Overview
For Active Directory or Open Directory with a complicated network (such as multiple Kerberos realms), it is necessary to configure the existing krb5.conf file or create one from scratch. The krb5.conf file reflects proper Kerberos configuration information. Linux is distributed with a /etc/krb5.conf file that contains references to EXAMPLE.COM.
Step-By-Step Guide
- Open the krb5.conf file to edit its parameters. A typical default /etc/krb5.conf file looks like this:
[libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false
[realms] EXAMPLE.COM = { kdc = kerberos.example.com:88 admin_server = kerberos.example.com:749 default_domain = example.com }
[domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM -
[libdefaults]
– Set default to the Kerberos realm name for your network. For example:
[libdefaults] default_realm = KERIO.COM dns_lookup_realm = false dns_lookup_kdc = false -
Edit the
[realms]
information as follows:-
Change the EXAMPLE.COM realm name to the correct Kerberos realm name.
-
If no example realm exists, copy the one from the example krb5.conf file above.
-
Set 'kdc' and 'admin_server' to the fully qualified DNS hostname of the Open Directory or Active Directory server.
-
Set the default_domain to the DNS domain name bound to the realm.
Note: There can be multiple realms so Kerio MailServer can have multiple mail domains joined to different Kerberos realms. For example: if realm KERIO.COM, Open Directory master master.kerio.com, and DNS domain kerio.com, [realms] KERIO.COM = { kdc = master.kerio.com:88 admin_server = master.kerio.com:749 default_domain = kerio.com }
-
-
Edit the
[domain_realm]
information as follows:-
Change each instance of EXAMPLE.COM to your Kerberos realm name in uppercase.
-
Change each instance of example.com to your DNS domain name that is bound to the corresponding Kerberos realm.
Note: There can be similar entries in this section for other domains and their respective realms so Kerio MailServer can have different mail domains joined to different Kerberos realms. For example: if realm is KERIO.COM and the DNS domain is kerio.com, [default_realm] .kerio.com = KERIO.COM kerio.com = KERIO.COM
-
Confirmation:
The krb5.conf file reflects proper Kerberos configuration information.