spelling
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11595 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -115,7 +115,7 @@ A list of default etypes to use.
|
||||
.It Li default_etypes_des = Va etypes...
|
||||
A list of default etypes to use when requesting a DES credential.
|
||||
.It Li default_keytab_name = Va keytab
|
||||
The keytab to use if none other is specified, default is
|
||||
The keytab to use if no other is specified, default is
|
||||
.Dq FILE:/etc/krb5.keytab .
|
||||
.It Li dns_lookup_kdc = Va boolean
|
||||
Use DNS SRV records to lookup KDC services location.
|
||||
@@ -178,7 +178,7 @@ binding in this section looks like:
|
||||
.Pp
|
||||
The domain can be either a full name of a host or a trailing
|
||||
component, in the latter case the domain-string should start with a
|
||||
perid.
|
||||
period.
|
||||
The realm may be the token `dns_locate', in which case the actual
|
||||
realm will be determined using DNS (independently of the setting
|
||||
of the `dns_lookup_realm' option).
|
||||
@@ -214,9 +214,9 @@ and
|
||||
.Dq tcp .
|
||||
.It Li admin_server = Va host[:port]
|
||||
Specifies the admin server for this realm, where all the modifications
|
||||
to the database are perfomed.
|
||||
to the database are performed.
|
||||
.It Li kpasswd_server = Va host[:port]
|
||||
Points to the server where all the password changes are perfomed.
|
||||
Points to the server where all the password changes are performed.
|
||||
If there is no such entry, the kpasswd port on the admin_server host
|
||||
will be tried.
|
||||
.It Li krb524_server = Va Host[:port]
|
||||
@@ -246,18 +246,18 @@ manual page for a list of defined destinations.
|
||||
.It database Li = {
|
||||
.Bl -tag -width "xxx" -offset indent
|
||||
.It dbname Li = Va DATABASENAME
|
||||
use this database for this realm.
|
||||
Use this database for this realm.
|
||||
.It realm Li = Va REALM
|
||||
specifies the realm that will be stored in this database.
|
||||
Specifies the realm that will be stored in this database.
|
||||
.It mkey_file Li = Pa FILENAME
|
||||
use this keytab file for the master key of this database.
|
||||
Use this keytab file for the master key of this database.
|
||||
If not specified
|
||||
.Va DATABASENAME Ns .mkey
|
||||
will be used.
|
||||
.It acl_file Li = PA FILENAME
|
||||
use this file for the ACL list of this database.
|
||||
Use this file for the ACL list of this database.
|
||||
.It log_file Li = Pa FILENAME
|
||||
use this file as the log of changes performed to the database. This
|
||||
Use this file as the log of changes performed to the database. This
|
||||
file is used by
|
||||
.Nm ipropd-master
|
||||
for propagating changes to slaves.
|
||||
@@ -269,33 +269,34 @@ Maximum size of a kdc request.
|
||||
If set pre-authentication is required. Since krb4 requests are not
|
||||
pre-authenticated they will be rejected.
|
||||
.It ports = Va "list of ports"
|
||||
list of ports the kdc should listen to.
|
||||
List of ports the kdc should listen to.
|
||||
.It addresses = Va "list of interfaces"
|
||||
list of addresses the kdc should bind to.
|
||||
List of addresses the kdc should bind to.
|
||||
.It enable-kerberos4 = Va BOOL
|
||||
turn on kerberos4 support.
|
||||
Turn on kerberos4 support.
|
||||
.It v4-realm = Va REALM
|
||||
to what realm v4 requests should be mapped.
|
||||
To what realm v4 requests should be mapped.
|
||||
.It enable-524 = Va BOOL
|
||||
should the Kerberos 524 converting facility be turned on. Default is same as
|
||||
Should the Kerberos 524 converting facility be turned on.
|
||||
Default is same as
|
||||
.Va enable-kerberos4 .
|
||||
.It enable-http = Va BOOL
|
||||
should the kdc answer kdc-requests over http.
|
||||
Should the kdc answer kdc-requests over http.
|
||||
.It enable-kaserver = Va BOOL
|
||||
if this kdc should emulate the AFS kaserver.
|
||||
If this kdc should emulate the AFS kaserver.
|
||||
.It check-ticket-addresses = Va BOOL
|
||||
verify the addresses in the tickets used in tgs requests.
|
||||
.\" XXX
|
||||
.It allow-null-ticket-addresses = Va BOOL
|
||||
allow addresses-less tickets.
|
||||
Allow addresses-less tickets.
|
||||
.\" XXX
|
||||
.It allow-anonymous = Va BOOL
|
||||
if the kdc is allowed to hand out anonymous tickets.
|
||||
If the kdc is allowed to hand out anonymous tickets.
|
||||
.It encode_as_rep_as_tgs_rep = Va BOOL
|
||||
encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
|
||||
Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
|
||||
.\" XXX
|
||||
.It kdc_warn_pwexpire = Va TIME
|
||||
the time before expiration that the user should be warned that her
|
||||
The time before expiration that the user should be warned that her
|
||||
password is about to expire.
|
||||
.It logging = Va Logging
|
||||
What type of logging the kdc should use, see also [logging]/kdc.
|
||||
@@ -313,7 +314,7 @@ syntax of this if something like:
|
||||
.Pp
|
||||
[(des|des3|etype):](pw-salt|afs3-salt)[:string]
|
||||
.Pp
|
||||
if
|
||||
If
|
||||
.Ar etype
|
||||
is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are:
|
||||
.Bl -tag -width "xxx" -offset indent
|
||||
|
Reference in New Issue
Block a user