diff options
Diffstat (limited to 'crypto/heimdal/lib/krb5/krb5.conf.5')
| -rw-r--r-- | crypto/heimdal/lib/krb5/krb5.conf.5 | 167 |
1 files changed, 167 insertions, 0 deletions
diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5 new file mode 100644 index 000000000000..2a0adb6859dd --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5.conf.5 @@ -0,0 +1,167 @@ +.\" $Id: krb5.conf.5,v 1.7 1999/11/04 01:57:28 assar Exp $ +.\" +.Dd April 11, 1999 +.Dt KRB5.CONF 5 +.Os HEIMDAL +.Sh NAME +.Nm /etc/krb5.conf +.Nd +Configuration file for Kerberos 5 +.Sh DESCRIPTION +The +.Nm +file specifies several configuration parameters for the Kerberos 5 +library, as well as for some programs. +.Pp +The file consists of one or more sections, containing a number of +bindings. The value of each binding can be either a string or a list +of other bindings. The grammar looks like: +.Bd -literal -offset indent +file: + /* empty */ + sections + +sections: + section sections + section + +section: + '[' section_name ']' bindings + +section_name: + STRING + +bindings: + binding bindings + binding + +binding: + name '=' STRING + name '=' '{' bindings '}' + +name: + STRING + +.Ed +.Li STRINGs +consists of one or more non-white space characters. +Currently recognised sections and bindings are: + +.Bl -tag -width "xxx" -offset indent +.It Li [libdefaults] +.Bl -tag -width "xxx" -offset indent +.It Li default_realm = Va REALM +Default realm to use, this is also known as your +.Dq local realm . +The default is the result of +.Fn krb5_get_host_realm "local hostname" . +.It Li clockskew = Va time +Maximum time differential (in seconds) allowed when comparing +times. Default is 300 seconds (five minutes). +.It Li kdc_timeout = Va time +Maximum time to wait for a reply from the kdc, default is 3 seconds. +.It v4_name_convert +.It v4_instance_resolve +These are decribed in the +.Xr krb5_425_conv_principal 3 +manual page. +.It Li capath = Va realm-routing-table +.It Li default_etypes = Va etypes... +A list of default etypes to use. +.It Li default_etypes_des = Va etypes... +A list of default etypes to use when requesting a DES credential. +.It Li default_keytab_name = Va keytab +The keytab to use if none other is specified, default is +.Dq FILE:/etc/krb5.keytab . +.It Li kdc_timesync = Va boolean +Try to keep track of the time differential between the local machine +and the KDC, and then compensate for that when issuing requests. +.It Li max_retries = Va number +The max number of times to try to contact each KDC. +.It Li ticket_lifetime = Va time +Default ticket lifetime. +.It Li renew_lifetime = Va time +Default renewable ticket lifetime. +.It Li verify_ap_req_nofail = Va boolean +Enable to make a failure to verify obtained credentials +non-fatal. This can be useful if there is no keytab on a host. +.It Li warn_pwexpire = Va time +How soon to warn for expiring password. Default is seven days. +.It Li http_proxy = Va proxy-spec +A HTTP-proxy to use when talking to the KDC via HTTP. +.It Li dns_proxy = Va proxy-spec +Enable using DNS via HTTP. +.It Li extra_addresses = Va address... +A list of addresses to get tickets for along with all local addresses. +.It Li time_format = Va string +How to print time strings in logs, this string is passed to +.Xr strftime 3 . +.It Li log_utc = Va boolean +Write log-entries using UTC instead of your local time zone. +.El +.It Li [domain_realm] +This is a list of mappings from DNS domain to Kerberos realm. Each +binding in this section looks like: +.Pp +.Dl domain = realm +.Pp +The domain can be either a full name of a host or a trailing +component, in the latter case the domain-string should start with a +perid. +.It Li [realms] +.Bl -tag -width "xxx" -offset indent +.It Va REALM Li = { +.Bl -tag -width "xxx" -offset indent +.It Li kdc = Va host[:port] +Specifies a kdc for this realm. If the optional port is absent, the +default value for the +.Dq kerberos/udp +service will be used. +.It Li v4_instance_convert +.It Li v4_name_convert +.It Li default_domain +See +.Xr krb5_425_conv_principal 3 . +.El +.It Li } +.El +.It Li [logging] +.Bl -tag -width "xxx" -offset indent +.It Va entity Li = Va destination +Specifies that +.Va entity +should use the specified +.Li destination +for logging. See the +.Xr krb5_openlog 3 +manual page for a list of defined destinations. +.El +.El +.Sh EXAMPLE +.Bd -literal -offset indent +[lib_defaults] + default_domain = FOO.SE +[domain_realm] + .foo.se = FOO.SE + .bar.se = FOO.SE +[realms] + FOO.SE = { + kdc = kerberos.foo.se + v4_name_convert = { + rcmd = host + } + v4_instance_convert = { + xyz = xyz.bar.se + } + default_domain = foo.se + } +[logging] + kdc = FILE:/var/heimdal/kdc.log + kdc = SYSLOG:INFO + default = SYSLOG:INFO:USER +.Ed +.Sh SEE ALSO +.Xr krb5_openlog 3 , +.Xr krb5_425_conv_principal 3 , +.Xr strftime 3 , +.Xr Source tm |