xref: /freebsd/crypto/krb5/doc/mitK5defaults.rst (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1.. _mitK5defaults:
2
3MIT Kerberos defaults
4=====================
5
6General defaults
7----------------
8
9========================================== =============================  ====================
10Description                                   Default                        Environment
11========================================== =============================  ====================
12:ref:`keytab_definition` file               |keytab|                       **KRB5_KTNAME**
13Client :ref:`keytab_definition` file        |ckeytab|                      **KRB5_CLIENT_KTNAME**
14Kerberos config file :ref:`krb5.conf(5)`    |krb5conf|\ ``:``\             **KRB5_CONFIG**
15                                            |sysconfdir|\ ``/krb5.conf``
16KDC config file :ref:`kdc.conf(5)`          |kdcdir|\ ``/kdc.conf``        **KRB5_KDC_PROFILE**
17GSS mechanism config file                   |sysconfdir|\ ``/gss/mech``    **GSS_MECH_CONFIG**
18KDC database path (DB2)                     |kdcdir|\ ``/principal``
19Master key :ref:`stash_definition`          |kdcdir|\ ``/.k5.``\ *realm*
20Admin server ACL file :ref:`kadm5.acl(5)`   |kdcdir|\ ``/kadm5.acl``
21OTP socket directory                        |kdcrundir|
22Plugin base directory                       |libdir|\ ``/krb5/plugins``
23:ref:`rcache_definition` directory          ``/var/tmp``                   **KRB5RCACHEDIR**
24Master key default enctype                  |defmkey|
25Default :ref:`keysalt list<Keysalt_lists>`  |defkeysalts|
26Permitted enctypes                          |defetypes|
27KDC default port                            88
28Admin server port                           749
29Password change port                        464
30========================================== =============================  ====================
31
32
33Replica KDC propagation defaults
34--------------------------------
35
36This table shows defaults used by the :ref:`kprop(8)` and
37:ref:`kpropd(8)` programs.
38
39==========================  ================================  ===========
40Description                 Default                           Environment
41==========================  ================================  ===========
42kprop database dump file    |kdcdir|\ ``/replica_datatrans``
43kpropd temporary dump file  |kdcdir|\ ``/from_master``
44kdb5_util location          |sbindir|\ ``/kdb5_util``
45kprop location              |sbindir|\ ``/kprop``
46kpropd ACL file             |kdcdir|\ ``/kpropd.acl``
47kprop port                  754                               KPROP_PORT
48==========================  ================================  ===========
49
50
51.. _paths:
52
53Default paths for Unix-like systems
54-----------------------------------
55
56On Unix-like systems, some paths used by MIT krb5 depend on parameters
57chosen at build time.  For a custom build, these paths default to
58subdirectories of ``/usr/local``.  When MIT krb5 is integrated into an
59operating system, the paths are generally chosen to match the
60operating system's filesystem layout.
61
62==========================  ==============  ===========================  ===========================
63Description                 Symbolic name   Custom build path            Typical OS path
64==========================  ==============  ===========================  ===========================
65User programs               BINDIR          ``/usr/local/bin``           ``/usr/bin``
66Libraries and plugins       LIBDIR          ``/usr/local/lib``           ``/usr/lib``
67Parent of KDC state dir     LOCALSTATEDIR   ``/usr/local/var``           ``/var``
68Parent of KDC runtime dir   RUNSTATEDIR     ``/usr/local/var/run``       ``/run``
69Administrative programs     SBINDIR         ``/usr/local/sbin``          ``/usr/sbin``
70Alternate krb5.conf dir     SYSCONFDIR      ``/usr/local/etc``           ``/etc``
71Default ccache name         DEFCCNAME       ``FILE:/tmp/krb5cc_%{uid}``  ``FILE:/tmp/krb5cc_%{uid}``
72Default keytab name         DEFKTNAME       ``FILE:/etc/krb5.keytab``    ``FILE:/etc/krb5.keytab``
73Default PKCS11 module       PKCS11_MODNAME  ``opensc-pkcs11.so``         ``opensc-pkcs11.so``
74==========================  ==============  ===========================  ===========================
75
76The default client keytab name (DEFCKTNAME) typically defaults to
77``FILE:/usr/local/var/krb5/user/%{euid}/client.keytab`` for a custom
78build.  A native build will typically use a path which will vary
79according to the operating system's layout of ``/var``.
80