From f17785a56ca566e0a0d7076ee4a68fc1f764220a Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Fri, 4 Aug 2000 02:41:45 +0000
Subject: [PATCH] some documentation on [kadmin] configuration.  From
 <lha@stacken.kth.se>

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8888 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/krb5.conf.5 | 36 +++++++++++++++++++++++++++++++++---
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/lib/krb5/krb5.conf.5 b/lib/krb5/krb5.conf.5
index 3d96e3fba..f2371b150 100644
--- a/lib/krb5/krb5.conf.5
+++ b/lib/krb5/krb5.conf.5
@@ -148,8 +148,7 @@ specifies the realm that will be stored in this database.
 use this keytab file for the master key of this database.
 If not specified
 .Va DATABASENAME .
-mkey
-will be used.
+mkey will be used.
 .El
 .It Li }
 .It max-request = Va SIZE
@@ -189,7 +188,38 @@ password is about to expire.
 .It logging = Va Logging
 What type of logging the kdc should use, see also [logging]/kdc.
 .El
-.It Li }
+.It Li [kadmin]
+.Bl -tag -width "xxx" -offset indent
+.It require-preauth = Va BOOL
+If pre-authentication is required to talk to the kadmin server.
+.It default_keys = Va keytypes...
+for each entry in
+.Va default_keys
+try to parse it as a sequence of
+.Va etype:salttype:salt
+syntax of this if something like:
+.Pp
+[(des|des3|etype):](pw-salt|afs3-salt)[:string]
+.Pp
+if
+.Ar etype
+is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are:
+.Bl -tag -width "xxx" -offset indent
+.It v5 
+The kerberos 5 salt
+.Va pw-salt
+.It v4
+The kerberos 4 type
+.Va des:pw-salt:
+.El
+.It use_v4_salt = Va BOOL
+When true, this is the same as
+.Pp
+.Va default_keys = Va des3:pw-salt Va v4
+.Pp
+and is only left for backwards compatability.
+.El
+.El
 .Sh ENVIRONMENT
 .Ev KRB5_CONFIG
 points to the configuration file to read.