MIT Kerberos Documentation

MIT Kerberos defaults

General defaults

Description Default Environment
Keytab file FILE:/etc/krb5.keytab KRB5_KTNAME
Kerberos config file /etc/krb5.conf:SYSCONFDIR/krb5.conf KRB5_CONFIG
KDC config file LOCALSTATEDIR/krb5kdc/kdc.conf KRB5_KDC_PROFILE
KDC database path (DB2) LOCALSTATEDIR/krb5kdc/principal  
Master key stash file LOCALSTATEDIR/krb5kdc/.k5.realm  
Admin server ACL file LOCALSTATEDIR/krb5kdc/kadm5.acl  
Plugin base directory LIBDIR/krb5/plugins  
Replay cache directory /var/tmp KRB5RCACHEDIR
Master key default enctype aes256-cts-hmac-sha1-96  
Supported enc/salt types aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal arcfour-hmac-md5:normal  
Permitted enctypes aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4  
KDC default port 88  
Second KDC default port 750  
Admin server port 749  
Password change port 464  

Slave KDC propagation defaults

This table shows defaults used by the kprop and kpropd programs.

Description Default Environment
kprop database dump file LOCALSTATEDIR/krb5kdc/slave_datatrans  
kpropd temporary dump file LOCALSTATEDIR/krb5kdc/from_master  
kdb5_util location SBINDIR/kdb5_util  
kprop location SBINDIR/kprop  
kpropd ACL file LOCALSTATEDIR/krb5kdc/kpropd.acl  
kprop port 754 KPROP_PORT

Default paths for Unix-like systems

On Unix-like systems, some paths used by MIT krb5 depend on parameters chosen at build time. For a custom build, these paths default to subdirectories of /usr/local. When MIT krb5 is integrated into an operating system, the paths are generally chosen to match the operating system’s filesystem layout.

Description Symbolic name Custom build path Typical OS path
User programs BINDIR /usr/local/bin /usr/bin
Libraries and plugins LIBDIR /usr/local/lib /usr/lib
Parent of KDC state dir LOCALSTATEDIR /usr/local/var /var
Administrative programs SBINDIR /usr/local/sbin /usr/sbin
Alternate krb5.conf dir SYSCONFDIR /usr/local/etc /etc