[libdefaults] default_realm = IGROUP.COM ticket_lifetime = 24h renew

1. [libdefaults]
2. default_realm = IGROUP.COM
3. ticket_lifetime = 24h
4. renew_lifetime = 7d
5. forwardable = true
6.  
7. # The following krb5.conf variables are only for MIT Kerberos.
8. krb4_config = /etc/krb.conf
9. krb4_realms = /etc/krb.realms
10. kdc_timesync = 1
11. ccache_type = 4
12. forwardable = true
13. proxiable = true
14.  
15. # The following encryption type specification will be used by MIT Kerberos
16. # if uncommented. In general, the defaults in the MIT Kerberos code are
17. # correct and overriding these specifications only serves to disable new
18. # encryption types as they are added, creating interoperability problems.
19. #
20. # Thie only time when you might need to uncomment these lines and change
21. # the enctypes is if you have local software that will break on ticket
22. # caches containing ticket encryption types it doesn't know about (such as
23. # old versions of Sun Java).
24.  
25. # default_tgs_enctypes = des3-hmac-sha1
26. # default_tkt_enctypes = des3-hmac-sha1
27. # permitted_enctypes = des3-hmac-sha1
28.  
29. # The following libdefaults parameters are only for Heimdal Kerberos.
30. v4_instance_resolve = false
31. v4_name_convert = {
32. host = {
33. rcmd = host
34. ftp = ftp
35. }
36. plain = {
37. something = something-else
38. }
39. }
40. fcc-mit-ticketflags = true
41.  
42. [realms]
43. IGROUP.COM = {
44. kdc = igroup.com
45. admin_server = igroup.com
46. }
47.  
48. [kdcdefaults]
49. kdc_ports = 750,88
50.  
51. [realms]
52. IGROUP.COM = {
53. database_name = /var/lib/krb5kdc/principal
54. admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
55. acl_file = /etc/krb5kdc/kadm5.acl
56. key_stash_file = /etc/krb5kdc/stash
57. kdc_ports = 750,88
58. max_life = 10h 0m 0s
59. max_renewable_life = 7d 0h 0m 0s
60. master_key_type = des3-hmac-sha1
61. supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
62. default_principal_flags = +preauth
63. }
64.  
65. kdb5_util create -s
66.  
67. kadmin.local:addprinc -randkey host/ashokkrishna-Lenovo-B560
68. kadmin.local: ktadd -k /tmp/kdb5.keytab host/ashokkrishna-Lenovo-B560
69.  
70.  
71.  
72. ashokkrishna@10:04:56:~$ klist
73. Ticket cache: FILE:/tmp/krb5cc_1000_cK2wUG
74. Default principal: ashokkrishna@IGROUP.COM
75.  
76. Valid starting Expires Service principal
77. 2015-06-29T10:01:11 2015-06-29T20:01:11 krbtgt/IGROUP.COM@IGROUP.COM
78. renew until 2015-07-06T10:01:09
79.  
80. ashokkrishna@10:07:16:~$ sudo klist -k
81. Keytab name: FILE:/etc/krb5.keytab
82. KVNO Principal
83. ---- --------------------------------------------------------------------------
84. 2 host/ashokkrishna-Lenovo-B560@IGROUP.COM
85. 2 host/ashokkrishna-Lenovo-B560@IGROUP.COM
86. 2 host/ashokkrishna-Lenovo-B560@IGROUP.COM
87. 2 host/ashokkrishna-Lenovo-B560@IGROUP.COM
88.  
89. GSSAPIAuthentication yes
90. GSSAPICleanupCredentials yes
91.  
92. #ssh 127.0.0.1
93. The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
94. ECDSA key fingerprint is f9:6a:ea:81:fc:7a:b1:da:12:17:95:c6:5d:d5:25:7e.
95. Are you sure you want to continue connecting (yes/no)? yes
96. Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
97. ashokkrishna@127.0.0.1's password: