* krb5.conf.M: Sync with doc/krb5conf.texinfo

ticket: 1085
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15641 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 48 insertions, 4 deletions

diff --git a/src/config-files/ChangeLog b/src/config-files/ChangeLog
index fa15846873..f2a28effcc 100644
--- a/src/config-files/ChangeLog
+++ b/src/config-files/ChangeLog
@@ -1,3 +1,7 @@
+2003-06-20  Tom Yu  <tlyu@mit.edu>
+
+	* krb5.conf.M: Sync with doc/krb5conf.texinfo.
+
 2003-05-30  Ken Raeburn  <raeburn@mit.edu>
 
 	* kdc.conf: Delete supported and master key type specs.
diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M
index 97ba8386c0..87582c0b4f 100644
--- a/src/config-files/krb5.conf.M
+++ b/src/config-files/krb5.conf.M
@@ -128,10 +128,10 @@ that the library will tolerate before assuming that a Kerberos message
 is invalid.  The default value is 300 seconds, or five minutes.
 
 .IP kdc_timesync 
-If the value of this relation is non-zero, the library will compute the
-difference between the system clock and the time returned by the KDC and
-in order to correct for an inaccurate system clock.  This corrective
-factor is only used by the Kerberos library.
+If the value of this relation is non-zero (the default), the library
+will compute the difference between the system clock and the time
+returned by the KDC and in order to correct for an inaccurate system
+clock.  This corrective factor is only used by the Kerberos library.
 
 .IP kdc_req_checksum_type
 For compatability with DCE security servers which do not support the
@@ -164,6 +164,18 @@ do not support the default cache as created by this version of
 Kerberos. Use a value of 1 on DCE 1.0.3a systems, and a value of 2 on
 DCE 1.1 systems.
 
+.IP krb4_srvtab 
+Specifies the location of the Kerberos V4 srvtab file.  Default is
+"/etc/srvtab".
+
+.IP krb4_config
+Specifies the location of hte Kerberos V4 configuration file.  Default
+is "/etc/krb.conf".
+
+.IP krb4_realms
+Specifies the location of the Kerberos V4 domain/realm translation
+file.  Default is "/etc/krb.realms".
+
 .IP dns_lookup_kdc
 Indicate whether DNS SRV records shoud be used to locate the KDCs and 
 other servers for a realm, if they are not listed in the information 
@@ -182,6 +194,34 @@ This allows a computer to use multiple local addresses, in order to
 allow Kerberos to work in a network that uses NATs.  The addresses should
 be in a comma-separated list.
 
+.IP udp_preference_limit
+When sending a message to the KDC, the library will try using TCP
+before UDP if the size of the message is above "udp_preference_list".
+If the message is smaller than "udp_preference_list", then UDP will be
+tried before TCP.  Regardless of the size, both protocols will be
+tried if the first attempt fails.
+
+.IP verify_ap_req_nofail
+If this flag is set, then an attempt to get initial credentials will
+fail if the client machine does not have a keytab.  The default for the
+flag is false.
+
+.IP renew_lifetime
+The value of this tag is the default renewable lifetime for initial
+tickets.  The default value for the tag is 0.
+
+.IP noaddresses
+Setting this flag causes the initial Kerberos ticket to be addressless.
+The default for the flag is true.
+
+.IP forwardable
+If this flag is set, initial tickets by default will be forwardable.
+The default value for this flag is false.
+
+.IP proxiable
+If this flag is set, initial tickets by default will be proxiable.
+The default value for this flag is false.
+
 .SH APPDEFAULTS SECTION
 
 Each tag in the [appdefaults] section names a Kerberos V5 application