Does /etc/krb5.conf have to be present and identical on all Kerberos infrastructure participants?

Rufe Glick rufe.glick at gmail.com
Wed Oct 29 14:39:52 EDT 2014


Hello,

I'm  trying  to  understand the inner workings of Kerberos here. The following question has arisen: Does /etc/krb5.conf have to be present and indentical on all Kerberos infrastructure participants? 

Here is what I deduced based on reading Linux man pages and other source on the Internet. Please confirm, refute or correct:
  All Kerberos infrastructure participants (client machines, application servers and KDC) must have this file present. Some of its settings are selectively used by all 3 types of aforementioned Kerberos infrastructure participants. Thus the file doesn’t have to be identical on all Kerberos involved machines, but for the sake of easier administration it usually is.

P.S. The OS in question is Linux Cent OS 7 and the version of Kerberos is MIT Kerberos 5 (krb5-server package version: 1.11.3).

--
Best Regards,
Rufe




More information about the Kerberos mailing list