Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual page 873

46.5.1 Static Configuration
One way to configure Kerberos is to edit the configuration file /etc/krb5.conf.
The file installed by default contains various sample entries. Erase all of these entries
before starting. krb5.conf is made up of several sections, each introduced by the
section name included in brackets like [this].
To configure your Kerberos clients, add the following stanza to krb5.conf (where
kdc.example.com is the hostname of the KDC):
[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = kdc.example.com
admin_server = kdc.example.com
}
The default_realm line sets the default realm for Kerberos applications. If you
have several realms, just add additional statements to the [realms] section.
Also add a statement to this file that tells applications how to map hostnames to a realm.
For example, when connecting to a remote host, the Kerberos library needs to know in
which realm this host is located. This must be configured in the [domain_realms]
section:
[domain_realm]
.example.com = EXAMPLE.COM
www.foobar.com = EXAMPLE.COM
This tells the library that all hosts in the example.com DNS domains are in the
EXAMPLE.COM Kerberos realm. In addition, one external host named www.foobar
.com should also be considered a member of the EXAMPLE.COM realm.
46.5.2 DNS-Based Configuration
DNS-based Kerberos configuration makes heavy use of SRV records. See (RFC2052)
A DNS RR for specifying the location of services at http://www.ietf.org. These
Installing and Administering Kerberos 855