Commit | Line | Data |
---|---|---|
1c15e888 | 1 | # @(#)README 5.1 (Berkeley) 6/30/90 |
3a3708f4 KB |
2 | |
3 | Notes about the contents of the /etc/kerberosIV directory: | |
4 | ||
5 | The file master_key contains a copy of the master key under which the | |
6 | entire Kerberos database is encrypted. Disclosing this key would be bad | |
7 | news. The reason it is stored in the filesystem is because the following | |
8 | programs need to inspect or modify the kereros database, and so the key | |
9 | must be available for them, (or else it would have to be typed in by | |
10 | hand): | |
11 | - kerberos (the server itself) | |
12 | - registerd (for new user registration) | |
13 | - kpasswdd (for changing passwords) | |
14 | ||
15 | The srvtab file contains the encryption keys for each service on the local | |
16 | host. Any host offering network services would have a key here, although | |
17 | many such files can be used. | |
18 | ||
19 | The principal.* files comprise the Kerberos database itself, and contain | |
20 | keys for all principles, and should not be world-readable. | |
21 | ||
22 | The kerberos.conf file contains the configuration for this machine: | |
23 | - which realm I'm in | |
24 | - which servers I should talk to for this realm | |
25 | ||
26 | The kerberos.realms file contains the name of Kerberos servers for | |
27 | various (sub)domains. | |
28 | ||
29 | Kerberos log information it placed in /var/log/kerberos.log | |
30 | (see rc.local to change it) | |
31 | ||
32 | The register_keys directory contains a set of files (all of which begin | |
33 | with "."), each of which contains a des key used for registering new users | |
34 | with the system. It is used only by the "registerd" program, and only on | |
35 | a Kerberos server host. |