krb.realms - Contains configuration information that associates
host names with realm names
The /krb5/krb.realms file is a text file that associates
host names with their realm names. Secured applications
use the krb.realms file to determine the realm from which
to request a ticket to gain access to a service.
By default, the Tru64 UNIX operating system assumes the
uppercase equivalent of the host's domain is its realm
name. Thus, if your realm names are the uppercase equivalents
of your domain names, you do not need to configure
and maintain a krb.realms file.
Wildcards are special characters in the krb.realms file
that use one entry to map multiple hosts to a single
realm. When secured applications search the krb.realms
file, they check for a matching host name, then a matching
domain name. If they do not find a match, they check for a
There are two permitted wildcard characters: Use an asterisk
(*) with a domain name to specify all hosts that have
that domain root name. For example, *.biz.com specifies
all hosts in all domains ending in biz.com, such as
footwear.exec.biz.com. Use a question mark (?) in the
first field with a host or domain name to specify any letter.
For example, ???footwear.biz.com identifies any host
in the biz.com domain that has a name with any three letters
preceding footwear, such as bigfootwear.biz.com.
If no associated entry applies or the file does not exist,
the host's realm name is considered to be the host's
domain name converted to the uppercase letter equivalent.
Multiple entries can be added to the file to identify various
conversions from host names to realm names. The order
of the entries is not important.
To create comments, use the number sign (#). Any characters
after a number sign are ignored to the end of the
line. Blank lines and any leading or trailing white space
on a line are also ignored.
Each entry in the krb.realms file must be on a separate
line and requires the following two fields, separated by a
space or a tab: The first field is the host name. You can
use a domain name to associate each host in a domain with
the same realm name. When you specify a domain name, precede
the name with a period. The second field is the
associated realm name. By convention, realm names are in
uppercase letters to distinguish them visually from domain
names. Realm names are case sensitive; you must type the
correct case for the realm name if your site does not follow
the uppercase convention.
The following is an example of a krb.realms file:
footwear.biz.com SERIOUS.BIZ.COM #map host directly
.admin.biz.com ADMIN.BIZ.COM #all hosts in domain
*.biz.com BIZ.COM #all other hosts
The entries in this krb.realms file achieve the following:
Line one associates the host footwear.biz.com with the
SERIOUS.BIZ.COM realm. Line two associates all hosts in
the admin.biz.com domain with the ADMIN.BIZ.COM realm. The
preceding period identifies the first field as a domain
name rather than a host name. Typically, this line is not
required because the realm name is the uppercase letter
equivalent of the domain name. However, in this example,
it is required to prevent the third line from associating
the hosts in the admin.biz.com domain to the BIZ.COM
realm. Line three associates all other hosts in other
domains with the root name biz.com to the BIZ.COM realm.
For example, hosts in sales.biz.com and support.teams.biz.com
domains are mapped to the realm
[ Back ]