diff options
Diffstat (limited to 'crypto/heimdal/lib/krb5/krb5.conf.5')
| -rw-r--r-- | crypto/heimdal/lib/krb5/krb5.conf.5 | 167 |
1 files changed, 0 insertions, 167 deletions
diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5 deleted file mode 100644 index 2a0adb6859dd..000000000000 --- a/crypto/heimdal/lib/krb5/krb5.conf.5 +++ /dev/null @@ -1,167 +0,0 @@ -.\" $Id: krb5.conf.5,v 1.7 1999/11/04 01:57:28 assar Exp $ -.\" -.Dd April 11, 1999 -.Dt KRB5.CONF 5 -.Os HEIMDAL -.Sh NAME -.Nm /etc/krb5.conf -.Nd -Configuration file for Kerberos 5 -.Sh DESCRIPTION -The -.Nm -file specifies several configuration parameters for the Kerberos 5 -library, as well as for some programs. -.Pp -The file consists of one or more sections, containing a number of -bindings. The value of each binding can be either a string or a list -of other bindings. The grammar looks like: -.Bd -literal -offset indent -file: - /* empty */ - sections - -sections: - section sections - section - -section: - '[' section_name ']' bindings - -section_name: - STRING - -bindings: - binding bindings - binding - -binding: - name '=' STRING - name '=' '{' bindings '}' - -name: - STRING - -.Ed -.Li STRINGs -consists of one or more non-white space characters. -Currently recognised sections and bindings are: - -.Bl -tag -width "xxx" -offset indent -.It Li [libdefaults] -.Bl -tag -width "xxx" -offset indent -.It Li default_realm = Va REALM -Default realm to use, this is also known as your -.Dq local realm . -The default is the result of -.Fn krb5_get_host_realm "local hostname" . -.It Li clockskew = Va time -Maximum time differential (in seconds) allowed when comparing -times. Default is 300 seconds (five minutes). -.It Li kdc_timeout = Va time -Maximum time to wait for a reply from the kdc, default is 3 seconds. -.It v4_name_convert -.It v4_instance_resolve -These are decribed in the -.Xr krb5_425_conv_principal 3 -manual page. -.It Li capath = Va realm-routing-table -.It Li default_etypes = Va etypes... -A list of default etypes to use. -.It Li default_etypes_des = Va etypes... -A list of default etypes to use when requesting a DES credential. -.It Li default_keytab_name = Va keytab -The keytab to use if none other is specified, default is -.Dq FILE:/etc/krb5.keytab . -.It Li kdc_timesync = Va boolean -Try to keep track of the time differential between the local machine -and the KDC, and then compensate for that when issuing requests. -.It Li max_retries = Va number -The max number of times to try to contact each KDC. -.It Li ticket_lifetime = Va time -Default ticket lifetime. -.It Li renew_lifetime = Va time -Default renewable ticket lifetime. -.It Li verify_ap_req_nofail = Va boolean -Enable to make a failure to verify obtained credentials -non-fatal. This can be useful if there is no keytab on a host. -.It Li warn_pwexpire = Va time -How soon to warn for expiring password. Default is seven days. -.It Li http_proxy = Va proxy-spec -A HTTP-proxy to use when talking to the KDC via HTTP. -.It Li dns_proxy = Va proxy-spec -Enable using DNS via HTTP. -.It Li extra_addresses = Va address... -A list of addresses to get tickets for along with all local addresses. -.It Li time_format = Va string -How to print time strings in logs, this string is passed to -.Xr strftime 3 . -.It Li log_utc = Va boolean -Write log-entries using UTC instead of your local time zone. -.El -.It Li [domain_realm] -This is a list of mappings from DNS domain to Kerberos realm. Each -binding in this section looks like: -.Pp -.Dl domain = realm -.Pp -The domain can be either a full name of a host or a trailing -component, in the latter case the domain-string should start with a -perid. -.It Li [realms] -.Bl -tag -width "xxx" -offset indent -.It Va REALM Li = { -.Bl -tag -width "xxx" -offset indent -.It Li kdc = Va host[:port] -Specifies a kdc for this realm. If the optional port is absent, the -default value for the -.Dq kerberos/udp -service will be used. -.It Li v4_instance_convert -.It Li v4_name_convert -.It Li default_domain -See -.Xr krb5_425_conv_principal 3 . -.El -.It Li } -.El -.It Li [logging] -.Bl -tag -width "xxx" -offset indent -.It Va entity Li = Va destination -Specifies that -.Va entity -should use the specified -.Li destination -for logging. See the -.Xr krb5_openlog 3 -manual page for a list of defined destinations. -.El -.El -.Sh EXAMPLE -.Bd -literal -offset indent -[lib_defaults] - default_domain = FOO.SE -[domain_realm] - .foo.se = FOO.SE - .bar.se = FOO.SE -[realms] - FOO.SE = { - kdc = kerberos.foo.se - v4_name_convert = { - rcmd = host - } - v4_instance_convert = { - xyz = xyz.bar.se - } - default_domain = foo.se - } -[logging] - kdc = FILE:/var/heimdal/kdc.log - kdc = SYSLOG:INFO - default = SYSLOG:INFO:USER -.Ed -.Sh SEE ALSO -.Xr krb5_openlog 3 , -.Xr krb5_425_conv_principal 3 , -.Xr strftime 3 , -.Xr Source tm |