Best Practice: Location of Kerberos Configuration Files for use with Vista and Server 2008

Danny Mayer mayer at ntp.isc.org
Sun Jan 27 11:56:59 EST 2008


Jeffrey Altman wrote:
> Due to the increased security provided by Vista and Server 2008 and the 
> directory shadowing provided by the Wow64 environment, it is no longer 
> acceptable to store application configuration files in either \WINDOWS 
> or \Program Files directory trees.
> The proper location to store such files is under the \ProgramData 
> directory on the boot disk.  For MIT Kerberos the proper path to the 
> krb5.ini file should therefore be c:\ProgramData\MIT\Kerberos\krb5.ini.  
> This can be configured by defining the environment variable KRB5_CONFIG 
> to point at that path.  The Kerberos v4 configuration files use the 
> KRB4_CONFIG environment variable to point not at the file but at the 
> directory containing the file.

Jeff, it would be better if this were done in the registry rather than 
an environmental variable. This is especially important with services 
unless you go in and define a system environmental variable.

Danny



More information about the Kerberos mailing list