add a bunch of Li and document [kadmin] password_lifetime; from Henry B. Hotz
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13535 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -148,8 +148,8 @@ times.
|
||||
Default is 300 seconds (five minutes).
|
||||
.It Li kdc_timeout = Va time
|
||||
Maximum time to wait for a reply from the kdc, default is 3 seconds.
|
||||
.It v4_name_convert
|
||||
.It v4_instance_resolve
|
||||
.It Li v4_name_convert
|
||||
.It Li v4_instance_resolve
|
||||
These are described in the
|
||||
.Xr krb5_425_conv_principal 3
|
||||
manual page.
|
||||
@@ -330,71 +330,74 @@ manual page for a list of defined destinations.
|
||||
.El
|
||||
.It Li [kdc]
|
||||
.Bl -tag -width "xxx" -offset indent
|
||||
.It database Li = {
|
||||
.It Li database Li = {
|
||||
.Bl -tag -width "xxx" -offset indent
|
||||
.It dbname Li = Va DATABASENAME
|
||||
.It Li dbname Li = Va DATABASENAME
|
||||
Use this database for this realm.
|
||||
.It realm Li = Va REALM
|
||||
.It Li realm Li = Va REALM
|
||||
Specifies the realm that will be stored in this database.
|
||||
.It mkey_file Li = Pa FILENAME
|
||||
.It Li mkey_file Li = Pa FILENAME
|
||||
Use this keytab file for the master key of this database.
|
||||
If not specified
|
||||
.Va DATABASENAME Ns .mkey
|
||||
will be used.
|
||||
.It acl_file Li = PA FILENAME
|
||||
.It Li acl_file Li = PA FILENAME
|
||||
Use this file for the ACL list of this database.
|
||||
.It log_file Li = Pa FILENAME
|
||||
.It Li log_file Li = Pa FILENAME
|
||||
Use this file as the log of changes performed to the database.
|
||||
This file is used by
|
||||
.Nm ipropd-master
|
||||
for propagating changes to slaves.
|
||||
.El
|
||||
.It Li }
|
||||
.It max-request = Va SIZE
|
||||
.It Li max-request = Va SIZE
|
||||
Maximum size of a kdc request.
|
||||
.It require-preauth = Va BOOL
|
||||
.It Li require-preauth = Va BOOL
|
||||
If set pre-authentication is required.
|
||||
Since krb4 requests are not pre-authenticated they will be rejected.
|
||||
.It ports = Va "list of ports"
|
||||
.It Li ports = Va "list of ports"
|
||||
List of ports the kdc should listen to.
|
||||
.It addresses = Va "list of interfaces"
|
||||
.It Li addresses = Va "list of interfaces"
|
||||
List of addresses the kdc should bind to.
|
||||
.It enable-kerberos4 = Va BOOL
|
||||
.It Li enable-kerberos4 = Va BOOL
|
||||
Turn on Kerberos 4 support.
|
||||
.It v4-realm = Va REALM
|
||||
.It Li v4-realm = Va REALM
|
||||
To what realm v4 requests should be mapped.
|
||||
.It enable-524 = Va BOOL
|
||||
.It Li enable-524 = Va BOOL
|
||||
Should the Kerberos 524 converting facility be turned on.
|
||||
Default is same as
|
||||
.Va enable-kerberos4 .
|
||||
.It enable-http = Va BOOL
|
||||
.It Li enable-http = Va BOOL
|
||||
Should the kdc answer kdc-requests over http.
|
||||
.It enable-kaserver = Va BOOL
|
||||
.It Li enable-kaserver = Va BOOL
|
||||
If this kdc should emulate the AFS kaserver.
|
||||
.It check-ticket-addresses = Va BOOL
|
||||
.It Li check-ticket-addresses = Va BOOL
|
||||
verify the addresses in the tickets used in tgs requests.
|
||||
.\" XXX
|
||||
.It allow-null-ticket-addresses = Va BOOL
|
||||
.It Li allow-null-ticket-addresses = Va BOOL
|
||||
Allow addresses-less tickets.
|
||||
.\" XXX
|
||||
.It allow-anonymous = Va BOOL
|
||||
.It Li allow-anonymous = Va BOOL
|
||||
If the kdc is allowed to hand out anonymous tickets.
|
||||
.It encode_as_rep_as_tgs_rep = Va BOOL
|
||||
.It Li encode_as_rep_as_tgs_rep = Va BOOL
|
||||
Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
|
||||
.\" XXX
|
||||
.It kdc_warn_pwexpire = Va TIME
|
||||
.It Li kdc_warn_pwexpire = Va TIME
|
||||
The time before expiration that the user should be warned that her
|
||||
password is about to expire.
|
||||
.It logging = Va Logging
|
||||
.It Li logging = Va Logging
|
||||
What type of logging the kdc should use, see also [logging]/kdc.
|
||||
.It use_2b = Va principal list
|
||||
.It Li use_2b = Va principal list
|
||||
List of principals to use AFS 2b tokens for.
|
||||
.El
|
||||
.It Li [kadmin]
|
||||
.Bl -tag -width "xxx" -offset indent
|
||||
.It require-preauth = Va BOOL
|
||||
.It Li require-preauth = Va BOOL
|
||||
If pre-authentication is required to talk to the kadmin server.
|
||||
.It default_keys = Va keytypes...
|
||||
.It Li password_lifetime = Va time
|
||||
If a principal already have its password set for expiration, this is
|
||||
the time it will be valid for after a change.
|
||||
.It Li default_keys = Va keytypes...
|
||||
for each entry in
|
||||
.Va default_keys
|
||||
try to parse it as a sequence of
|
||||
@@ -409,14 +412,14 @@ is omitted it means everything, and if string is omitted it means the
|
||||
default salt string (for that principal and encryption type).
|
||||
Additional special values of keytypes are:
|
||||
.Bl -tag -width "xxx" -offset indent
|
||||
.It v5
|
||||
.It Li v5
|
||||
The Kerberos 5 salt
|
||||
.Va pw-salt
|
||||
.It v4
|
||||
.It Li v4
|
||||
The Kerberos 4 salt
|
||||
.Va des:pw-salt:
|
||||
.El
|
||||
.It use_v4_salt = Va BOOL
|
||||
.It Li use_v4_salt = Va BOOL
|
||||
When true, this is the same as
|
||||
.Pp
|
||||
.Va default_keys = Va des3:pw-salt Va v4
|
||||
|
||||
Reference in New Issue
Block a user