diff options
author | Zhanna Tsitkov <tsitkova@mit.edu> | 2012-08-06 12:30:08 -0400 |
---|---|---|
committer | Zhanna Tsitkov <tsitkova@mit.edu> | 2012-08-06 12:30:08 -0400 |
commit | 09f85df95bd0f41dec8cfbcfe7c4f10f359d82ff (patch) | |
tree | a092f1db8c6b9109c1767f72ea1954a1084ca6ae /doc/rst_source | |
parent | 351a7186f7040fe3a2694387e7810f546e32b19f (diff) | |
download | krb5-09f85df95bd0f41dec8cfbcfe7c4f10f359d82ff.tar.gz krb5-09f85df95bd0f41dec8cfbcfe7c4f10f359d82ff.tar.xz krb5-09f85df95bd0f41dec8cfbcfe7c4f10f359d82ff.zip |
Doc "version introduced" for some kdc.conf tags
Also, move [logging] section documentation after [dbmodules]
documentation.
Diffstat (limited to 'doc/rst_source')
-rw-r--r-- | doc/rst_source/krb_admins/conf_files/kdc_conf.rst | 155 |
1 files changed, 79 insertions, 76 deletions
diff --git a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst index 212742c887..54b0e410f0 100644 --- a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst +++ b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst @@ -30,9 +30,9 @@ The kdc.conf file may contain the following sections: ==================== ================================================= :ref:`kdcdefaults` Default values for KDC behavior :ref:`kdc_realms` Realm-specific database configuration and settings -:ref:`logging` Controls how Kerberos daemons perform logging :ref:`dbdefaults` Default database settings :ref:`dbmodules` Per-database settings +:ref:`logging` Controls how Kerberos daemons perform logging ==================== ================================================= @@ -315,77 +315,6 @@ For each realm, the following tags may be specified: possible values, see :ref:`Encryption_and_salt_types`. -.. _logging: - -[logging] -~~~~~~~~~ - -The [logging] section indicates how :ref:`krb5kdc(8)` and -:ref:`kadmind(8)` perform logging. The keys in this section are -daemon names, which may be one of: - -**admin_server** - Specifies how :ref:`kadmind(8)` performs logging. - -**kdc** - Specifies how :ref:`krb5kdc(8)` performs logging. - -**default** - Specifies how either daemon performs logging in the absence of - relations specific to the daemon. - -Values are of the following forms: - -**FILE=**\ *filename* or **FILE:**\ *filename* - This value causes the daemon's logging messages to go to the - *filename*. If the ``=`` form is used, the file is overwritten. - If the ``:`` form is used, the file is appended to. - -**STDERR** - This value causes the daemon's logging messages to go to its - standard error stream. - -**CONSOLE** - This value causes the daemon's logging messages to go to the - console, if the system supports it. - -**DEVICE=**\ *<devicename>* - This causes the daemon's logging messages to go to the specified - device. - -**SYSLOG**\ [\ **:**\ *severity*\ [\ **:**\ *facility*\ ]] - This causes the daemon's logging messages to go to the system log. - - The severity argument specifies the default severity of system log - messages. This may be any of the following severities supported - by the syslog(3) call, minus the ``LOG_`` prefix: **EMERG**, - **ALERT**, **CRIT**, **ERR**, **WARNING**, **NOTICE**, **INFO**, - and **DEBUG**. - - The facility argument specifies the facility under which the - messages are logged. This may be any of the following facilities - supported by the syslog(3) call minus the LOG\_ prefix: **KERN**, - **USER**, **MAIL**, **DAEMON**, **AUTH**, **LPR**, **NEWS**, - **UUCP**, **CRON**, and **LOCAL0** through **LOCAL7**. - - If no severity is specified, the default is **ERR**. If no - facility is specified, the default is **AUTH**. - -In the following example, the logging messages from the KDC will go to -the console and to the system log under the facility LOG_DAEMON with -default severity of LOG_INFO; and the logging messages from the -administrative server will be appended to the file -``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``. - - :: - - [logging] - kdc = CONSOLE - kdc = SYSLOG:INFO:DAEMON - admin_server = FILE:/var/adm/kadmin.log - admin_server = DEVICE=/dev/tty04 - - .. _dbdefaults: [dbdefaults] @@ -410,8 +339,9 @@ definitions of these relations. ~~~~~~~~~~~ The [dbmodules] section contains parameters used by the KDC database -library and database modules. The following tag may be specified -in the [dbmodules] section: +library and database modules. + +The following tag may be specified in the [dbmodules] section: **db_module_dir** This tag controls where the plugin system looks for modules. The @@ -436,13 +366,15 @@ the subsection: authentication" field of principal entries requiring preauthentication. Setting this flag may improve performance. (Principal entries which do not require preauthentication never - update the "Last successful authentication" field.). + update the "Last successful authentication" field.). First + introduced in version 1.9. **disable_lockout** If set to ``true``, suppresses KDC updates to the "Last failed authentication" and "Failed password attempts" fields of principal entries requiring preauthentication. Setting this flag may - improve performance, but also disables account lockout. + improve performance, but also disables account lockout. First + introduced in version 1.9. **ldap_conns_per_server** This LDAP-specific tag indicates the number of connections to be @@ -479,6 +411,77 @@ the subsection: be kept secure. +.. _logging: + +[logging] +~~~~~~~~~ + +The [logging] section indicates how :ref:`krb5kdc(8)` and +:ref:`kadmind(8)` perform logging. The keys in this section are +daemon names, which may be one of: + +**admin_server** + Specifies how :ref:`kadmind(8)` performs logging. + +**kdc** + Specifies how :ref:`krb5kdc(8)` performs logging. + +**default** + Specifies how either daemon performs logging in the absence of + relations specific to the daemon. + +Values are of the following forms: + +**FILE=**\ *filename* or **FILE:**\ *filename* + This value causes the daemon's logging messages to go to the + *filename*. If the ``=`` form is used, the file is overwritten. + If the ``:`` form is used, the file is appended to. + +**STDERR** + This value causes the daemon's logging messages to go to its + standard error stream. + +**CONSOLE** + This value causes the daemon's logging messages to go to the + console, if the system supports it. + +**DEVICE=**\ *<devicename>* + This causes the daemon's logging messages to go to the specified + device. + +**SYSLOG**\ [\ **:**\ *severity*\ [\ **:**\ *facility*\ ]] + This causes the daemon's logging messages to go to the system log. + + The severity argument specifies the default severity of system log + messages. This may be any of the following severities supported + by the syslog(3) call, minus the ``LOG_`` prefix: **EMERG**, + **ALERT**, **CRIT**, **ERR**, **WARNING**, **NOTICE**, **INFO**, + and **DEBUG**. + + The facility argument specifies the facility under which the + messages are logged. This may be any of the following facilities + supported by the syslog(3) call minus the LOG\_ prefix: **KERN**, + **USER**, **MAIL**, **DAEMON**, **AUTH**, **LPR**, **NEWS**, + **UUCP**, **CRON**, and **LOCAL0** through **LOCAL7**. + + If no severity is specified, the default is **ERR**. If no + facility is specified, the default is **AUTH**. + +In the following example, the logging messages from the KDC will go to +the console and to the system log under the facility LOG_DAEMON with +default severity of LOG_INFO; and the logging messages from the +administrative server will be appended to the file +``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``. + + :: + + [logging] + kdc = CONSOLE + kdc = SYSLOG:INFO:DAEMON + admin_server = FILE:/var/adm/kadmin.log + admin_server = DEVICE=/dev/tty04 + + PKINIT options -------------- |