Kerberos update krb5.conf

Intended for:

Kerberos users.

Scenario/Use case:

Update krb5.conf to newest version.

Instructions:

Updates included in krb5.conf v5.5:

• Updated [libdefaults] area:
  
  • Moved information around to be grouped together to clarify which options are related to each other.
  • Default realm is moved to the top.
  • Added dns_lookup_kdc = true to permit unconfigured Realms to be fetched from DNS.
  • Grouped together ticket information.
  • Set ticket_lifetime to 26h instead of 1560m.
  • Grouped encryption types together, including allow_weak_crypto = true.
  • Removed ccache_type = 4, autologin = true, forward = true, renewable = true, encrypt = true.
  • Removed options are no longer valid.
    
    
• Updated [appdefaults] area:
  • Removed default_lifetime = 7d, autologin = true, forward = true.
  • Removed telnet, rcp, rsh, rlogin, login, kinit, ftpd, and pam.
    • Applications removed are no longer used or necessary.

For information on all version changes, please review the bottom of the krb5.conf file.

How to update krb5.conf

Linux/Unix

• SLF6 (depending on the system)

                 yum update krb5-fermi-krb5.conf
           or
                yum update krb5-fermi-config

• SL7

               yum update fermilab-conf_kerberos

• Other

            Back up the existing file. Download the update here and manually replace the existing file.

Mac OS 

• Fermilab-Managed device

             Install from the Self Service app.

• Other

             Download the update here and manually replace the existing file.

Windows 

• Domain/Fermilab Managed

             Install from the Software Center.

• Other

             Backup existing file. Download the update here and manually replace the existing file.

How to revert to previous version of krb5.conf

 Linux/Unix

                 yum downgrade krb5-fermi-krb5.conf
           or
                yum downgrade krb5-fermi-config
           depending on the system

• SL7

               yum downgrade fermilab-conf_kerberos

• Other

            Manually replace the file from back up. 

If you have installed the krb5.conf file from Self Service, previous version of the file will be backed up locally.

Mac OS

If you have installed krb5.conf file from Self Service, the previous version of the file will be backed up locally. Manually replace the file from back up. The back up location is: /etc/krb5.conf-original

Windows 

If you have installed the krb5.conf file from the Software Center, the previous version of the file will be backed up locally. Manually replace the file from back up. The back up location is C:\ProgramData\Kerberos\krb5(DateStamp).bak, where DateStamp depends on the installation date.

See Also:

The previous version for all operating systems is also available here: 

https://metrics.fnal.gov/authentication/krb5conf/