MIT Kerberos defaults

General defaults

Description	Default	Environment
Keytab file	FILE:/etc/krb5.keytab	KRB5_KTNAME
Kerberos config file	/etc/krb5.conf:SYSCONFDIR/krb5.conf	KRB5_CONFIG
KDC config file	LOCALSTATEDIR/krb5kdc/kdc.conf	KRB5_KDC_PROFILE
KDC database path (DB2)	LOCALSTATEDIR/krb5kdc/principal
Master key stash file	LOCALSTATEDIR/krb5kdc/.k5.realm
Admin server ACL file	LOCALSTATEDIR/krb5kdc/kadm5.acl
Plugin base directory	LIBDIR/krb5/plugins
Replay cache directory	/var/tmp	KRB5RCACHEDIR
Master key default enctype	aes256-cts-hmac-sha1-96
Supported enc/salt types	aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal arcfour-hmac-md5:normal
Permitted enctypes	aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4
KDC default port	88
Second KDC default port	750
Admin server port	749
Password change port	464

Slave KDC propagation defaults

This table shows defaults used by the kprop and kpropd programs.

Description	Default	Environment
kprop database dump file	LOCALSTATEDIR/krb5kdc/slave_datatrans
kpropd temporary dump file	LOCALSTATEDIR/krb5kdc/from_master
kdb5_util location	SBINDIR/kdb5_util
kprop location	SBINDIR/kprop
kpropd ACL file	LOCALSTATEDIR/krb5kdc/kpropd.acl
kprop port	754	KPROP_PORT

Default paths for Unix-like systems

On Unix-like systems, some paths used by MIT krb5 depend on parameters chosen at build time. For a custom build, these paths default to subdirectories of /usr/local. When MIT krb5 is integrated into an operating system, the paths are generally chosen to match the operating system’s filesystem layout.

Description	Symbolic name	Custom build path	Typical OS path
User programs	BINDIR	/usr/local/bin	/usr/bin
Libraries and plugins	LIBDIR	/usr/local/lib	/usr/lib
Parent of KDC state dir	LOCALSTATEDIR	/usr/local/var	/var
Administrative programs	SBINDIR	/usr/local/sbin	/usr/sbin
Alternate krb5.conf dir	SYSCONFDIR	/usr/local/etc	/etc