diff options
author | Greg Hudson <ghudson@mit.edu> | 2010-10-01 15:56:30 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2010-10-01 15:56:30 +0000 |
commit | a9a153eb38d1b1f3ee2b6860de3de4eba48bbbeb (patch) | |
tree | d99aab650ef6f2dbb8ce5d0f7a481a0f89b1fe63 /src/config-files | |
parent | 7db027b67b3d9b6110f9f2dd2954507c74ab54e8 (diff) | |
download | krb5-a9a153eb38d1b1f3ee2b6860de3de4eba48bbbeb.tar.gz krb5-a9a153eb38d1b1f3ee2b6860de3de4eba48bbbeb.tar.xz krb5-a9a153eb38d1b1f3ee2b6860de3de4eba48bbbeb.zip |
Implement k5login_directory and k5login_authoritative options
Add and document two new options for controlling k5login behavior.
ticket: 6792
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24402 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/config-files')
-rw-r--r-- | src/config-files/krb5.conf.M | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M index 2995aa2bef..e658e8997f 100644 --- a/src/config-files/krb5.conf.M +++ b/src/config-files/krb5.conf.M @@ -155,6 +155,20 @@ This relation sets the maximum allowable amount of clockskew in seconds that the library will tolerate before assuming that a Kerberos message is invalid. The default value is 300 seconds, or five minutes. +.IP k5login_authoritative +If the value of this relation is true (the default), principals must +be listed in a local user's k5login file to be granted login access, +if a k5login file exists. If the value of this relation is false, a +principal may still be granted login access through other mechanisms +even if a k5login file exists but does not list the principal. + +.IP k5login_directory +If set, the library will look for a local user's k5login file within +the named directory, with a filename corresponding to the local +username. If not set, the library will look for k5login files in the +user's home directory, with the filename .k5login. For security +reasons, k5login files must be owned by the local user or by root. + .IP kdc_timesync If the value of this relation is non-zero (the default), the library will compute the difference between the system clock and the time |