oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Merge pull request #174 from abhinav-upadhyay/fix-krb5.conf.5

Browse Source 
Various fixes in kfb5.conf man page:
This commit is contained in:
Andrew Bartlett
2016-05-14 22:26:43 +12:00
parent 4fb67dcbc1 1e085bb4da
commit cc38a9f7d1
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/krb5/krb5.conf.5
View File

@@ -144,7 +144,7 @@ Default realm to use, this is also known as your
The default is the result of The default is the result of
.Fn krb5_get_host_realm "local hostname" . .Fn krb5_get_host_realm "local hostname" .
.It Li allow_weak_crypto = Va boolean .It Li allow_weak_crypto = Va boolean
is weaks crypto algorithms allowed to be used, among others, DES is are weak crypto algorithms allowed to be used, among others, DES is
considered weak. considered weak.
.It Li clockskew = Va time .It Li clockskew = Va time
Maximum time differential (in seconds) allowed when comparing Maximum time differential (in seconds) allowed when comparing
@@ -168,9 +168,9 @@ the default credentials cache name.
If you want to change the type only use If you want to change the type only use
.Li default_cc_type . .Li default_cc_type .
The string can contain variables that are expanded on runtime. The string can contain variables that are expanded on runtime.
Only support variable now is The Only supported variable currently is
.Li %{uid} .Li %{uid}
that expands to the current user id. which expands to the current user id.
.It Li default_etypes = Va etypes ... .It Li default_etypes = Va etypes ...
A list of default encryption types to use. (Default: all enctypes if A list of default encryption types to use. (Default: all enctypes if
allow_weak_crypto = TRUE, else all enctypes except single DES enctypes.) allow_weak_crypto = TRUE, else all enctypes except single DES enctypes.)
@@ -243,10 +243,10 @@ It's the field ticketflags that is stored in reverse bit order for
older than Heimdal 0.7. older than Heimdal 0.7.
Setting this flag to Setting this flag to
.Dv TRUE .Dv TRUE
make it store the MIT way, this is default for Heimdal 0.7. makes it store the MIT way, this is default for Heimdal 0.7.
.It Li check-rd-req-server .It Li check-rd-req-server
If set to "ignore", the framework will ignore any the server input to If set to "ignore", the framework will ignore any of the server input to
.Xr krb5_rd_req 3, .Xr krb5_rd_req 3 ,
this is very useful when the GSS-API server input the this is very useful when the GSS-API server input the
wrong server name into the gss_accept_sec_context call. wrong server name into the gss_accept_sec_context call.
.It Li k5login_directory = Va directory .It Li k5login_directory = Va directory
@@ -288,7 +288,7 @@ K5login files are text files, with each line containing just a principal
name; principals apearing in a user's k5login file are permitted access name; principals apearing in a user's k5login file are permitted access
to the user's account. Note: this rule performs no ownership nor to the user's account. Note: this rule performs no ownership nor
permissions checks on k5login files; proper ownership and permissions checks on k5login files; proper ownership and
permissions/ACLs are expected due to the system k5login location being a permissions/ACLs are expected due to the k5login location being a
system location. system location.
.It Li kuserok = Va USER-K5LOGIN .It Li kuserok = Va USER-K5LOGIN
If set and evaluated then If set and evaluated then
@@ -389,7 +389,7 @@ with explicit
.Va order .Va order
then all other rules in the order in which they appear. If any two then all other rules in the order in which they appear. If any two
rules have the same explicit rules have the same explicit
.Va order .Va order ,
their order of appearance in krb5.conf breaks the tie. Explicitly their order of appearance in krb5.conf breaks the tie. Explicitly
specifying order can be useful where tools read and write the specifying order can be useful where tools read and write the
configuration file without preserving parameter order. configuration file without preserving parameter order.