MIT Kerberos defaults¶
General defaults¶
Description | Default | Environment |
---|---|---|
keytab file | DEFKTNAME | KRB5_KTNAME |
Client keytab file | DEFCKTNAME | KRB5_CLIENT_KTNAME |
Kerberos config file krb5.conf | /etc/krb5.conf : SYSCONFDIR/krb5.conf |
KRB5_CONFIG |
KDC config file kdc.conf | LOCALSTATEDIR/krb5kdc /kdc.conf |
KRB5_KDC_PROFILE |
KDC database path (DB2) | LOCALSTATEDIR/krb5kdc /principal |
|
Master key stash file | LOCALSTATEDIR/krb5kdc /.k5. realm |
|
Admin server ACL file kadm5.acl | LOCALSTATEDIR/krb5kdc /kadm5.acl |
|
OTP socket directory | RUNSTATEDIR/krb5kdc |
|
Plugin base directory | LIBDIR/krb5/plugins |
|
replay cache directory | /var/tmp |
KRB5RCACHEDIR |
Master key default enctype | aes256-cts-hmac-sha1-96 |
|
Default keysalt list | aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal |
|
Permitted enctypes | aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4 |
|
KDC default port | 88 | |
Admin server port | 749 | |
Password change port | 464 |
Replica KDC propagation defaults¶
This table shows defaults used by the kprop and kpropd programs.
Description | Default | Environment |
---|---|---|
kprop database dump file | LOCALSTATEDIR/krb5kdc /replica_datatrans |
|
kpropd temporary dump file | LOCALSTATEDIR/krb5kdc /from_master |
|
kdb5_util location | SBINDIR/kdb5_util |
|
kprop location | SBINDIR/kprop |
|
kpropd ACL file | LOCALSTATEDIR/krb5kdc /kpropd.acl |
|
kprop port | 754 | KPROP_PORT |
Default paths for Unix-like systems¶
On Unix-like systems, some paths used by MIT krb5 depend on parameters
chosen at build time. For a custom build, these paths default to
subdirectories of /usr/local
. When MIT krb5 is integrated into an
operating system, the paths are generally chosen to match the
operating system’s filesystem layout.
Description | Symbolic name | Custom build path | Typical OS path |
---|---|---|---|
User programs | BINDIR | /usr/local/bin |
/usr/bin |
Libraries and plugins | LIBDIR | /usr/local/lib |
/usr/lib |
Parent of KDC state dir | LOCALSTATEDIR | /usr/local/var |
/var |
Parent of KDC runtime dir | RUNSTATEDIR | /usr/local/var/run |
/run |
Administrative programs | SBINDIR | /usr/local/sbin |
/usr/sbin |
Alternate krb5.conf dir | SYSCONFDIR | /usr/local/etc |
/etc |
Default ccache name | DEFCCNAME | FILE:/tmp/krb5cc_%{uid} |
FILE:/tmp/krb5cc_%{uid} |
Default keytab name | DEFKTNAME | FILE:/etc/krb5.keytab |
FILE:/etc/krb5.keytab |
The default client keytab name (DEFCKTNAME) typically defaults to
FILE:/usr/local/var/krb5/user/%{euid}/client.keytab
for a custom
build. A native build will typically use a path which will vary
according to the operating system’s layout of /var
.