ============= =========================== ===========================
The default client keytab name (DEFCKTNAME) typically defaults to
``FILE:/usr/local/var/krb5/user/%{euid}/client.keytab`` for a custom
build. A native build will typically use a path which will vary
according to the operating system's layout of ``/var``.
|
