cc8a62e402
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21994 ec53bebd-3082-4978-b11e-865c3cabbd6b
92 lines
3.2 KiB
Plaintext
92 lines
3.2 KiB
Plaintext
[kdc]
|
|
# See allowed values in krb5_openlog(3) man page.
|
|
logging = FILE:/var/log/heimdal-kdc.log
|
|
|
|
# detach = boolean
|
|
|
|
# Gives an upper limit on the size of the requests that the kdc is
|
|
# willing to handle.
|
|
# max-request = integer
|
|
|
|
# Turn off the requirement for pre-autentication in the initial AS-
|
|
# REQ for all principals. The use of pre-authentication makes it
|
|
# more difficult to do offline password attacks. You might want to
|
|
# turn it off if you have clients that don't support pre-authenti-
|
|
# cation. Since the version 4 protocol doesn't support any pre-
|
|
# authentication, serving version 4 clients is just about the same
|
|
# as not requiring pre-athentication. The default is to require
|
|
# pre-authentication. Adding the require-preauth per principal is
|
|
# a more flexible way of handling this.
|
|
# require-preauth = boolean
|
|
|
|
# Specifies the set of ports the KDC should listen on. It is given
|
|
# as a white-space separated list of services or port numbers.
|
|
# ports = 88,750
|
|
|
|
# The list of addresses to listen for requests on. By default, the
|
|
# kdc will listen on all the locally configured addresses. If only
|
|
# a subset is desired, or the automatic detection fails, this
|
|
# option might be used.
|
|
# addresses = list of ip addresses
|
|
|
|
# respond to Kerberos 4 requests
|
|
# enable-kerberos4 = false
|
|
|
|
# respond to Kerberos 4 requests from foreign realms. This is a
|
|
# known security hole and should not be enabled unless you under-
|
|
# stand the consequences and are willing to live with them.
|
|
# enable-kerberos4-cross-realm = false
|
|
|
|
# respond to 524 requests
|
|
# enable-524 = value of enable-kerberos4
|
|
|
|
# Makes the kdc listen on port 80 and handle requests encapsulated
|
|
# in HTTP.
|
|
# enable-http = boolean
|
|
|
|
# What realm this server should act as when dealing with version 4
|
|
# requests. The database can contain any number of realms, but
|
|
# since the version 4 protocol doesn't contain a realm for the
|
|
# server, it must be explicitly specified. The default is whatever
|
|
# is returned by krb_get_lrealm(). This option is only availabe if
|
|
# the KDC has been compiled with version 4 support.
|
|
# v4-realm = string
|
|
|
|
# Enable kaserver emulation (in case it's compiled in).
|
|
# enable-kaserver = false
|
|
|
|
# Check the addresses in the ticket when processing TGS requests.
|
|
# check-ticket-addresses = true
|
|
|
|
# Permit tickets with no addresses. This option is only
|
|
# relevent when check-ticket-addresses is TRUE.
|
|
# allow-null-ticket-addresses = true
|
|
|
|
# Permit anonymous tickets with no addresses.
|
|
# allow-anonymous = boolean
|
|
|
|
# Always verify the transited policy, ignoring the
|
|
# disable-transited-check flag if set in the KDC client request.
|
|
# transited-policy = {always-check,allow-per-principal,always-honour-request}
|
|
|
|
# Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
|
|
# code. The Heimdal clients allow both.
|
|
# encode_as_rep_as_tgs_rep = boolean
|
|
|
|
# How long before password/principal expiration the KDC should
|
|
# start sending out warning messages.
|
|
# kdc_warn_pwexpire = time
|
|
|
|
# Specifies the set of ports the KDC should listen on. It is given
|
|
# as a white-space separated list of services or port numbers.
|
|
# kdc_ports = 88,750
|
|
|
|
# [password_quality]
|
|
# check_library = LIBRARY
|
|
# check_function = FUNCTION
|
|
# min_length = value
|
|
|
|
# [kadmin]
|
|
# default_keys = list of strings
|
|
# use_v4_salt = boolean
|