MIT Kerberos defaults¶
General defaults¶
| Description | Default | Environment |
|---|---|---|
| keytab file | DEFKTNAME | KRB5_KTNAME |
| Client keytab file | DEFCKTNAME | KRB5_CLIENT_KTNAME |
| Kerberos config file krb5.conf | /etc/krb5.conf:SYSCONFDIR/krb5.conf | KRB5_CONFIG |
| KDC config file kdc.conf | LOCALSTATEDIR/krb5kdc/kdc.conf | KRB5_KDC_PROFILE |
| KDC database path (DB2) | LOCALSTATEDIR/krb5kdc/principal | |
| Master key stash file | LOCALSTATEDIR/krb5kdc/.k5.realm | |
| Admin server ACL file kadm5.acl | LOCALSTATEDIR/krb5kdc/kadm5.acl | |
| OTP socket directory | RUNSTATEDIR/krb5kdc | |
| Plugin base directory | LIBDIR/krb5/plugins | |
| replay cache directory | /var/tmp | KRB5RCACHEDIR |
| Master key default enctype | aes256-cts-hmac-sha1-96 | |
| Default keysalt list | aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal arcfour-hmac-md5:normal | |
| Permitted enctypes | aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4 | |
| KDC default port | 88 | |
| Second KDC default port | 750 | |
| Admin server port | 749 | |
| Password change port | 464 |
Slave KDC propagation defaults¶
This table shows defaults used by the kprop and kpropd programs.
| Description | Default | Environment |
|---|---|---|
| kprop database dump file | LOCALSTATEDIR/krb5kdc/slave_datatrans | |
| kpropd temporary dump file | LOCALSTATEDIR/krb5kdc/from_master | |
| kdb5_util location | SBINDIR/kdb5_util | |
| kprop location | SBINDIR/kprop | |
| kpropd ACL file | LOCALSTATEDIR/krb5kdc/kpropd.acl | |
| kprop port | 754 | KPROP_PORT |
Default paths for Unix-like systems¶
On Unix-like systems, some paths used by MIT krb5 depend on parameters chosen at build time. For a custom build, these paths default to subdirectories of /usr/local. When MIT krb5 is integrated into an operating system, the paths are generally chosen to match the operating system’s filesystem layout.
| Description | Symbolic name | Custom build path | Typical OS path |
|---|---|---|---|
| User programs | BINDIR | /usr/local/bin | /usr/bin |
| Libraries and plugins | LIBDIR | /usr/local/lib | /usr/lib |
| Parent of KDC state dir | LOCALSTATEDIR | /usr/local/var | /var |
| Parent of KDC runtime dir | RUNSTATEDIR | /usr/local/var/run | /run |
| Administrative programs | SBINDIR | /usr/local/sbin | /usr/sbin |
| Alternate krb5.conf dir | SYSCONFDIR | /usr/local/etc | /etc |
| Default ccache name | DEFCCNAME | FILE:/tmp/krb5cc_%{uid} | FILE:/tmp/krb5cc_%{uid} |
| Default keytab name | DEFKTNAME | FILE:/etc/krb5.keytab | FILE:/etc/krb5.keytab |
The default client keytab name (DEFCKTNAME) typically defaults to FILE:/usr/local/var/krb5/user/%{euid}/client.keytab for a custom build. A native build will typically use a path which will vary according to the operating system’s layout of /var.