From 7de482520b8e8b88a76235f5ae7da592995e8ffd Mon Sep 17 00:00:00 2001
From: Johan Danielsson <joda@pdc.kth.se>
Date: Wed, 5 May 1999 16:18:51 +0000
Subject: [PATCH] some cleanup

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6144 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 doc/setup.texi | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/doc/setup.texi b/doc/setup.texi
index 852e86003..7a6d56e6d 100644
--- a/doc/setup.texi
+++ b/doc/setup.texi
@@ -16,14 +16,15 @@ configuration options, some of which are described here.
 
 There is a sample @file{krb5.conf} supplied with the distribution.
 
-The configuration file is a hierarchical structure consisting of sections,
-each containing a list of bindings (either variable assignments or
-subsections). A section starts with @samp{[section-name]}.  A binding
-consists of a left hand side, an equal (@samp{=}) and a right hand
-side. The left hand side tag must be separated from the equal with some
-whitespace. Subsections has a @samp{@{} as the first non-whitespace
-character after the equal. All other bindings are treated as variable
-assignments. The value of a variable extends to the end of the line.
+The configuration file is a hierarchical structure consisting of
+sections, each containing a list of bindings (either variable
+assignments or subsections). A section starts with
+@samp{[section-name]}.  A binding consists of a left hand side, an equal
+(@samp{=}) and a right hand side (the left hand side tag must be
+separated from the equal with some whitespace.) Subsections has a
+@samp{@{} as the first non-whitespace character after the equal. All
+other bindings are treated as variable assignments. The value of a
+variable extends to the end of the line.
 
 @example
 [section1]
@@ -72,7 +73,9 @@ with contents similar to the following.
 @end example
 
 If you use a realm name equal to your domain name, you can omit the
-@samp{libdefaults}, and @samp{domain_realm}, sections.
+@samp{libdefaults}, and @samp{domain_realm}, sections. If you have a
+SRV-record for your realm, or your kerberos server has CNAME called
+@samp{kerberos.my.realm}, you can omit the @samp{realms} section too.
 
 @section Creating the database
 
@@ -159,9 +162,11 @@ Max renewable life [unlimited]:
 Attributes []:
 kadmin> ext host/my.host.name
 # ktutil list
-Version  Type    Principal
-     1   des     host/my.host.name@@MY.REALM
-     1   des3    host/my.host.name@@MY.REALM
+Version  Type             Principal
+     1   des-cbc-md5      host/my.host.name@@MY.REALM
+     1   des-cbc-md4      host/my.host.name@@MY.REALM
+     1   des-cbc-crc      host/my.host.name@@MY.REALM
+     1   des3-cbc-sha1    host/my.host.name@@MY.REALM
 @end example
 
 @section Remote administration
@@ -177,6 +182,8 @@ kerberos-adm stream     tcp     nowait  root /usr/heimdal/libexec/kadmind kadmin
 You might need to add @samp{kerberos-adm} to your @file{/etc/services}
 as 749/tcp.
 
+You need to add a key for @samp{kadmin/admin} to your keytab.
+
 Access to the admin server is controlled by an acl-file, (default
 @file{/var/heimdal/kadmind.acl}.) The lines in the access file, has the
 following syntax: