Configuring the krb5.ini File for Active Directory

The information in this article applies to:

Product: Knowledge Exchange
Version: 6.1.x

Issue

How do I configure krb5.ini?

Resolution

The following file is used as a sample:

\[libdefaults\] default\_realm=TESTSERVER.COM default\_tkt\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 default\_tgs\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 permitted\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 kdc\_req\_checksum\_type=2 ccache\_type=2 ticket\_lifetime=600 \[realms\] TESTSERVER.COM = \{ kdc = AD01.TESTSERVER.COM admin\_server = AD01.TESTSERVER.COM default\_domain = TESTSERVER.COM \} CHILD1.TESTSERVER.COM = \{ kdc = PROLDAP01.CHILD1.TESTSERVER.COM admin\_server = PROLDAP01.CHILD1.TESTSERVER.COM default\_domain = CHILD1.TESTSERVER.COM \} \[domain\_realm\] .testserver.com = TESTSERVER.COM testserver.com = TESTSERVER.COM .child1.testserver.com = CHILD1.TESTSERVER.COM child1.testserver.com = CHILD1.TESTSERVER.COM \[appdefaults\] autologin=true forward=true forwardable=true encrypt=true

In the first section, \[libdefaults\], replace TESTSERVER.COM with your Active Directory server domain. This must be in CAPS.

\[libdefaults\] default\_realm=TESTSERVER.COM default\_tkt\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 default\_tgs\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 permitted\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 kdc\_req\_checksum\_type=2 ccache\_type=2 ticket\_lifetime=600

Next, modify the \[realms\] section. Start the section with the same AD server domain you specified above. On then next line (kdc = ), specify any domain controller in that AD server domain. If there are no child realms, ignore the CHILD1.TESTSERVER.COM = \{\} section or remove it.

\[realms\] TESTSERVER.COM = \{ kdc = AD01.TESTSERVER.COM admin\_server = AD01.TESTSERVER.COM default\_domain = TESTSERVER.COM \} CHILD1.TESTSERVER.COM = \{ kdc = PROLDAP01.CHILD1.TESTSERVER.COM admin\_server = PROLDAP01.CHILD1.TESTSERVER.COM default\_domain = CHILD1.TESTSERVER.COM \}

In the \[domain\_realm\] section, continue to use the same server domain (and child domains, if you have any.) Follow the formatting shown exactly (spaces between equal signs, the right-hand side capitalized, and initial periods as shown.)
```
\[domain\_realm\] .testserver.com = TESTSERVER.COM testserver.com = TESTSERVER.COM .child1.testserver.com = CHILD1.TESTSERVER.COM child1.testserver.com = CHILD1.TESTSERVER.COM
```

In the last section, \[appdefaults\], no changes should be made.

\[appdefaults\] autologin=true forward=true forwardable=true encrypt=true

Find more posts tagged with

BPM

Comments

There are no comments yet