Merge pull request #88 from jelmer/rm-krb4-references

Remove rereferences to Kerberos 4.

kdc/kdc.8

@@ -47,9 +47,6 @@
 .Op Fl p | Fl Fl no-require-preauth
 .Op Fl Fl max-request= Ns Ar size
 .Op Fl H | Fl Fl enable-http
-.Op Fl Fl no-524
-.Op Fl Fl kerberos4
-.Op Fl Fl kerberos4-cross-realm
 .Oo Fl r Ar string \*(Ba Xo
 .Fl Fl v4-realm= Ns Ar string
 .Xc
@@ -93,14 +90,6 @@ Gives an upper limit on the size of the requests that the kdc is
 willing to handle.
 .It Fl H , Fl Fl enable-http
 Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
-.It Fl Fl no-524
-don't respond to 524 requests
-.It Fl Fl kerberos4
-respond to Kerberos 4 requests
-.It Fl Fl kerberos4-cross-realm
-respond to Kerberos 4 requests from foreign realms.
-This is a known security hole and should not be enabled unless you
-understand the consequences and are willing to live with them.
 .It Fl r Ar string , Fl Fl v4-realm= Ns Ar string
 What realm this server should act as when dealing with version 4
 requests.

krb5.conf

@@ -1,16 +1,6 @@
 [libdefaults]
 	default_realm = MY.REALM
 	clockskew = 300
-	v4_instance_resolve = false
-	v4_name_convert = {
-		host = {
-			rcmd = host
-			ftp = ftp
-		}
-		plain = {
-			something = something-else
-		}
-	}
 	
 [realms]
 	MY.REALM = {

lib/krb5/krb5.conf.5

@@ -152,11 +152,6 @@ times.
 Default is 300 seconds (five minutes).
 .It Li kdc_timeout = Va time
 Maximum time to wait for a reply from the kdc, default is 3 seconds.
-.It Li v4_name_convert
-.It Li v4_instance_resolve
-These are described in the
-.Xr krb5_425_conv_principal  3
-manual page.
 .It Li capath = {
 .Bl -tag -width "xxx" -offset indent
 .It Va destination-realm Li = Va next-hop-realm
@@ -242,12 +237,6 @@ Scan all network interfaces for addresses, as opposed to simply using
 the address associated with the system's host name.
 .It Li fcache_version = Va int
 Use file credential cache format version specified.
-.It Li krb4_get_tickets = Va boolean
-Also get Kerberos 4 tickets in
-.Nm kinit ,
-.Nm login ,
-and other programs.
-This option is also valid in the [realms] section.
 .It Li fcc-mit-ticketflags = Va boolean
 Use MIT compatible format for file credential cache.
 It's the field ticketflags that is stored in reverse bit order for
@@ -381,14 +370,6 @@ to the database are performed.
 Points to the server where all the password changes are performed.
 If there is no such entry, the kpasswd port on the admin_server host
 will be tried.
-.It Li krb524_server = Va host[:port]
-Points to the server that does 524 conversions.
-If it is not mentioned, the krb524 port on the kdcs will be tried.
-.It Li v4_instance_convert
-.It Li v4_name_convert
-.It Li default_domain
-See
-.Xr krb5_425_conv_principal 3 .
 .It Li tgs_require_subkey
 a boolan variable that defaults to false.
 Old DCE secd (pre 1.1) might need this to be true.
@@ -513,19 +494,10 @@ for propagating changes to slaves.
 Maximum size of a kdc request.
 .It Li require-preauth = Va BOOL
 If set pre-authentication is required.
-Since krb4 requests are not pre-authenticated they will be rejected.
 .It Li ports = Va "list of ports"
 List of ports the kdc should listen to.
 .It Li addresses = Va "list of interfaces"
 List of addresses the kdc should bind to.
-.It Li enable-kerberos4 = Va BOOL
-Turn on Kerberos 4 support.
-.It Li v4-realm = Va REALM
-To what realm v4 requests should be mapped.
-.It Li enable-524 = Va BOOL
-Should the Kerberos 524 converting facility be turned on.
-Default is the same as
-.Va enable-kerberos4 .
 .It Li enable-http = Va BOOL
 Should the kdc answer kdc-requests over http.
 .It Li tgt-use-strongest-session-key = Va BOOL
@@ -565,14 +537,6 @@ The time before expiration that the user should be warned that her
 password is about to expire.
 .It Li logging = Va Logging
 What type of logging the kdc should use, see also [logging]/kdc.
-.It Li use_2b = {
-.Bl -tag -width "xxx" -offset indent
-.It Va principal Li = Va BOOL
-boolean value if the 524 daemon should return AFS 2b tokens for
-.Fa principal .
-.It ...
-.El
-.It Li }
 .It Li hdb-ldap-structural-object Va structural object
 If the LDAP backend is used for storing principals, this is the
 structural object that will be used when creating and when reading
@@ -645,9 +609,6 @@ Additional special values of keytypes are:
 .It Li v5
 The Kerberos 5 salt
 .Va pw-salt
-.It Li v4
-The Kerberos 4 salt
-.Va des:pw-salt:
 .El
 .It Li default_key_rules = Va {
 .Bl -tag -width "xxx" -offset indent
@@ -696,12 +657,6 @@ configuration file for Kerberos 5.
 [realms]
 	FOO.SE = {
 		kdc = kerberos.foo.se
-		v4_name_convert = {
-			rcmd = host
-		}
-		v4_instance_convert = {
-			xyz = xyz.bar.se
-		}
 		default_domain = foo.se
 	}
 [logging]
@@ -729,7 +684,6 @@ are actually used and thus cannot warn about unknown or misspelled
 ones.
 .Sh SEE ALSO
 .Xr kinit 1 ,
-.Xr krb5_425_conv_principal 3 ,
 .Xr krb5_openlog 3 ,
 .Xr strftime 3 ,
 .Xr verify_krb5_conf 8

lib/krb5/krb5_parse_name.3

@@ -61,7 +61,6 @@ quoting it with a backslash
 .Pq Dq \e .
 A realm should not contain slashes or colons.
 .Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
 .Xr krb5_build_principal 3 ,
 .Xr krb5_free_principal 3 ,
 .Xr krb5_sname_to_principal 3 ,

lib/krb5/krb5_principal.3

@@ -362,7 +362,6 @@ On failure the function returns an error code and set the error
 string.
 .\" .Sh EXAMPLES
 .Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
 .Xr krb5_config 3 ,
 .Xr krb5.conf 5
 .Sh BUGS