oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Lightly document derived key namespaces

Browse Source
This commit is contained in:
Roland C. Dowdeswell
2019-10-23 19:38:11 +01:00
committed by Nico Williams
parent 5bbe7c8dc6
commit ba65039586
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
lib/krb5/krb5.conf.5
View File

@@ -836,7 +836,30 @@ The name of the service.
.It principal-host-name .It principal-host-name
The name of the host. The name of the host.
.El .El
.It Li enable_derived_keys = Va boolean
Enable the use of derived key namespaces.
When enabled, principals of the form
.Pp
.Ar WELLKNOWN/DERIVED-KEY/<alg>/<namespace>@REALM
.Pp
match any request of the form:
.Ar */*.<namespace>@REALM .
The keys are derived from the keys in the database and
the name of the requested principal via the algorithm
specified by
.Ar <alg> .
Currently, only
.Ar KRB5-CRYPTO-PRFPLUS
which is implemented by the function
.Fn krb5_crypto_prfplus .
.It Li derived_keys_ndots = Va Integer
The minimum number of dots in a name matched via
derived key namespaces.
.It Li derived_keys_maxdots = Va Integer
The maximim number of dots in a name matched via
derived key namespaces.
.El .El
.Pp
The The
.Li kx509 , .Li kx509 ,
.Li kx509_template , .Li kx509_template ,