MIT Kerberos defaults

General defaults

Description

Default

Environment

keytab file

DEFKTNAME

KRB5_KTNAME

Client keytab file

DEFCKTNAME

KRB5_CLIENT_KTNAME

Kerberos config file krb5.conf

/etc/krb5.conf:SYSCONFDIR/krb5.conf

KRB5_CONFIG

KDC config file kdc.conf

LOCALSTATEDIR/krb5kdc/kdc.conf

KRB5_KDC_PROFILE

GSS mechanism config file

SYSCONFDIR/gss/mech

GSS_MECH_CONFIG

KDC database path (DB2)

LOCALSTATEDIR/krb5kdc/principal

Master key stash file

LOCALSTATEDIR/krb5kdc/.k5.realm

Admin server ACL file kadm5.acl

LOCALSTATEDIR/krb5kdc/kadm5.acl

OTP socket directory

RUNSTATEDIR/krb5kdc

Plugin base directory

LIBDIR/krb5/plugins

replay cache directory

/var/tmp

KRB5RCACHEDIR

Master key default enctype

aes256-cts-hmac-sha1-96

Default keysalt list

aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal

Permitted enctypes

aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac

KDC default port

88

Admin server port

749

Password change port

464

Replica KDC propagation defaults

This table shows defaults used by the kprop and kpropd programs.

Description

Default

Environment

kprop database dump file

LOCALSTATEDIR/krb5kdc/replica_datatrans

kpropd temporary dump file

LOCALSTATEDIR/krb5kdc/from_master

kdb5_util location

SBINDIR/kdb5_util

kprop location

SBINDIR/kprop

kpropd ACL file

LOCALSTATEDIR/krb5kdc/kpropd.acl

kprop port

754

KPROP_PORT

Default paths for Unix-like systems

On Unix-like systems, some paths used by MIT krb5 depend on parameters chosen at build time. For a custom build, these paths default to subdirectories of /usr/local. When MIT krb5 is integrated into an operating system, the paths are generally chosen to match the operating system’s filesystem layout.

Description

Symbolic name

Custom build path

Typical OS path

User programs

BINDIR

/usr/local/bin

/usr/bin

Libraries and plugins

LIBDIR

/usr/local/lib

/usr/lib

Parent of KDC state dir

LOCALSTATEDIR

/usr/local/var

/var

Parent of KDC runtime dir

RUNSTATEDIR

/usr/local/var/run

/run

Administrative programs

SBINDIR

/usr/local/sbin

/usr/sbin

Alternate krb5.conf dir

SYSCONFDIR

/usr/local/etc

/etc

Default ccache name

DEFCCNAME

FILE:/tmp/krb5cc_%{uid}

FILE:/tmp/krb5cc_%{uid}

Default keytab name

DEFKTNAME

FILE:/etc/krb5.keytab

FILE:/etc/krb5.keytab

Default PKCS11 module

PKCS11_MODNAME

opensc-pkcs11.so

opensc-pkcs11.so

The default client keytab name (DEFCKTNAME) typically defaults to FILE:/usr/local/var/krb5/user/%{euid}/client.keytab for a custom build. A native build will typically use a path which will vary according to the operating system’s layout of /var.