adclient.krb5.conf.file.custom

This configuration parameter enables the merging of custom krb5.conf entries into the original krb5.conf file. To use this parameter, you specify the keyword file: and the absolute path to a syntactically valid custom krb5.conf file.

For example:

adclient.krb5.conf.file.custom: file:/etc/custom.conf

By default, this parameter is not enabled, and the default value is an empty string.

After you enable this parameter, when krb5.conf is regenerated the additional directives in the custom krb5.conf file are merged into the original krb5.conf file, and conflicting lines are discarded.

The required format of the custom krb5.conf file is as follows:

[libdefaults]
keyword1 = value1
keyword2 = value2
[domain_realm]
domain = realm
hostname = realm
[realms]
REALM1 = {
tag1 = value1
tag2 = value2
}
REALM2 = {
tag1 = value1
}
[appdefaults]
to-be-copied-as-is
[capaths]
to-be-copied-as-is
[dbdefaults]
to-be-copied-as-is
[dbmodules]
to-be-copied-as-is
[kadmin]
to-be-copied-as-is
[kdc]
to-be-copied-as-is
[kdcdefaults]
to-be-copied-as-is
[logging]
to-be-copied-as-is
[login]
to-be-copied-as-is
[otp]
to-be-copied-as-is
[password_quality]
to-be-copied-as-is
[plugins]
to-be-copied-as-is

When you use this parameter, the following actions take place when the krb5.conf file is regenerated:

  • For the directives [libdefaults], [domain_realm], and [realms], the new keyword = value pairs from the custom krb5.conf file are added to the corresponding directive in the original krb5.conf file.

  • New realms from the custom krb5.conf file are added under [realms] in the original krb5.conf file.

  • If a keyword already exists in the original krb5.conf file, the keyword entry from the custom file is discarded.

  • For the additional sections [appdefaults], [capaths], [dbdefaults], [dbmodules], [kaadmin], [kdc], [kdcdefaults], [logging], [login], [otp], and[plugins], the entire section from the custom file is added directly into the original krb5.conf file, and any existing entries in those sections in the original krb5.conf file are overwritten.

  • Warning messages are displayed in the log for every conflict.

    The specified custom krb5.conf file must be owned by root.

    To use this parameter in a Mac environment, the configuration parameter adclient.krb5.autoedit must be set to true.