11ae122556
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2968 ec53bebd-3082-4978-b11e-865c3cabbd6b
132 lines
2.7 KiB
Groff
132 lines
2.7 KiB
Groff
.\" $Id$
|
|
.\"
|
|
.Dd July 27, 1997
|
|
.Dt KRB5.CONF 5
|
|
.Os HEIMDAL
|
|
.Sh NAME
|
|
.Nm /etc/krb5.conf
|
|
.Nd
|
|
Configuration file for Kerberos 5
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
file specifies several configuration parameters for the Kerberos 5
|
|
library, as well as for some programs.
|
|
.Pp
|
|
The file consists of one or more sections, containing a number of
|
|
bindings. The value of each binding can be either a string or a list
|
|
of other bindings. The grammar looks like:
|
|
.Bd -literal -offset indent
|
|
file:
|
|
/* empty */
|
|
sections
|
|
|
|
sections:
|
|
section sections
|
|
section
|
|
|
|
section:
|
|
'[' section_name ']' bindings
|
|
|
|
section_name:
|
|
STRING
|
|
|
|
bindings:
|
|
binding bindings
|
|
binding
|
|
|
|
binding:
|
|
name '=' STRING
|
|
name '=' '{' bindings '}'
|
|
|
|
name:
|
|
STRING
|
|
|
|
.Ed
|
|
.Li STRINGs
|
|
consists of one or more non-white space characters.
|
|
Currently recognised sections and bindings are:
|
|
|
|
.Bl -tag -width "xxx" -offset indent
|
|
.It Li [libdefaults]
|
|
.Bl -tag -width "xxx" -offset indent
|
|
.It Li default_realm = Va REALM
|
|
Default realm to use, this is also known as your
|
|
.Dq local realm .
|
|
The default is the result of
|
|
.Fn krb5_get_host_realm "local hostname" .
|
|
.It Li clockskew = Va time
|
|
Maximum time differential (in seconds) allowed when comparing
|
|
times. Default is 300 seconds (five minutes).
|
|
.It Li kdc_timeout = Va time
|
|
Maximum time to wait for a reply from the kdc, default is 3 seconds.
|
|
.It v4_name_convert
|
|
.It v4_instance_resolve
|
|
These are decribed in the
|
|
.Xr krb5_425_conv_principal
|
|
manual page.
|
|
.El
|
|
.It Li [domain_realm]
|
|
This is a list of mappings from DNS domain to Kerberos realm. Each
|
|
binding in this section looks like:
|
|
.Pp
|
|
.Dl domain = realm
|
|
.Pp
|
|
The domain can be either a full name of a host or a trailing
|
|
component, in the latter case the domain-string should start with a
|
|
perid.
|
|
.It Li [realms]
|
|
.Bl -tag -width "xxx" -offset indent
|
|
.It Va REALM Li = {
|
|
.Bl -tag -width "xxx" -offset indent
|
|
.It Li kdc = Va host[:port]
|
|
Specifies a kdc for this realm. If the optional port is absent, the
|
|
default value for the
|
|
.Dq kerberos/udp
|
|
service will be used.
|
|
.It Li v4_instance_convert
|
|
.It Li v4_name_convert
|
|
.It Li default_domain
|
|
See
|
|
.Xr krb5_425_conv_principal 3 .
|
|
.El
|
|
.It Li }
|
|
.El
|
|
.It Li [logging]
|
|
.Bl -tag -width "xxx" -offset indent
|
|
.It Va entity Li = Va destination
|
|
Specifies that
|
|
.Va entity
|
|
should use the specified
|
|
.Li destination
|
|
for logging. See the
|
|
.Xr krb5_openlog 3
|
|
manual page for a list of defined destinations.
|
|
.El
|
|
.El
|
|
.Sh EXAMPLE
|
|
.Bd -literal -offset indent
|
|
[lib_defaults]
|
|
default_domain = FOO.SE
|
|
[domain_realm]
|
|
.foo.se = FOO.SE
|
|
.bar.se = FOO.SE
|
|
[realms]
|
|
FOO.SE = {
|
|
kdc = kerberos.foo.se
|
|
v4_name_convert = {
|
|
rcmd = host
|
|
}
|
|
v4_instance_convert = {
|
|
xyz = xyz.bar.se
|
|
}
|
|
default_domain = foo.se
|
|
}
|
|
[logging]
|
|
kdc = FILE:/var/heimdal/kdc.log
|
|
kdc = SYSLOG:INFO
|
|
default = SYSLOG:INFO:USER
|
|
.Ed
|
|
.Sh SEE ALSO
|
|
.Xr Source tm
|