small fixes
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3226 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -36,7 +36,7 @@ principal @samp{rcmd.foo}.
|
|||||||
|
|
||||||
The @samp{rcmd} name suggests that the instance is a hostname (even if
|
The @samp{rcmd} name suggests that the instance is a hostname (even if
|
||||||
there are exceptions to this rule). To correctly convert the instance
|
there are exceptions to this rule). To correctly convert the instance
|
||||||
@samp{foo} to a hostame, you have to know which host it referred to. You
|
@samp{foo} to a hostname, you have to know which host it referred to. You
|
||||||
can to this by either guessing (from the realm) which domain name to
|
can to this by either guessing (from the realm) which domain name to
|
||||||
append, or you have to have a list of possible hostnames. In the
|
append, or you have to have a list of possible hostnames. In the
|
||||||
simplest cases you can cover most principals with the first rule. If you
|
simplest cases you can cover most principals with the first rule. If you
|
||||||
@@ -46,10 +46,10 @@ table for the exceptions.
|
|||||||
|
|
||||||
In a complex scenario you will need some kind of host lookup mechanism.
|
In a complex scenario you will need some kind of host lookup mechanism.
|
||||||
Using DNS for this is tempting, but DNS is error prone, slow and unsafe
|
Using DNS for this is tempting, but DNS is error prone, slow and unsafe
|
||||||
@footnote{at least until secure DNS is comonly available}.
|
@footnote{at least until secure DNS is commonly available}.
|
||||||
|
|
||||||
Fortunately, the KDC has a trump on hand: it can easily tell if a
|
Fortunately, the KDC has a trump on hand: it can easily tell if a
|
||||||
principal exists in the databse. The KDC will use
|
principal exists in the database. The KDC will use
|
||||||
@code{krb5_425_conv_principal_ext} to convert principals.
|
@code{krb5_425_conv_principal_ext} to convert principals.
|
||||||
|
|
||||||
@node Converting a version 4 database, , Principal conversion issues, Kerberos 4 issues
|
@node Converting a version 4 database, , Principal conversion issues, Kerberos 4 issues
|
||||||
@@ -67,7 +67,7 @@ converted. This might be because these principals are not used anymore,
|
|||||||
or it might be just because the principal couldn't be converted.
|
or it might be just because the principal couldn't be converted.
|
||||||
|
|
||||||
You might also see problems with a many-to-one mapping of
|
You might also see problems with a many-to-one mapping of
|
||||||
principals. For inctance, if you are using DNS lookups and you have two
|
principals. For instance, if you are using DNS lookups and you have two
|
||||||
principals @samp{rcmd.foo} and @samp{rcmd.bar}, where `foo' is a CNAME
|
principals @samp{rcmd.foo} and @samp{rcmd.bar}, where `foo' is a CNAME
|
||||||
for `bar', the resulting principals will be the same. Since the
|
for `bar', the resulting principals will be the same. Since the
|
||||||
conversion function can't tell which is correct, these conflicts will
|
conversion function can't tell which is correct, these conflicts will
|
||||||
|
|||||||
@@ -12,7 +12,9 @@ To setup a realm you will first have to create a configuration file:
|
|||||||
@file{/etc/krb5.conf}. The @file{krb5.conf} file can contain many
|
@file{/etc/krb5.conf}. The @file{krb5.conf} file can contain many
|
||||||
configuration options, some which are described here.
|
configuration options, some which are described here.
|
||||||
|
|
||||||
The confguration file is a hierarchial structure consisting of sections,
|
There is a sample @file{krb5.conf} supplied with the distribution.
|
||||||
|
|
||||||
|
The configuration file is a hierarchical structure consisting of sections,
|
||||||
each containing a list of bindings (either variable assignments or
|
each containing a list of bindings (either variable assignments or
|
||||||
subsections). A section starts with @samp{[section-name]}. A binding
|
subsections). A section starts with @samp{[section-name]}. A binding
|
||||||
consists of a left hand side, an equal (@samp{=}) and a right hand
|
consists of a left hand side, an equal (@samp{=}) and a right hand
|
||||||
@@ -77,7 +79,7 @@ default principals for that realm. You can have more than one realm in
|
|||||||
one database, so @samp{init} does not destroy any old database.
|
one database, so @samp{init} does not destroy any old database.
|
||||||
|
|
||||||
Before creating the database, @samp{init} will ask you some questions
|
Before creating the database, @samp{init} will ask you some questions
|
||||||
about default and max ticket lifes. The default values should be fine.
|
about default and max ticket lifetimes. The default values should be fine.
|
||||||
|
|
||||||
After creating the database you should probably add yourself. You do
|
After creating the database you should probably add yourself. You do
|
||||||
this with the @samp{ank} command. It takes as argument the name of a
|
this with the @samp{ank} command. It takes as argument the name of a
|
||||||
|
|||||||
Reference in New Issue
Block a user