The single most complex task when you implement Kerberos on your network is to set up the Kerberos server—the KDC. To do this, you start by editing a server configuration file. This isn’t the end of the job, though. You must also create a master key, which is used to encrypt the KDC’s communications. Practical use of a Kerberos realm also requires such administrative tasks as creating principals and configuring access control rules. Finally, you must run the Kerberos servers (the main server and, typically, a separate administrative server).
Kerberos uses two configuration files:
kdc.conf. Heimdal, though, dispenses with the
latter file, so you needn’t be concerned with
kdc.conf if you’re configuring
krb5.conf file contains assorted
information about your realm and the server’s
operation, while the
kdc.conf file contains
Application servers and clients need to know much of the realm
krb5.conf, and so these systems
use this file, as well, although some sections are missing or ignored
on these systems.
The KDC’s main configuration file is called
krb5.conf. If you install Kerberos from a
package, chances are this file will reside in
/etc. A sample
file appears in Example 9-1.
Example 9-1. Sample krb5.conf listing
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log ...