The krb5.conf file contains Kerberos configuration information. Typically, the default realm name and the KDC name for that realm are specified in the krb5.conf file. However, you can specify the realm and KDC names directly in your application with the java.security.krb5.realm and java.security.krb5.kdc system properties. Setting these system properties will override the settings in the krb5.conf file.

When a client application does not use the java.security.krb5.realm and java.security.krb5.kdc system properties, the JVM looks for a krb5.conf file that contains the realm and KDC names. The JVM first looks for the krb5.conf file in the location specified with the java.security.krb5.conf system property. If this system property has not been used, then the JVM continues looking for the krb5.conf file using an internal algorithm. Refer to your vendor's JVM documentation for the list of directories that the JVM searches in order to find the krb5.conf file.

During installation, a krb5.conf file is installed in the /lib directory of the product installation directory. The installed krb5.conf file contains generic syntax for setting the default realm name and the KDC name for that realm. If you are not already using another krb5.conf file for your Kerberos implementation, you can modify it to suit your environment. However, you will either need to specify the location of this file using the java.security.krb5.conf system property, or you will need to add the file to a directory where it may be found by your JVM.

Depending on your environment, other modifications may need to be made to your krb5.conf file. Refer to the following resources for more information on the Kerberos configuration and the krb5.conf file.

  • Your database vendor documentation
  • "Keberos Requirements" in Java™ Documentation
  • "krb5.conf" in MIT Kerberos Documentation