Edit the kerberos server config file

Edit the kerberos server config file

To be more exact, the "kerberos server" consists of several processes, and all together are called a "Key Distribution Center" (KDC). The config file is /etc/kerberos/krb5kdc/kdc.conf or /var/lib/kerberos/krb5kdc/kdc.conf depending on your distribution. On rpm based distributions you can search the file using the command

rpm -ql krb5-server |grep kdc.conf

We start with a basic kdc.conf (taken from a suse installation):

[kdcdefaults]
        kdc_ports = 88

[realms]
        REDFLO.DE = {
                database_name = /var/lib/kerberos/krb5kdc/principal
                admin_keytab = FILE:/var/lib/kerberos/krb5kdc/kadm5.keytab
                acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl
                key_stash_file = /var/lib/kerberos/krb5kdc/.k5.REDFLO.DE
                kdc_ports = 88
                max_life = 10h 0m 0s
                max_renewable_life = 7d 0h 0m 0s
        }
[logging]
    kdc = FILE:/var/log/kdc.log
    admin_server = FILE:/var/log/kadmin.log

I've edited the kdc_ports that was kdc_ports=750,88. 750 is the Kerberos 4 Port, and i don't want to run old Kerberos. Two of the sections are interesting: the kdcdefaults are default values for all realms a kdc runs. Hey, a kdc can run more than one realm! In realms you specify in more detail what configuration values you want to set for this realm. For detailed explanation read the Kerberos Admin Book. We'll touch some values again later.

---