spelling
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11595 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -115,7 +115,7 @@ A list of default etypes to use.
|
|||||||
.It Li default_etypes_des = Va etypes...
|
.It Li default_etypes_des = Va etypes...
|
||||||
A list of default etypes to use when requesting a DES credential.
|
A list of default etypes to use when requesting a DES credential.
|
||||||
.It Li default_keytab_name = Va keytab
|
.It Li default_keytab_name = Va keytab
|
||||||
The keytab to use if none other is specified, default is
|
The keytab to use if no other is specified, default is
|
||||||
.Dq FILE:/etc/krb5.keytab .
|
.Dq FILE:/etc/krb5.keytab .
|
||||||
.It Li dns_lookup_kdc = Va boolean
|
.It Li dns_lookup_kdc = Va boolean
|
||||||
Use DNS SRV records to lookup KDC services location.
|
Use DNS SRV records to lookup KDC services location.
|
||||||
@@ -178,7 +178,7 @@ binding in this section looks like:
|
|||||||
.Pp
|
.Pp
|
||||||
The domain can be either a full name of a host or a trailing
|
The domain can be either a full name of a host or a trailing
|
||||||
component, in the latter case the domain-string should start with a
|
component, in the latter case the domain-string should start with a
|
||||||
perid.
|
period.
|
||||||
The realm may be the token `dns_locate', in which case the actual
|
The realm may be the token `dns_locate', in which case the actual
|
||||||
realm will be determined using DNS (independently of the setting
|
realm will be determined using DNS (independently of the setting
|
||||||
of the `dns_lookup_realm' option).
|
of the `dns_lookup_realm' option).
|
||||||
@@ -214,9 +214,9 @@ and
|
|||||||
.Dq tcp .
|
.Dq tcp .
|
||||||
.It Li admin_server = Va host[:port]
|
.It Li admin_server = Va host[:port]
|
||||||
Specifies the admin server for this realm, where all the modifications
|
Specifies the admin server for this realm, where all the modifications
|
||||||
to the database are perfomed.
|
to the database are performed.
|
||||||
.It Li kpasswd_server = Va host[:port]
|
.It Li kpasswd_server = Va host[:port]
|
||||||
Points to the server where all the password changes are perfomed.
|
Points to the server where all the password changes are performed.
|
||||||
If there is no such entry, the kpasswd port on the admin_server host
|
If there is no such entry, the kpasswd port on the admin_server host
|
||||||
will be tried.
|
will be tried.
|
||||||
.It Li krb524_server = Va Host[:port]
|
.It Li krb524_server = Va Host[:port]
|
||||||
@@ -246,18 +246,18 @@ manual page for a list of defined destinations.
|
|||||||
.It database Li = {
|
.It database Li = {
|
||||||
.Bl -tag -width "xxx" -offset indent
|
.Bl -tag -width "xxx" -offset indent
|
||||||
.It dbname Li = Va DATABASENAME
|
.It dbname Li = Va DATABASENAME
|
||||||
use this database for this realm.
|
Use this database for this realm.
|
||||||
.It realm Li = Va REALM
|
.It realm Li = Va REALM
|
||||||
specifies the realm that will be stored in this database.
|
Specifies the realm that will be stored in this database.
|
||||||
.It mkey_file Li = Pa FILENAME
|
.It mkey_file Li = Pa FILENAME
|
||||||
use this keytab file for the master key of this database.
|
Use this keytab file for the master key of this database.
|
||||||
If not specified
|
If not specified
|
||||||
.Va DATABASENAME Ns .mkey
|
.Va DATABASENAME Ns .mkey
|
||||||
will be used.
|
will be used.
|
||||||
.It acl_file Li = PA FILENAME
|
.It acl_file Li = PA FILENAME
|
||||||
use this file for the ACL list of this database.
|
Use this file for the ACL list of this database.
|
||||||
.It log_file Li = Pa FILENAME
|
.It log_file Li = Pa FILENAME
|
||||||
use this file as the log of changes performed to the database. This
|
Use this file as the log of changes performed to the database. This
|
||||||
file is used by
|
file is used by
|
||||||
.Nm ipropd-master
|
.Nm ipropd-master
|
||||||
for propagating changes to slaves.
|
for propagating changes to slaves.
|
||||||
@@ -269,33 +269,34 @@ Maximum size of a kdc request.
|
|||||||
If set pre-authentication is required. Since krb4 requests are not
|
If set pre-authentication is required. Since krb4 requests are not
|
||||||
pre-authenticated they will be rejected.
|
pre-authenticated they will be rejected.
|
||||||
.It ports = Va "list of ports"
|
.It ports = Va "list of ports"
|
||||||
list of ports the kdc should listen to.
|
List of ports the kdc should listen to.
|
||||||
.It addresses = Va "list of interfaces"
|
.It addresses = Va "list of interfaces"
|
||||||
list of addresses the kdc should bind to.
|
List of addresses the kdc should bind to.
|
||||||
.It enable-kerberos4 = Va BOOL
|
.It enable-kerberos4 = Va BOOL
|
||||||
turn on kerberos4 support.
|
Turn on kerberos4 support.
|
||||||
.It v4-realm = Va REALM
|
.It v4-realm = Va REALM
|
||||||
to what realm v4 requests should be mapped.
|
To what realm v4 requests should be mapped.
|
||||||
.It enable-524 = Va BOOL
|
.It enable-524 = Va BOOL
|
||||||
should the Kerberos 524 converting facility be turned on. Default is same as
|
Should the Kerberos 524 converting facility be turned on.
|
||||||
|
Default is same as
|
||||||
.Va enable-kerberos4 .
|
.Va enable-kerberos4 .
|
||||||
.It enable-http = Va BOOL
|
.It enable-http = Va BOOL
|
||||||
should the kdc answer kdc-requests over http.
|
Should the kdc answer kdc-requests over http.
|
||||||
.It enable-kaserver = Va BOOL
|
.It enable-kaserver = Va BOOL
|
||||||
if this kdc should emulate the AFS kaserver.
|
If this kdc should emulate the AFS kaserver.
|
||||||
.It check-ticket-addresses = Va BOOL
|
.It check-ticket-addresses = Va BOOL
|
||||||
verify the addresses in the tickets used in tgs requests.
|
verify the addresses in the tickets used in tgs requests.
|
||||||
.\" XXX
|
.\" XXX
|
||||||
.It allow-null-ticket-addresses = Va BOOL
|
.It allow-null-ticket-addresses = Va BOOL
|
||||||
allow addresses-less tickets.
|
Allow addresses-less tickets.
|
||||||
.\" XXX
|
.\" XXX
|
||||||
.It allow-anonymous = Va BOOL
|
.It allow-anonymous = Va BOOL
|
||||||
if the kdc is allowed to hand out anonymous tickets.
|
If the kdc is allowed to hand out anonymous tickets.
|
||||||
.It encode_as_rep_as_tgs_rep = Va BOOL
|
.It encode_as_rep_as_tgs_rep = Va BOOL
|
||||||
encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
|
Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
|
||||||
.\" XXX
|
.\" XXX
|
||||||
.It kdc_warn_pwexpire = Va TIME
|
.It kdc_warn_pwexpire = Va TIME
|
||||||
the time before expiration that the user should be warned that her
|
The time before expiration that the user should be warned that her
|
||||||
password is about to expire.
|
password is about to expire.
|
||||||
.It logging = Va Logging
|
.It logging = Va Logging
|
||||||
What type of logging the kdc should use, see also [logging]/kdc.
|
What type of logging the kdc should use, see also [logging]/kdc.
|
||||||
@@ -313,7 +314,7 @@ syntax of this if something like:
|
|||||||
.Pp
|
.Pp
|
||||||
[(des|des3|etype):](pw-salt|afs3-salt)[:string]
|
[(des|des3|etype):](pw-salt|afs3-salt)[:string]
|
||||||
.Pp
|
.Pp
|
||||||
if
|
If
|
||||||
.Ar etype
|
.Ar etype
|
||||||
is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are:
|
is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are:
|
||||||
.Bl -tag -width "xxx" -offset indent
|
.Bl -tag -width "xxx" -offset indent
|
||||||
|
|||||||
Reference in New Issue
Block a user