Previous: Client Programs, Up: Installing and Configuring UNIX Client Machines

4.2.2 Client Machine Configuration Files

Each machine running Kerberos must have a /etc/krb5.conf file. (See krb5.conf.)

Also, for most UNIX systems, you must add the appropriate Kerberos services to each client machine's /etc/services file. If you are using the default configuration for Kerberos V5, you should be able to just insert the following code:

     # Note --- if you are using Kerberos V4 and you either:
     #    (a) haven't converted all your master or slave KDCs to V5, or
     #    (b) are worried about inter-realm interoperability with other KDC's
     #        that are still using V4
     # you will need to switch the "kerberos" service to port 750 and create a
     # "kerberos-sec" service on port 88.
     kerberos      88/udp    kdc    # Kerberos V5 KDC
     kerberos      88/tcp    kdc    # Kerberos V5 KDC
     klogin        543/tcp          # Kerberos authenticated rlogin
     kshell        544/tcp   cmd    # and remote shell
     kerberos-adm  749/tcp          # Kerberos 5 admin/changepw
     kerberos-adm  749/udp          # Kerberos 5 admin/changepw
     krb5_prop     754/tcp          # Kerberos slave propagation
     eklogin       2105/tcp         # Kerberos auth. & encrypted rlogin
     krb524        4444/tcp         # Kerberos 5 to 4 ticket translator

As described in the comments in the above code, if your master KDC or any of your slave KDCs is running Kerberos V4, (or if you will be authenticating to any Kerberos V4 KDCs in another realm) you will need to switch the port number for kerberos to 750 and create a kerberos-sec service (tcp and udp) on port 88, so the Kerberos V4 KDC(s) will continue to work properly.