Kerberos Properties Command, Ctrl+K

When you select this from the Options menu, Leash will display a tabbed window. The box within this window has four tabs:

Default Realm Configuration:
Default Realm Configuration

There are two groups, the Kerberos Realm/Host Server and the Computer Host/Domain Name.

Kerberos Realm/Host Server: In the Your Kerberos Realm field, select a Kerberos realm from the dropdown list. The list is editable using the Realm/Server Mapping tab. Leash automatically fills in your Kerberos server with the first server in the "Servers Hosting a KDC" list on the Realm/Server Mappings tab.

Computer Host/Domain Name: The field labeled Your Computer's Host Name displays the name of your local machine.  The Your Computer's Domain Name field displays the domain to which your local machine currently belongs.

Ticket Lifetime and Other Initialization Options:
Ticket Lifetime

<>There are two expiration times associated with Kerberos tickets.  The first specifies the length of the time period during which the tickets are valid for use.  The second specifies the length of the renewable lifetime.  Valid Kerberos tickets may have their valid use lifetime repeatedly extended up until the renewable lifetime expires.  The settings on this page are used to configure default lifetime values for Leash to use when requesting Kerberos tickets from the Kerberos server (key distribution center).  The Kerberos server may issue tickets with shorter lifetimes than were requested.

The minimum and maximum values are used by the ticket initialization dialog box when constructing the Lifetime and Renewable Lifetime sliders.  These sliders can be used to modify the requested ticket lifetimes when Kerberos tickets are initialized.

When the Request Kerberos 4 credentials button is checked, Leash will attempt to retrieve Kerberos 4 credentials when ticket initialization, renewal, or importation is performed.  Leash will attempt a Kerberos 5 to Kerberos 4 conversion and if that fails an initial Kerberos 4 ticket request will be generated.  Kerberos realms are increasingly configured to support on Kerberos 5.  If the realms you use do not support Kerberos 4 it is suggested that this button be unchecked. <> 

When the Preserve Ticket Initialization Options button is checked, changes to the Lifetime, Renewable Lifetime, and Kerberos 5 ticket properties on the Ticket Initialization Dialog will be saved as the new default values for the current user.

Realm/Server Mapping:
Realm / Server Mapping

The Kerberos Realms list box is used to add, remove or rename realms from the local Kerberos configuration files. To add a new realm, click on the Insert button beneath the Kerberos Realms list box.  In the dialog, type the name of the new realm and click OK.  However, for the realm to be inserted, it needs one or more servers.  Immediately after you enter the new realm name, you will be prompted for the names of one Kerberos server in that realm.  If you do not enter a server name, Leash will not insert the realm.

To add servers to an existing realm, select the realm from the Kerberos Realms list box and click the Insert button under Servers Hosting a KDC list box.  You will be prompted for the name of the new server.  You can also remove servers, and designate either one or none as the administrative server.  (The administrative server is the preferred server for performing password changes.)  

By clicking and dragging on the server that you want to move, you can change their order; this is important because the server listed at the top appears in this window under the Default Realm Configuration tab as the value for Your Kerberos Server.

The Use DNS KDC Lookup checkbox is used to specify whether or not Kerberos should utilize the domain name service to attempt to find Kerberos Servers when the existing listed servers are not available.

DNS/Realm Mapping:
DNS / Realm Mapping

Each entry here consists of two portions: the domain name (such as .mit.edu) or hostname (such as dialup.athena.mit.edu) followed by a space and the Kerberos realm (such as ATHENA.MIT.EDU) which is used by that domain or machine.  You can insert new entries, edit existing ones, or delete old entries.