add a bunch of Li and document [kadmin] password_lifetime; from Henry B. Hotz
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13535 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -148,8 +148,8 @@ times.
|
|||||||
Default is 300 seconds (five minutes).
|
Default is 300 seconds (five minutes).
|
||||||
.It Li kdc_timeout = Va time
|
.It Li kdc_timeout = Va time
|
||||||
Maximum time to wait for a reply from the kdc, default is 3 seconds.
|
Maximum time to wait for a reply from the kdc, default is 3 seconds.
|
||||||
.It v4_name_convert
|
.It Li v4_name_convert
|
||||||
.It v4_instance_resolve
|
.It Li v4_instance_resolve
|
||||||
These are described in the
|
These are described in the
|
||||||
.Xr krb5_425_conv_principal 3
|
.Xr krb5_425_conv_principal 3
|
||||||
manual page.
|
manual page.
|
||||||
@@ -330,71 +330,74 @@ manual page for a list of defined destinations.
|
|||||||
.El
|
.El
|
||||||
.It Li [kdc]
|
.It Li [kdc]
|
||||||
.Bl -tag -width "xxx" -offset indent
|
.Bl -tag -width "xxx" -offset indent
|
||||||
.It database Li = {
|
.It Li database Li = {
|
||||||
.Bl -tag -width "xxx" -offset indent
|
.Bl -tag -width "xxx" -offset indent
|
||||||
.It dbname Li = Va DATABASENAME
|
.It Li dbname Li = Va DATABASENAME
|
||||||
Use this database for this realm.
|
Use this database for this realm.
|
||||||
.It realm Li = Va REALM
|
.It Li realm Li = Va REALM
|
||||||
Specifies the realm that will be stored in this database.
|
Specifies the realm that will be stored in this database.
|
||||||
.It mkey_file Li = Pa FILENAME
|
.It Li mkey_file Li = Pa FILENAME
|
||||||
Use this keytab file for the master key of this database.
|
Use this keytab file for the master key of this database.
|
||||||
If not specified
|
If not specified
|
||||||
.Va DATABASENAME Ns .mkey
|
.Va DATABASENAME Ns .mkey
|
||||||
will be used.
|
will be used.
|
||||||
.It acl_file Li = PA FILENAME
|
.It Li acl_file Li = PA FILENAME
|
||||||
Use this file for the ACL list of this database.
|
Use this file for the ACL list of this database.
|
||||||
.It log_file Li = Pa FILENAME
|
.It Li log_file Li = Pa FILENAME
|
||||||
Use this file as the log of changes performed to the database.
|
Use this file as the log of changes performed to the database.
|
||||||
This file is used by
|
This file is used by
|
||||||
.Nm ipropd-master
|
.Nm ipropd-master
|
||||||
for propagating changes to slaves.
|
for propagating changes to slaves.
|
||||||
.El
|
.El
|
||||||
.It Li }
|
.It Li }
|
||||||
.It max-request = Va SIZE
|
.It Li max-request = Va SIZE
|
||||||
Maximum size of a kdc request.
|
Maximum size of a kdc request.
|
||||||
.It require-preauth = Va BOOL
|
.It Li require-preauth = Va BOOL
|
||||||
If set pre-authentication is required.
|
If set pre-authentication is required.
|
||||||
Since krb4 requests are not pre-authenticated they will be rejected.
|
Since krb4 requests are not pre-authenticated they will be rejected.
|
||||||
.It ports = Va "list of ports"
|
.It Li ports = Va "list of ports"
|
||||||
List of ports the kdc should listen to.
|
List of ports the kdc should listen to.
|
||||||
.It addresses = Va "list of interfaces"
|
.It Li addresses = Va "list of interfaces"
|
||||||
List of addresses the kdc should bind to.
|
List of addresses the kdc should bind to.
|
||||||
.It enable-kerberos4 = Va BOOL
|
.It Li enable-kerberos4 = Va BOOL
|
||||||
Turn on Kerberos 4 support.
|
Turn on Kerberos 4 support.
|
||||||
.It v4-realm = Va REALM
|
.It Li v4-realm = Va REALM
|
||||||
To what realm v4 requests should be mapped.
|
To what realm v4 requests should be mapped.
|
||||||
.It enable-524 = Va BOOL
|
.It Li enable-524 = Va BOOL
|
||||||
Should the Kerberos 524 converting facility be turned on.
|
Should the Kerberos 524 converting facility be turned on.
|
||||||
Default is same as
|
Default is same as
|
||||||
.Va enable-kerberos4 .
|
.Va enable-kerberos4 .
|
||||||
.It enable-http = Va BOOL
|
.It Li enable-http = Va BOOL
|
||||||
Should the kdc answer kdc-requests over http.
|
Should the kdc answer kdc-requests over http.
|
||||||
.It enable-kaserver = Va BOOL
|
.It Li enable-kaserver = Va BOOL
|
||||||
If this kdc should emulate the AFS kaserver.
|
If this kdc should emulate the AFS kaserver.
|
||||||
.It check-ticket-addresses = Va BOOL
|
.It Li check-ticket-addresses = Va BOOL
|
||||||
verify the addresses in the tickets used in tgs requests.
|
verify the addresses in the tickets used in tgs requests.
|
||||||
.\" XXX
|
.\" XXX
|
||||||
.It allow-null-ticket-addresses = Va BOOL
|
.It Li allow-null-ticket-addresses = Va BOOL
|
||||||
Allow addresses-less tickets.
|
Allow addresses-less tickets.
|
||||||
.\" XXX
|
.\" XXX
|
||||||
.It allow-anonymous = Va BOOL
|
.It Li allow-anonymous = Va BOOL
|
||||||
If the kdc is allowed to hand out anonymous tickets.
|
If the kdc is allowed to hand out anonymous tickets.
|
||||||
.It encode_as_rep_as_tgs_rep = Va BOOL
|
.It Li encode_as_rep_as_tgs_rep = Va BOOL
|
||||||
Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
|
Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
|
||||||
.\" XXX
|
.\" XXX
|
||||||
.It kdc_warn_pwexpire = Va TIME
|
.It Li kdc_warn_pwexpire = Va TIME
|
||||||
The time before expiration that the user should be warned that her
|
The time before expiration that the user should be warned that her
|
||||||
password is about to expire.
|
password is about to expire.
|
||||||
.It logging = Va Logging
|
.It Li logging = Va Logging
|
||||||
What type of logging the kdc should use, see also [logging]/kdc.
|
What type of logging the kdc should use, see also [logging]/kdc.
|
||||||
.It use_2b = Va principal list
|
.It Li use_2b = Va principal list
|
||||||
List of principals to use AFS 2b tokens for.
|
List of principals to use AFS 2b tokens for.
|
||||||
.El
|
.El
|
||||||
.It Li [kadmin]
|
.It Li [kadmin]
|
||||||
.Bl -tag -width "xxx" -offset indent
|
.Bl -tag -width "xxx" -offset indent
|
||||||
.It require-preauth = Va BOOL
|
.It Li require-preauth = Va BOOL
|
||||||
If pre-authentication is required to talk to the kadmin server.
|
If pre-authentication is required to talk to the kadmin server.
|
||||||
.It default_keys = Va keytypes...
|
.It Li password_lifetime = Va time
|
||||||
|
If a principal already have its password set for expiration, this is
|
||||||
|
the time it will be valid for after a change.
|
||||||
|
.It Li default_keys = Va keytypes...
|
||||||
for each entry in
|
for each entry in
|
||||||
.Va default_keys
|
.Va default_keys
|
||||||
try to parse it as a sequence of
|
try to parse it as a sequence of
|
||||||
@@ -409,14 +412,14 @@ is omitted it means everything, and if string is omitted it means the
|
|||||||
default salt string (for that principal and encryption type).
|
default salt string (for that principal and encryption type).
|
||||||
Additional special values of keytypes are:
|
Additional special values of keytypes are:
|
||||||
.Bl -tag -width "xxx" -offset indent
|
.Bl -tag -width "xxx" -offset indent
|
||||||
.It v5
|
.It Li v5
|
||||||
The Kerberos 5 salt
|
The Kerberos 5 salt
|
||||||
.Va pw-salt
|
.Va pw-salt
|
||||||
.It v4
|
.It Li v4
|
||||||
The Kerberos 4 salt
|
The Kerberos 4 salt
|
||||||
.Va des:pw-salt:
|
.Va des:pw-salt:
|
||||||
.El
|
.El
|
||||||
.It use_v4_salt = Va BOOL
|
.It Li use_v4_salt = Va BOOL
|
||||||
When true, this is the same as
|
When true, this is the same as
|
||||||
.Pp
|
.Pp
|
||||||
.Va default_keys = Va des3:pw-salt Va v4
|
.Va default_keys = Va des3:pw-salt Va v4
|
||||||
|
|||||||
Reference in New Issue
Block a user