update to reality

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5936 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-04-11 01:47:30 +00:00
parent aee3f6fca6
commit b04d5bb7ef
2 changed files with 53 additions and 16 deletions
--- a/lib/krb5/krb5.conf.5
+++ b/lib/krb5/krb5.conf.5
@@ -1,6 +1,6 @@
 .\" $Id$
 .\"
-.Dd July 27, 1997
+.Dd April 11, 1999
 .Dt KRB5.CONF 5
 .Os HEIMDAL
 .Sh NAME
@@ -63,8 +63,39 @@ Maximum time to wait for a reply from the kdc, default is 3 seconds.
 .It v4_name_convert
 .It v4_instance_resolve
 These are decribed in the 
-.Xr krb5_425_conv_principal 
+.Xr krb5_425_conv_principal  3
 manual page.
+.It Li capath = Va realm-routing-table
+.It Li default_etypes = Va etypes...
+A list of default etypes to use.
+.It Li default_keytab_name = Va keytab
+The keytab to use if none other is specified, default is
+.Dq FILE:/etc/krb5.keytab .
+.It Li kdc_timesync = Va boolean
+Try to keep track of the time differential between the local machine
+and the KDC, and then compensate for that when issuing requests.
+.It Li max_retries = Va number
+The max number of times to try to contact each KDC.
+.It Li ticket_lifetime = Va time
+Default ticket lifetime.
+.It Li renew_lifetime = Va time
+Default renewable ticket lifetime.
+.It Li verify_ap_req_nofail = Va boolean
+Enable to make a failure to verify obtained credentials
+non-fatal. This can be useful if there is no keytab on a host.
+.It Li warn_pwexpire = Va time
+How soon to warn for expiring password. Default is seven days.
+.It Li http_proxy = Va proxy-spec
+A HTTP-proxy to use when talking to the KDC via HTTP.
+.It Li dns_proxy = Va proxy-spec
+Enable using DNS via HTTP.
+.It Li extra_addresses = Va address...
+A list of addresses to get tickets for along with all local addresses.
+.It Li time_format = Va string
+How to print time strings in logs, this string is passed to
+.Xr strftime 3 .
+.It Li log_utc = Va boolean
+Write log-entries using UTC instead of your local time zone.
 .El
 .It Li [domain_realm]
 This is a list of mappings from DNS domain to Kerberos realm. Each
@@ -128,4 +159,7 @@ manual page for a list of defined destinations.
 	default = SYSLOG:INFO:USER
 .Ed
 .Sh SEE ALSO
+.Xr krb5_openlog 3 ,
+.Xr krb5_425_conv_principal 3 ,
+.Xr strftime 3 ,
 .Xr Source tm
--- a/lib/krb5/krb5_425_conv_principal.3
+++ b/lib/krb5/krb5_425_conv_principal.3
@@ -1,6 +1,6 @@
 .\" Copyright (c) 1997 Kungliga Tekniska H<>gskolan
 .\" $Id$
-.Dd August 8, 1997
+.Dd April 11, 1999
 .Dt KRB5_425_CONV_PRINCIPAL 3
 .Os HEIMDAL
 .Sh NAME
@@ -85,8 +85,23 @@ section, it is looked up in a
 binding. If found here the name will be converted, but the instance
 will be untouched.
 .Pp
+This list of default host-type conversions is compiled-in:
+.Bd -literal -offset indent
+v4_name_convert = {
+	host = {
+		ftp = ftp
+		hprop = hprop
+		pop = pop
+		rcmd = host
+	}
+}
+.Ed
+.Pp
+It will only be used if there isn't an entry for these names in the
+config file, so you can override these defaults.
+.Pp
 .Fn krb5_425_conv_principal
-will call 
+will call
 .Fn krb5_425_conv_principal_ext
 with 
 .Dv NULL
@@ -132,13 +147,6 @@ A
 file that covers this case might look like:
 .Bd -literal -offset indent
 [libdefaults]
-	v4_name_convert = {
-		host = {
-			rcmd = host
-			ftp = ftp
-			pop = pop
-		}
-	}
 	v4_instance_resolve = yes
 [realms]
 	FOO.COM = {
@@ -181,11 +189,6 @@ the second example will result in
 (because of the default domain). And all of this is of course only
 valid if you have working name resolving.

-.Sh BUGS
-You have to set up your
-.Pa krb5.conf
-correctly to have any of this work.
-
 .Sh SEE ALSO
 .Xr krb5_build_principal 3 ,
 .Xr krb5_free_principal 3 ,