Client Machine Configuration Files
Each machine running Kerberos must have a /etc/krb5.conf file.
(See krb5.conf.)
Also, for most UNIX systems, you must add the appropriate Kerberos
services to each client machine's /etc/services file. If you are
using the default configuration for Kerberos V5, you should be able
to just insert the following code:
#
# Note --- if you are using Kerberos V4 and you either:
#
# (a) haven't converted all your master or slave KDCs to V5, or
#
# (b) are worried about inter-realm interoperability with other KDC's
# that are still using V4
#
# you will need to switch the "kerberos" service to port 750 and create a
# "kerberos-sec" service on port 88.
#
kerberos 88/udp kdc # Kerberos V5 KDC
kerberos 88/tcp kdc # Kerberos V5 KDC
klogin 543/tcp # Kerberos authenticated rlogin
kshell 544/tcp cmd # and remote shell
kerberos-adm 749/tcp # Kerberos 5 admin/changepw
kerberos-adm 749/udp # Kerberos 5 admin/changepw
krb5_prop 754/tcp # Kerberos slave propagation
eklogin 2105/tcp # Kerberos auth. & encrypted rlogin
krb524 4444/tcp # Kerberos 5 to 4 ticket translator
As described in the comments in the above code, if your master
KDC or any of your slave KDCs is running Kerberos V4, (or if you will be
authenticating to any Kerberos V4 KDCs in another realm) you will need
to switch the port number for kerberos to 750 and create a
kerberos-sec service (tcp and udp) on port 88, so the Kerberos
V4 KDC(s) will continue to work properly.
