1c1,3
< .\" $Id: krb5.conf.5,v 1.25 2002/08/28 15:33:59 nectar Exp $
---
> .\" Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
> .\" (Royal Institute of Technology, Stockholm, Sweden).
> .\" All rights reserved.
2a5,33
> .\" Redistribution and use in source and binary forms, with or without
> .\" modification, are permitted provided that the following conditions
> .\" are met:
> .\"
> .\" 1. Redistributions of source code must retain the above copyright
> .\" notice, this list of conditions and the following disclaimer.
> .\"
> .\" 2. Redistributions in binary form must reproduce the above copyright
> .\" notice, this list of conditions and the following disclaimer in the
> .\" documentation and/or other materials provided with the distribution.
> .\"
> .\" 3. Neither the name of the Institute nor the names of its contributors
> .\" may be used to endorse or promote products derived from this software
> .\" without specific prior written permission.
> .\"
> .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
> .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
> .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> .\" SUCH DAMAGE.
> .\"
> .\" $Id: krb5.conf.5,v 1.35 2003/04/16 13:26:13 lha Exp $
> .\"
16,17c47,50
< bindings. The value of each binding can be either a string or a list
< of other bindings. The grammar looks like:
---
> bindings.
> The value of each binding can be either a string or a list of other
> bindings.
> The grammar looks like:
46c79,95
< consists of one or more non-white space characters.
---
> consists of one or more non-whitespace characters.
> .Pp
> STRINGs that are specified later in this man-page uses the following
> notation.
> .Bl -tag -width "xxx" -offset indent
> .It boolean
> values can be either yes/true or no/false.
> .It time
> values can be a list of year, month, day, hour, min, second.
> Example: 1 month 2 days 30 min.
> .It etypes
> valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-md5,
> des3-cbc-sha1.
> .It address
> an address can be either a IPv4 or a IPv6 address.
> .El
> .Pp
52c101,102
< these. The preference order is:
---
> these.
> The preference order is:
87c137,138
< times. Default is 300 seconds (five minutes).
---
> times.
> Default is 300 seconds (five minutes).
92c143
< These are decribed in the
---
> These are described in the
114c165
< A list of default etypes to use.
---
> A list of default encryption types to use.
116c167
< A list of default etypes to use when requesting a DES credential.
---
> A list of default encryption types to use when requesting a DES credential.
118c169
< The keytab to use if none other is specified, default is
---
> The keytab to use if no other is specified, default is
141,142c192,195
< fatal error. The application has to be able to read the corresponding
< service key for this to work. Some applications, like
---
> fatal error.
> The application has to be able to read the corresponding service key
> for this to work.
> Some applications, like
146c199,200
< How soon to warn for expiring password. Default is seven days.
---
> How soon to warn for expiring password.
> Default is seven days.
174,175c228,229
< This is a list of mappings from DNS domain to Kerberos realm. Each
< binding in this section looks like:
---
> This is a list of mappings from DNS domain to Kerberos realm.
> Each binding in this section looks like:
181c235
< perid.
---
> period.
189,190c243,247
< .It Li kdc = Va host[:port]
< Specifies a list of kdcs for this realm. If the optional port is absent, the
---
> .It Li kdc = Va [service/]host[:port]
> Specifies a list of kdcs for this realm.
> If the optional
> .Va port
> is absent, the
193c250,253
< service will be used.
---
> .Dq kerberos/tcp ,
> and
> .Dq http/tcp
> port (depending on service) will be used.
194a255,270
> .Pp
> The optional
> .Va service
> specifies over what medium the kdc should be
> contacted.
> Possible services are
> .Dq udp ,
> .Dq tcp ,
> and
> .Dq http .
> Http can also be written as
> .Dq http:// .
> Default service is
> .Dq udp
> and
> .Dq tcp .
197c273
< to the database are perfomed.
---
> to the database are performed.
199c275
< Points to the server where all the password changes are perfomed.
---
> Points to the server where all the password changes are performed.
202,204c278,280
< .It Li krb524_server = Va Host[:port]
< Points to the server that does 524 conversions. If it is not
< mentioned, the krb524 port on the kdcs will be tried.
---
> .It Li krb524_server = Va host[:port]
> Points to the server that does 524 conversions.
> If it is not mentioned, the krb524 port on the kdcs will be tried.
220c296,297
< for logging. See the
---
> for logging.
> See the
229c306
< use this database for this realm.
---
> Use this database for this realm.
231c308
< specifies the realm that will be stored in this database.
---
> Specifies the realm that will be stored in this database.
233c310
< use this keytab file for the master key of this database.
---
> Use this keytab file for the master key of this database.
238c315
< use this file for the ACL list of this database.
---
> Use this file for the ACL list of this database.
240,241c317,318
< use this file as the log of changes performed to the database. This
< file is used by
---
> Use this file as the log of changes performed to the database.
> This file is used by
249,250c326,327
< If set pre-authentication is required. Since krb4 requests are not
< pre-authenticated they will be rejected.
---
> If set pre-authentication is required.
> Since krb4 requests are not pre-authenticated they will be rejected.
252c329
< list of ports the kdc should listen to.
---
> List of ports the kdc should listen to.
254c331
< list of addresses the kdc should bind to.
---
> List of addresses the kdc should bind to.
256c333
< turn on kerberos4 support.
---
> Turn on Kerberos 4 support.
258c335
< to what realm v4 requests should be mapped.
---
> To what realm v4 requests should be mapped.
260c337,338
< should the Kerberos 524 converting facility be turned on. Default is same as
---
> Should the Kerberos 524 converting facility be turned on.
> Default is same as
263c341
< should the kdc answer kdc-requests over http.
---
> Should the kdc answer kdc-requests over http.
265c343
< if this kdc should emulate the AFS kaserver.
---
> If this kdc should emulate the AFS kaserver.
270c348
< allow addresses-less tickets.
---
> Allow addresses-less tickets.
273c351
< if the kdc is allowed to hand out anonymous tickets.
---
> If the kdc is allowed to hand out anonymous tickets.
275c353
< encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
---
> Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
278c356
< the time before expiration that the user should be warned that her
---
> The time before expiration that the user should be warned that her
281a360,361
> .It use_2b = Va principal list
> List of principals to use AFS 2b tokens for.
296c376
< if
---
> If
298c378,380
< is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are:
---
> is omitted it means everything, and if string is omitted it means the
> default salt string (for that principal and encryption type).
> Additional special values of keytypes are:
301c383
< The kerberos 5 salt
---
> The Kerberos 5 salt
304c386
< The kerberos 4 type
---
> The Kerberos 4 salt
312c394
< and is only left for backwards compatability.
---
> and is only left for backwards compatibility.
351,353c433,436
< and tries to emit useful diagnostics from parsing errors. Note that
< this program does not have any way of knowing what options are
< actually used and thus cannot warn about unknown or misspelled ones.
---
> and tries to emit useful diagnostics from parsing errors.
> Note that this program does not have any way of knowing what options
> are actually used and thus cannot warn about unknown or misspelled
> ones.
< .\" $Id: krb5.conf.5,v 1.25 2002/08/28 15:33:59 nectar Exp $
---
> .\" Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
> .\" (Royal Institute of Technology, Stockholm, Sweden).
> .\" All rights reserved.
2a5,33
> .\" Redistribution and use in source and binary forms, with or without
> .\" modification, are permitted provided that the following conditions
> .\" are met:
> .\"
> .\" 1. Redistributions of source code must retain the above copyright
> .\" notice, this list of conditions and the following disclaimer.
> .\"
> .\" 2. Redistributions in binary form must reproduce the above copyright
> .\" notice, this list of conditions and the following disclaimer in the
> .\" documentation and/or other materials provided with the distribution.
> .\"
> .\" 3. Neither the name of the Institute nor the names of its contributors
> .\" may be used to endorse or promote products derived from this software
> .\" without specific prior written permission.
> .\"
> .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
> .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
> .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> .\" SUCH DAMAGE.
> .\"
> .\" $Id: krb5.conf.5,v 1.35 2003/04/16 13:26:13 lha Exp $
> .\"
16,17c47,50
< bindings. The value of each binding can be either a string or a list
< of other bindings. The grammar looks like:
---
> bindings.
> The value of each binding can be either a string or a list of other
> bindings.
> The grammar looks like:
46c79,95
< consists of one or more non-white space characters.
---
> consists of one or more non-whitespace characters.
> .Pp
> STRINGs that are specified later in this man-page uses the following
> notation.
> .Bl -tag -width "xxx" -offset indent
> .It boolean
> values can be either yes/true or no/false.
> .It time
> values can be a list of year, month, day, hour, min, second.
> Example: 1 month 2 days 30 min.
> .It etypes
> valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-md5,
> des3-cbc-sha1.
> .It address
> an address can be either a IPv4 or a IPv6 address.
> .El
> .Pp
52c101,102
< these. The preference order is:
---
> these.
> The preference order is:
87c137,138
< times. Default is 300 seconds (five minutes).
---
> times.
> Default is 300 seconds (five minutes).
92c143
< These are decribed in the
---
> These are described in the
114c165
< A list of default etypes to use.
---
> A list of default encryption types to use.
116c167
< A list of default etypes to use when requesting a DES credential.
---
> A list of default encryption types to use when requesting a DES credential.
118c169
< The keytab to use if none other is specified, default is
---
> The keytab to use if no other is specified, default is
141,142c192,195
< fatal error. The application has to be able to read the corresponding
< service key for this to work. Some applications, like
---
> fatal error.
> The application has to be able to read the corresponding service key
> for this to work.
> Some applications, like
146c199,200
< How soon to warn for expiring password. Default is seven days.
---
> How soon to warn for expiring password.
> Default is seven days.
174,175c228,229
< This is a list of mappings from DNS domain to Kerberos realm. Each
< binding in this section looks like:
---
> This is a list of mappings from DNS domain to Kerberos realm.
> Each binding in this section looks like:
181c235
< perid.
---
> period.
189,190c243,247
< .It Li kdc = Va host[:port]
< Specifies a list of kdcs for this realm. If the optional port is absent, the
---
> .It Li kdc = Va [service/]host[:port]
> Specifies a list of kdcs for this realm.
> If the optional
> .Va port
> is absent, the
193c250,253
< service will be used.
---
> .Dq kerberos/tcp ,
> and
> .Dq http/tcp
> port (depending on service) will be used.
194a255,270
> .Pp
> The optional
> .Va service
> specifies over what medium the kdc should be
> contacted.
> Possible services are
> .Dq udp ,
> .Dq tcp ,
> and
> .Dq http .
> Http can also be written as
> .Dq http:// .
> Default service is
> .Dq udp
> and
> .Dq tcp .
197c273
< to the database are perfomed.
---
> to the database are performed.
199c275
< Points to the server where all the password changes are perfomed.
---
> Points to the server where all the password changes are performed.
202,204c278,280
< .It Li krb524_server = Va Host[:port]
< Points to the server that does 524 conversions. If it is not
< mentioned, the krb524 port on the kdcs will be tried.
---
> .It Li krb524_server = Va host[:port]
> Points to the server that does 524 conversions.
> If it is not mentioned, the krb524 port on the kdcs will be tried.
220c296,297
< for logging. See the
---
> for logging.
> See the
229c306
< use this database for this realm.
---
> Use this database for this realm.
231c308
< specifies the realm that will be stored in this database.
---
> Specifies the realm that will be stored in this database.
233c310
< use this keytab file for the master key of this database.
---
> Use this keytab file for the master key of this database.
238c315
< use this file for the ACL list of this database.
---
> Use this file for the ACL list of this database.
240,241c317,318
< use this file as the log of changes performed to the database. This
< file is used by
---
> Use this file as the log of changes performed to the database.
> This file is used by
249,250c326,327
< If set pre-authentication is required. Since krb4 requests are not
< pre-authenticated they will be rejected.
---
> If set pre-authentication is required.
> Since krb4 requests are not pre-authenticated they will be rejected.
252c329
< list of ports the kdc should listen to.
---
> List of ports the kdc should listen to.
254c331
< list of addresses the kdc should bind to.
---
> List of addresses the kdc should bind to.
256c333
< turn on kerberos4 support.
---
> Turn on Kerberos 4 support.
258c335
< to what realm v4 requests should be mapped.
---
> To what realm v4 requests should be mapped.
260c337,338
< should the Kerberos 524 converting facility be turned on. Default is same as
---
> Should the Kerberos 524 converting facility be turned on.
> Default is same as
263c341
< should the kdc answer kdc-requests over http.
---
> Should the kdc answer kdc-requests over http.
265c343
< if this kdc should emulate the AFS kaserver.
---
> If this kdc should emulate the AFS kaserver.
270c348
< allow addresses-less tickets.
---
> Allow addresses-less tickets.
273c351
< if the kdc is allowed to hand out anonymous tickets.
---
> If the kdc is allowed to hand out anonymous tickets.
275c353
< encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
---
> Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
278c356
< the time before expiration that the user should be warned that her
---
> The time before expiration that the user should be warned that her
281a360,361
> .It use_2b = Va principal list
> List of principals to use AFS 2b tokens for.
296c376
< if
---
> If
298c378,380
< is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are:
---
> is omitted it means everything, and if string is omitted it means the
> default salt string (for that principal and encryption type).
> Additional special values of keytypes are:
301c383
< The kerberos 5 salt
---
> The Kerberos 5 salt
304c386
< The kerberos 4 type
---
> The Kerberos 4 salt
312c394
< and is only left for backwards compatability.
---
> and is only left for backwards compatibility.
351,353c433,436
< and tries to emit useful diagnostics from parsing errors. Note that
< this program does not have any way of knowing what options are
< actually used and thus cannot warn about unknown or misspelled ones.
---
> and tries to emit useful diagnostics from parsing errors.
> Note that this program does not have any way of knowing what options
> are actually used and thus cannot warn about unknown or misspelled
> ones.