[29151] in Kerberos
Re: Best Practice: Location of Kerberos Configuration Files for use
daemon@ATHENA.MIT.EDU (Danny Mayer)
Sun Jan 27 11:58:27 2008
Message-ID: <479CB7DB.5040808@ntp.isc.org>
Date: Sun, 27 Jan 2008 11:56:59 -0500
From: Danny Mayer <mayer@ntp.isc.org>
MIME-Version: 1.0
To: jaltman@secure-endpoints.com
In-Reply-To: <479BAFEE.4040500@secure-endpoints.com>
X-kostecke.net-MailScanner-From: mayer@ntp.isc.org
Cc: "'kerberos@mit.edu'" <kerberos@mit.edu>
Reply-To: mayer@ntp.isc.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Jeffrey Altman wrote:
> Due to the increased security provided by Vista and Server 2008 and the
> directory shadowing provided by the Wow64 environment, it is no longer
> acceptable to store application configuration files in either \WINDOWS
> or \Program Files directory trees.
> The proper location to store such files is under the \ProgramData
> directory on the boot disk. For MIT Kerberos the proper path to the
> krb5.ini file should therefore be c:\ProgramData\MIT\Kerberos\krb5.ini.
> This can be configured by defining the environment variable KRB5_CONFIG
> to point at that path. The Kerberos v4 configuration files use the
> KRB4_CONFIG environment variable to point not at the file but at the
> directory containing the file.
Jeff, it would be better if this were done in the registry rather than
an environmental variable. This is especially important with services
unless you go in and define a system environmental variable.
Danny
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
