The information in this article applies to:
Product: Knowledge Exchange
Version: 6.1.x
Issue
- How do I configure krb5.ini ?
Resolution
- The following file is used as a sample:
[libdefaults]
default_realm=TESTSERVER.COM
default_tkt_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1
permitted_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1
kdc_req_checksum_type=2
ccache_type=2
ticket_lifetime=600
[realms]
TESTSERVER.COM = {
kdc = AD01.TESTSERVER.COM
admin_server = AD01.TESTSERVER.COM
default_domain = TESTSERVER.COM
}
CHILD1.TESTSERVER.COM = {
kdc = PROLDAP01.CHILD1.TESTSERVER.COM
admin_server = PROLDAP01.CHILD1.TESTSERVER.COM
default_domain = CHILD1.TESTSERVER.COM
}
[domain_realm]
.testserver.com = TESTSERVER.COM
testserver.com = TESTSERVER.COM
.child1.testserver.com = CHILD1.TESTSERVER.COM
child1.testserver.com = CHILD1.TESTSERVER.COM
[appdefaults]
autologin=true
forward=true
forwardable=true
encrypt=true
- In the first section, [libdefaults], replace TESTSERVER.COM with your Active Directory server domain. This must be in CAPS.
[libdefaults]
default_realm=TESTSERVER.COM
default_tkt_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1
permitted_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1
kdc_req_checksum_type=2
ccache_type=2
ticket_lifetime=600 - Next, modify the [realms] section. Start the section with the same AD server domain you specified above. On then next line (kdc = ), specify any domain controller in that AD server domain. If there are no child realms, ignore the CHILD1.TESTSERVER.COM = {} section or remove it.
[realms]
TESTSERVER.COM = {
kdc = AD01.TESTSERVER.COM
admin_server = AD01.TESTSERVER.COM
default_domain = TESTSERVER.COM
}
CHILD1.TESTSERVER.COM = {
kdc = PROLDAP01.CHILD1.TESTSERVER.COM
admin_server = PROLDAP01.CHILD1.TESTSERVER.COM
default_domain = CHILD1.TESTSERVER.COM
} - In the [domain_realm] section, continue to use the same server domain (and child domains, if you have any.) Follow the formatting shown exactly (spaces between equal signs, the right-hand side capitalized, and initial periods as shown.)
[domain_realm]
.testserver.com = TESTSERVER.COM
testserver.com = TESTSERVER.COM
.child1.testserver.com = CHILD1.TESTSERVER.COM
child1.testserver.com = CHILD1.TESTSERVER.COM - In the last section, [appdefaults], no changes should be made.
[appdefaults]
autologin=true
forward=true
forwardable=true
encrypt=true
原文出处(点击此处)