Kerberos update krb5.conf
Intended for:
Kerberos users.
Scenario/Use case:
Update krb5.conf to newest version.
Instructions:
Updates included in krb5.conf v5.5:
- Updated [libdefaults] area:
- Moved information around to be grouped together to clarify which options are related to each other.
- Default realm is moved to the top.
- Added dns_lookup_kdc = true to permit unconfigured Realms to be fetched from DNS.
- Grouped together ticket information.
- Set ticket_lifetime to 26h instead of 1560m.
- Grouped encryption types together, including allow_weak_crypto = true.
- Removed ccache_type = 4, autologin = true, forward = true, renewable = true, encrypt = true.
- Removed options are no longer valid.
- Updated [appdefaults] area:
- Removed default_lifetime = 7d, autologin = true, forward = true.
- Removed telnet, rcp, rsh, rlogin, login, kinit, ftpd, and pam.
- Applications removed are no longer used or necessary.
For information on all version changes, please review the bottom of the krb5.conf file.
How to update krb5.conf
Linux/Unix
- SLF6 (depending on the system)
yum update krb5-fermi-krb5.conf
or
yum update krb5-fermi-config
- SL7
yum update fermilab-conf_kerberos
- Other
Back up the existing file. Download the update here and manually replace the existing file.
Mac OS
- Fermilab-Managed device
Install from the Self Service app.
- Other
Download the update here and manually replace the existing file.
Windows
- Domain/Fermilab Managed
Install from the Software Center.
- Other
Backup existing file. Download the update here and manually replace the existing file.
How to revert to previous version of krb5.conf
Linux/Unix
yum downgrade krb5-fermi-krb5.conf
or
yum downgrade krb5-fermi-config
depending on the system
- SL7
yum downgrade fermilab-conf_kerberos
- Other
Manually replace the file from back up.
If you have installed the krb5.conf file from Self Service, previous version of the file will be backed up locally.
Mac OS
If you have installed krb5.conf file from Self Service, the previous version of the file will be backed up locally. Manually replace the file from back up. The back up location is: /etc/krb5.conf-original
Windows
If you have installed the krb5.conf file from the Software Center, the previous version of the file will be backed up locally. Manually replace the file from back up. The back up location is C:\ProgramData\Kerberos\krb5(DateStamp).bak, where DateStamp depends on the installation date.
See Also:
The previous version for all operating systems is also available here:
https://metrics.fnal.gov/authentication/krb5conf/