From b04d5bb7ef8600d5cdaed7078f6a166b090bbb76 Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Sun, 11 Apr 1999 01:47:30 +0000 Subject: [PATCH] update to reality git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5936 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/krb5.conf.5 | 38 ++++++++++++++++++++++++++++-- lib/krb5/krb5_425_conv_principal.3 | 31 +++++++++++++----------- 2 files changed, 53 insertions(+), 16 deletions(-) diff --git a/lib/krb5/krb5.conf.5 b/lib/krb5/krb5.conf.5 index 6baa25e7d..3abfb1e91 100644 --- a/lib/krb5/krb5.conf.5 +++ b/lib/krb5/krb5.conf.5 @@ -1,6 +1,6 @@ .\" $Id$ .\" -.Dd July 27, 1997 +.Dd April 11, 1999 .Dt KRB5.CONF 5 .Os HEIMDAL .Sh NAME @@ -63,8 +63,39 @@ Maximum time to wait for a reply from the kdc, default is 3 seconds. .It v4_name_convert .It v4_instance_resolve These are decribed in the -.Xr krb5_425_conv_principal +.Xr krb5_425_conv_principal 3 manual page. +.It Li capath = Va realm-routing-table +.It Li default_etypes = Va etypes... +A list of default etypes to use. +.It Li default_keytab_name = Va keytab +The keytab to use if none other is specified, default is +.Dq FILE:/etc/krb5.keytab . +.It Li kdc_timesync = Va boolean +Try to keep track of the time differential between the local machine +and the KDC, and then compensate for that when issuing requests. +.It Li max_retries = Va number +The max number of times to try to contact each KDC. +.It Li ticket_lifetime = Va time +Default ticket lifetime. +.It Li renew_lifetime = Va time +Default renewable ticket lifetime. +.It Li verify_ap_req_nofail = Va boolean +Enable to make a failure to verify obtained credentials +non-fatal. This can be useful if there is no keytab on a host. +.It Li warn_pwexpire = Va time +How soon to warn for expiring password. Default is seven days. +.It Li http_proxy = Va proxy-spec +A HTTP-proxy to use when talking to the KDC via HTTP. +.It Li dns_proxy = Va proxy-spec +Enable using DNS via HTTP. +.It Li extra_addresses = Va address... +A list of addresses to get tickets for along with all local addresses. +.It Li time_format = Va string +How to print time strings in logs, this string is passed to +.Xr strftime 3 . +.It Li log_utc = Va boolean +Write log-entries using UTC instead of your local time zone. .El .It Li [domain_realm] This is a list of mappings from DNS domain to Kerberos realm. Each @@ -128,4 +159,7 @@ manual page for a list of defined destinations. default = SYSLOG:INFO:USER .Ed .Sh SEE ALSO +.Xr krb5_openlog 3 , +.Xr krb5_425_conv_principal 3 , +.Xr strftime 3 , .Xr Source tm diff --git a/lib/krb5/krb5_425_conv_principal.3 b/lib/krb5/krb5_425_conv_principal.3 index d66c1354a..626b82cb5 100644 --- a/lib/krb5/krb5_425_conv_principal.3 +++ b/lib/krb5/krb5_425_conv_principal.3 @@ -1,6 +1,6 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan .\" $Id$ -.Dd August 8, 1997 +.Dd April 11, 1999 .Dt KRB5_425_CONV_PRINCIPAL 3 .Os HEIMDAL .Sh NAME @@ -85,8 +85,23 @@ section, it is looked up in a binding. If found here the name will be converted, but the instance will be untouched. .Pp +This list of default host-type conversions is compiled-in: +.Bd -literal -offset indent +v4_name_convert = { + host = { + ftp = ftp + hprop = hprop + pop = pop + rcmd = host + } +} +.Ed +.Pp +It will only be used if there isn't an entry for these names in the +config file, so you can override these defaults. +.Pp .Fn krb5_425_conv_principal -will call +will call .Fn krb5_425_conv_principal_ext with .Dv NULL @@ -132,13 +147,6 @@ A file that covers this case might look like: .Bd -literal -offset indent [libdefaults] - v4_name_convert = { - host = { - rcmd = host - ftp = ftp - pop = pop - } - } v4_instance_resolve = yes [realms] FOO.COM = { @@ -181,11 +189,6 @@ the second example will result in (because of the default domain). And all of this is of course only valid if you have working name resolving. -.Sh BUGS -You have to set up your -.Pa krb5.conf -correctly to have any of this work. - .Sh SEE ALSO .Xr krb5_build_principal 3 , .Xr krb5_free_principal 3 ,