MIT Kerberos defaults
=====================
-The list of the site- and OS- dependent configuration
------------------------------------------------------
-
- ================================================== ============================================== =====================================
- \ Default Environment
- ================================================== ============================================== =====================================
- Keytab file FILE\:/etc/krb5.keytab KRB5_KTNAME
- Path to Kerberos configuration file /etc/krb5.conf:SYSCONFDIR/krb5.conf KRB5_CONFIG
- KDC configuration file LOCALSTATEDIR/krb5kdc/kdc.conf KRB5_KDC_PROFILE
- The location of the default database LOCALSTATEDIR/krb5kdc/principal
- Master key stash file location and prefix LOCALSTATEDIR/krb5kdc/.k5.
- (e.g., /usr/local/var/krb5kdc/.k5.YOURREALM)
- Admin Access Control List (ACL) file LOCALSTATEDIR/krb5kdc/krb5_adm.acl
- Admin ACL file used by old admin server LOCALSTATEDIR/krb5kdc/kadm_old.acl
- Kerberos database library path MODULEDIR/kdb
- Base directory where plugins are located LIBDIR/krb5/plugins
- Master key default enctype ENCTYPE_AES256_CTS_HMAC_SHA1_96
- The name of the replay cache used by KDC dfl:krb5kdc_rcache KRB5RCACHETYPE, KRB5RCACHENAME
- KDC portname used for /etc/services or equiv. "kerberos"
- KDC secondary portname for backward compatibility "kerberos-sec"
- KDC default port 88
- KDC default port for authentication 750
- Admin change password port 464
- KDC UDP default portlist "88,750"
- ================================================== ============================================== =====================================
-
-
-MAC OS specific
----------------
-
- ============================================================ ================================
- Path to Kerberos config file ~/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:SYSCONFDIR/krb5.conf
- Base directory where krb5 plugins are located /System/Library/KerberosPlugins/KerberosFrameworkPlugins
- Base directory where Kerberos databadse plugins are located /System/Library/KerberosPlugins/KerberosDatabasePlugins
- Base directory where authorization data plugins are located /System/Library/KerberosPlugins/KerberosAuthDataPlugins
- ============================================================ ================================
-
-
-Windows specific
+General defaults
----------------
- ======================================= ====================================================
- Kerberos config file name krb5.ini
- Keytab file name FILE\:%s\\krb5kt (for example, C:\\WINDOWS\\krb5kt)
- ======================================= ====================================================
-
-
-Defaults for the KADM5 admin system
+========================== ============================= ====================
+Description Default Environment
+========================== ============================= ====================
+Keytab file ``FILE:``\ |keytab| **KRB5_KTNAME**
+Kerberos config file |krb5conf|\ ``:``\ **KRB5_CONFIG**
+ |sysconfdir|\ ``/krb5.conf``
+KDC config file |kdcdir|\ ``/kdc.conf`` **KRB5_KDC_PROFILE**
+KDC database path (DB2) |kdcdir|\ ``/principal``
+Master key stash file |kdcdir|\ ``/.k5.``\ *realm*
+Admin server ACL file |kdcdir|\ ``/kadm5.acl``
+Plugin base directory |libdir|\ ``/krb5/plugins``
+Replay cache directory ``/var/tmp`` **KRB5RCACHEDIR**
+Master key default enctype |defmkey|
+Supported enc/salt types |defkeysalts|
+Permitted enctypes |defetypes|
+KDC default port 88
+Second KDC default port 750
+Admin server port 749
+Password change port 464
+========================== ============================= ====================
+
+
+Slave KDC propagation defaults
+------------------------------
+
+This table shows defaults used by the :ref:`kprop(8)` and
+:ref:`kpropd(8)` programs.
+
+========================== ============================== ===========
+Description Default Environment
+========================== ============================== ===========
+kprop database dump file |kdcdir|\ ``/slave_datatrans``
+kpropd temporary dump file |kdcdir|\ ``/from_master``
+kdb5_util location |sbindir|\ ``/kdb5_util``
+kprop location |sbindir|\ ``/kprop``
+kpropd ACL file |kdcdir|\ ``/kpropd.acl``
+kprop port 754 KPROP_PORT
+========================== ============================== ===========
+
+
+Default paths for Unix-like systems
-----------------------------------
- ====================================================================== ====================================== ==============================
- \ Default Environment
- ====================================================================== ====================================== ==============================
- Admin keytab file LOCALSTATEDIR/krb5kdc/kadm5.keytab KRB5_KTNAME
- Admin ACL file that defines access rights to the Kerberos database LOCALSTATEDIR/krb5kdc/kadm5.acl
- Admin server default port 749
- Default supported enctype/salttype matrix aes256-cts-hmac-sha1-96:normal
- aes128-cts-hmac-sha1-96:normal
- des3-cbc-sha1:normal
- arcfour-hmac-md5:normal
- Max datagram size 4096
- Directory to store replay caches KRB5RCTMPDIR KRB5RCACHEDIR
- Kerberized login program SBINDIR/login.krb5
- Kerberized remote login program BINDIR/rlogin
- ====================================================================== ====================================== ==============================
-
-
-krb5 *slave* support
---------------------
-
- ============================================================ ======================================= ===============================
- \ Default Environment
- ============================================================ ======================================= ===============================
- kprop database dump file LOCALSTATEDIR/krb5kdc/slave_datatrans
- kpropd temporary database file LOCALSTATEDIR/krb5kdc/from_master
- Location of the utility used to load the principal database SBINDIR/kdb5_util
- kpropd default kprop SBINDIR/kprop
- kpropd principal database location LOCALSTATEDIR/krb5kdc/principal
- kpropd ACL file LOCALSTATEDIR/krb5kdc/kpropd.acl
- kprop port 754 KPROP_PORT
- ============================================================ ======================================= ===============================
-
-
-Site- and system-wide initialization for the code compiled on Linux or Solaris
-------------------------------------------------------------------------------
-
- ===================== ============================== =================
- BINDIR /usr/local/bin/
- KRB5RCTMPDIR /var/tmp
- LIBDIR /usr/local/lib/ krb5 library directory
- LOCALSTATEDIR /usr/local/var/
- MODULEDIR /usr/local/lib/krb5/plugins/ krb5 static plugins directory
- SBINDIR /usr/local/sbin/
- SYSCONFDIR /usr/local/etc/
- ===================== ============================== =================
-
-
+On Unix-like systems, some paths used by MIT krb5 depend on parameters
+chosen at build time. For a custom build, these paths default to
+subdirectories of ``/usr/local``. When MIT krb5 is integrated into an
+operating system, the paths are generally chosen to match the
+operating system's filesystem layout.
+
+======================= =============== =================== ===============
+Description Symbolic name Custom build path Typical OS path
+======================= =============== =================== ===============
+User programs BINDIR ``/usr/local/bin`` ``/usr/bin``
+Libraries and plugins LIBDIR ``/usr/local/lib`` ``/usr/lib``
+Parent of KDC state dir LOCALSTATEDIR ``/usr/local/var`` ``/var``
+Administrative programs SBINDIR ``/usr/local/sbin`` ``/usr/sbin``
+Alternate krb5.conf dir SYSCONFDIR ``/usr/local/etc`` ``/etc``
+======================= =============== =================== ===============