A sample krb5.conf file is provided in the untarred_path/NovellKerberosKDC/setup directory. You can use the /etc/krb5.conf configuration file to set the default values. While managing Novell Kerberos KDC, when you do not specify any of the mandatory parameters, the values are taken from the /etc/krb5.conf file. This file looks similar to the following:
[libdefaults]
default_realm = ATHENA.MIT.EDU
[realms]
ATHENA.MIT.EDU = {
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
acl_file = /opt/novell/kerberos/kadm5.acl
dict_file = /opt/novell/kerberos/kadm5.dict
kdc = kerberos.mit.edu
admin_server = kerberos-1.mit.edu
kpasswd_server = kerberos-1.mit.edu
database_module = ldapconf
}
[kdcdefaults]
num_threads = 10
[domain_realm]
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kpasswd_server = FILE:/var/log/kpasswdd.log
[dbdefaults]
database_module = ldapconf
[dbmodules]
ldapconf = {
db_library = kdb_ldap
ldap_ssl_port = 636
ldap_kdc_dn = "cn=KDC Server - kerberos.mit.edu,o=mit"
ldap_kadmind_dn = "cn=Admin Server - kerberos.mit.edu,o=mit"
ldap_kpasswdd_dn = "cn=Passwd Server - kerberos.mit.edu,o=mit"
ldap_root_certificate_file = /opt/novell/kerberos/TrustedRoot-
ldap-server1.mit.edu.der /opt/novell/kerberos/TrustedRoot-ldap
-server2.mit.edu.der
ldap_service_password_file = /opt/novell/kerberos/keyfile
realm_read_refresh_interval = 300
ldap_servers = ldap-server1.mit.edu ldap-server2.mit.edu:1636
ldap_conns_per_server = 5
}