summaryrefslogtreecommitdiffstats
path: root/src/config-files
Commit message (Collapse)AuthorAgeFilesLines
* Remove redundant domain_realm mappingsBen Kaduk2013-08-121-3/+1
| | | | | | | | | | | | | | | | | | | This fixes a long-standing documentation bug where we claimed that a domain_realm mapping for a host name would not affect entries under that domain name. The code has always had the behavior where a host name mapping implies the corresponding domain name mapping, since the 1.0 release. While here, replace media-lab with csail in example files, as the media lab realm is no longer in use. Also strip port 88 from KDC specifications, and drop the harmful default_{tgs,tkt}_enctypes lines from src/util/profile/krb5.conf. Further cleanup on these files to remove defunct realms may be in order. ticket: 7690 (new) tags: pullup target_version: 1.11.4
* Remove install-oldmanBen Kaduk2012-10-171-4/+0
| | | | | | The old man pages are gone, so we can't install them anymore. Also clean up install and install-unix targets that were installing the old man pages by hand.
* Remove nroff man pagesBen Kaduk2012-10-162-1086/+0
| | | | | | | We generate man pages from RST sources now; they are checked into the tree in src/man/. The gen-manpages directory is no longer needed.
* Remove admin_keytab references in code and docsGreg Hudson2012-03-042-8/+0
| | | | | | | | | The admin keytab hasn't been needed or used by kadmind since 1.4 (except possibly by legacy admin daemons which we no longer ship). Eliminate remaining references to it in code, test cases, and documentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25729 dc483132-0cff-0310-8789-dd5450dbe970
* install sphinx-generated manpagesTom Yu2012-01-091-2/+4
| | | | | | | | | | | | | | | | | Install sphinx-generated manpages. Original nroff manpages remain for reference until proofreading is complete. Modify doc/rst_source/conf.py to better deal with shadow manpages -- sphinx will now build k5login.5 instead of .k5login.5, and kadmin.1 instead of both kadmin.1 and kadmin.local.8. Proofreaders should ensure that the original nroff manpages (and associated Makefile rules) are deleted once their reST format equivalents have been proofread. ticket: 7064 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970
* Use built-in modules for encrypted timestampGreg Hudson2011-10-071-0/+3
| | | | | | | | Break out the encrypted timestamp code from kdc_preauth.c and preauth2.c into built-in modules, allowing admins to disable it and reducing the size of the framework code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25319 dc483132-0cff-0310-8789-dd5450dbe970
* Man page spelling corrections from ville.skytta@iki.fiGreg Hudson2011-10-022-7/+7
| | | | | | ticket: 6968 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25290 dc483132-0cff-0310-8789-dd5450dbe970
* Document some variables in the right sectionGreg Hudson2011-08-021-17/+17
| | | | | | | database_name, disable_last_success, and disable_lockout should be under dbmodules, not dbdefaults. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25067 dc483132-0cff-0310-8789-dd5450dbe970
* Document loadable profile modulesGreg Hudson2011-07-201-0/+12
| | | | | | ticket: 6929 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25027 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typo in preauth plugin krb5.conf docsGreg Hudson2011-06-291-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25001 dc483132-0cff-0310-8789-dd5450dbe970
* Document built-in modules for clpreauth/kdcpreauthGreg Hudson2011-06-261-8/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24991 dc483132-0cff-0310-8789-dd5450dbe970
* Document clpreauth/kdcpreauth module configurationGreg Hudson2011-06-231-0/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24982 dc483132-0cff-0310-8789-dd5450dbe970
* Add k5_plugin_register_dyn internal APIGreg Hudson2011-06-171-2/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24969 dc483132-0cff-0310-8789-dd5450dbe970
* Improve acceptor name flexibilityGreg Hudson2011-02-071-0/+9
| | | | | | | | | | | | | | | | | | | | | | Be more flexible about the principal names we will accept for a given GSS acceptor name. Also add support for a new libdefaults profile variable ignore_acceptor_hostname, which causes the hostnames of host-based service principals to be ignored when passed by server applications as acceptor names. Note that we still always invoke krb5_sname_to_principal() when importing a gss-krb5 mechanism name, even though we won't always use the result. This is an unfortunate waste of getaddrinfo/getnameinfo queries in some situations, but the code surgery necessary to defer it appears too risky at this time. The project proposal for this change is at: http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names ticket: 6855 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616 dc483132-0cff-0310-8789-dd5450dbe970
* Document rdns libdefault settingTom Yu2010-12-201-1/+8
| | | | | | | | ticket: 6794 tags: pullup target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24584 dc483132-0cff-0310-8789-dd5450dbe970
* Document kadm5_hook interfaceSam Hartman2010-10-051-0/+8
| | | | | | | | * krb5.conf * admin.texinfo * kadm5_hook_plugin.h: document initvt requirement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24422 dc483132-0cff-0310-8789-dd5450dbe970
* Implement k5login_directory and k5login_authoritative optionsGreg Hudson2010-10-011-0/+14
| | | | | | | | Add and document two new options for controlling k5login behavior. ticket: 6792 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24402 dc483132-0cff-0310-8789-dd5450dbe970
* Password quality pluggable interfaceGreg Hudson2010-09-011-0/+56
| | | | | | | | | | | Merge branches/plugins2 to trunk. Adds a password quality pluggable interface described in this project page: http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface ticket: 6765 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24284 dc483132-0cff-0310-8789-dd5450dbe970
* Revise the profile include design so that included files areGreg Hudson2010-08-251-1/+2
| | | | | | | | syntactically independent of parent files. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24256 dc483132-0cff-0310-8789-dd5450dbe970
* add profile include supportGreg Hudson2010-08-241-0/+10
| | | | | | | | | | Add support for "include" and "includedir" directives in profile files. See http://k5wiki.kerberos.org/wiki/Projects/Profile_Includes for more details. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24253 dc483132-0cff-0310-8789-dd5450dbe970
* Document the disable_last_success and disable_lockout variables inGreg Hudson2010-05-211-0/+17
| | | | | | | | | krb5.conf.M. Also document database_name in krb5.conf.M and slightly adjust the wording in admin.texinfo. ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24078 dc483132-0cff-0310-8789-dd5450dbe970
* kdc_tcp_ports not documented in kdc.conf.MTom Yu2010-05-201-0/+20
| | | | | | | | | | | | | | The kdc.conf setting kdc_tcp_ports was not documented in kdc.conf.M, though it was documented in doc/admin.texinfo. Copy text from there for now. The setting defaults to an empty string at the moment, causing the KDC to not listen on TCP by default, confusing some users. Changing this behavior is a separate issue. ticket: 6730 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24074 dc483132-0cff-0310-8789-dd5450dbe970
* Document the ticket_lifetime libdefaults setting (which was added inGreg Hudson2010-03-191-0/+4
| | | | | | | | | | r16656, #2656). Based on a patch from nalin@redhat.com. ticket: 6680 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23820 dc483132-0cff-0310-8789-dd5450dbe970
* doc updates for allow_weak_cryptoTom Yu2010-02-251-0/+8
| | | | | | | | | | Update documentation to be more helpful about allow_weak_crypto. ticket: 6669 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23750 dc483132-0cff-0310-8789-dd5450dbe970
* kdc_supported_enctypes does nothing; eradicate mentions thereofTom Yu2010-01-041-3/+0
| | | | | | | | | kdc_supported_enctypes does nothing. Remove all mention of it from documentation and test suites. ticket: 6620 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23578 dc483132-0cff-0310-8789-dd5450dbe970
* Fix spelling and hyphen errors in man pagesRuss Allbery2009-12-311-2/+2
| | | | | | | | | | | Fix spelling errors in man pages detected by Debian's Lintian program. Also escape some -'s that are intended to be literal ASCII dashes and not Unicode hyphens so that groff won't change them into true hyphens. ticket: 6616 component: krb5-doc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23554 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-221-2/+0
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* Unfortunately, pre-1.7 krshd fails to support keyed checksums becauseSam Hartman2009-04-031-1/+1
| | | | | | | | | | | | | | | | it uses the wrong API and wrong key usage. So, if the auth_context has an explicit checksum type set, then respect that. kcmd sets such a checksum type. Also, because other applications may have the same problem, allow the config file variable if set to override the default checksum. * kcmd.c: Force use of rsa_md5 * init_ctx.c: do not default to md5 * mk_req_ext.c: allow auth_context to override ticket: 1624 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22160 dc483132-0cff-0310-8789-dd5450dbe970
* Use the preferred checksum for non-DES keys in the kdc_req path andSam Hartman2009-04-011-7/+3
| | | | | | | | | | | | all the time in the ap_req checksum path. This breaks code to support DCE versions prior to 1.1 but uses the correct checksum for protocol compatibility. ticket: 1624 Target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22154 dc483132-0cff-0310-8789-dd5450dbe970
* remove obsolete GNU.ORG realm infoKen Raeburn2009-02-191-6/+1
| | | | | | | | | | | | | Our sample krb5.conf has obsolete info on the GNU.ORG realm; the DNS entries named don't exist, and AFAIK this hasn't been accurate in years. (I don't even know if they're currently running a Kerberos realm.) ticket: 6398 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22038 dc483132-0cff-0310-8789-dd5450dbe970
* remove some remnants of krb4-related config file optionsKen Raeburn2009-01-282-14/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21818 dc483132-0cff-0310-8789-dd5450dbe970
* move generated dependencies out of Makefile.inKen Raeburn2009-01-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Move automatically-generated dependencies into separate files in the source tree, and take the data out of Makefile.in. Keep the "make depend" rules for stripping out the dependencies from Makefile.in, in case some optional directories were missed, but everything that builds on my UNIX build has been converted. (Converting a directory just requires creating an empty "deps" file so that config.status can build the makefile, and then later running "make depend" in that directory to get the correct content for it.) Change configure scripts to incorporate the "deps" file when building each Makefile. This change requires the existence of a file "deps" in each source directory where we build a makefile, even if there are no sources for which to compute dependencies; a switch to GNU make would let us conditionalize that, but we can assess that later. Update dependencies for the generate Makefile itself to list the deps file. This will also require some minor tweaking of the Windows build, to make it incorporate the new deps file. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-031-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new fallback host-to-realm heuristic to try the components of theGreg Hudson2008-12-241-0/+10
| | | | | | | | | | | hostname as domains. The heuristic is off by default and is controlled by the realm_try_domains variable under libdefaults. Based on a patch submitted by Mark Phalan from Sun. ticket: 6031 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21588 dc483132-0cff-0310-8789-dd5450dbe970
* Merge from branch sun-ipropKen Raeburn2008-06-241-1/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a typo in krb5.conf: ldap_server should be ldap_servers, as theRuss Allbery2008-05-111-2/+2
| | | | | | | | | latter is what the LDAP KDB plugin looks for. Ticket: 5544 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20316 dc483132-0cff-0310-8789-dd5450dbe970
* The default K4 compatibility mode is now none, not preauth. Also documentRuss Allbery2007-02-031-3/+7
| | | | | | | | | | | | that the valid values for v4_mode are the valid arguments to the -4 flag to krb5kdc. Ticket: 2724 Component: krb5-doc Target_Version: 1.6.1 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19139 dc483132-0cff-0310-8789-dd5450dbe970
* Preauthentication Plugin FrameworkSam Hartman2006-10-031-1/+7
| | | | | | | | | | | | | Patch from Nalin Dahyabhai at Redhat to implement a preauthentication framework based on the plugin architecture. Currently. the API is considered internal and the header is not installed. See src/include/krb5/preauth_plugin.h for the interface. ticket: new Tags: enhancement Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18641 dc483132-0cff-0310-8789-dd5450dbe970
* Savitha's patches for:Ken Raeburn2006-09-181-10/+3
| | | | | | | | | - LDAP URI support for specifying server and port - support for ldapi interface - updated to newer LDAP APIs - updated documentation git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18592 dc483132-0cff-0310-8789-dd5450dbe970
* Merge remaining changes from LDAP integration branchKen Raeburn2006-07-181-0/+100
| | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://svn.mit.edu/krb5/branches/ldap-integ@18333. * plugins/kdb/ldap: New directory. * aclocal.m4 (WITH_LDAP): New macro. (CONFIG_RULES): Invoke it. * configure.in: Test ldap option, maybe configure and generate makefiles for new directories, and set and substitute ldap_plugin_dir. * Makefile.in (SUBDIRS): Add @ldap_plugin_dir@. * kdc/krb5kdc.M, kadmin/server/kadmind.M, kadmin/cli/kadmin.M, config-files/krb5.conf.M: Document LDAP changes (new options, config file entries, etc). * lib/kdb/kdb5.c (kdb_load_library): Put more info in error message. * lib/kadm5/admin.h (KADM5_CPW_FUNCTION, KADM5_RANDKEY_USED, KADM5_CONFIG_PASSWD_SERVER): New macros, disabled for now. (struct _kadm5_config_params): New field kpasswd_server, commented out for now. * lib/krb5/error_tables/kdb5_err.et: Add error codes KRB5_KDB_ACCESS_ERROR, KRB5_KDB_INTERNAL_ERROR, KRB5_KDB_CONSTRAINT_VIOLATION. ticket: 2935 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18334 dc483132-0cff-0310-8789-dd5450dbe970
* krb5.conf option name is udp_preference_limit, not udp_preference_listRuss Allbery2006-06-121-2/+2
| | | | | | | Ticket: 3468 Version_Reported: 1.4.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18108 dc483132-0cff-0310-8789-dd5450dbe970
* Remove ChangeLog files from the source tree. From now on, theSam Hartman2006-04-111-227/+0
| | | | | | | subversion commit log entry needs to include information that would have been in the changelog. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17893 dc483132-0cff-0310-8789-dd5450dbe970
* Remove .Sanitize and .rconf files, no longer usedKen Raeburn2006-04-111-43/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17888 dc483132-0cff-0310-8789-dd5450dbe970
* Install example config filesTom Yu2004-10-072-1/+7
| | | | | | ticket: 249 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16810 dc483132-0cff-0310-8789-dd5450dbe970
* Change subdir processing so that SUBDIRS will contain the configuredKen Raeburn2004-03-082-1/+4
| | | | | | | | | | | | | | subdirs only for the makefile in the directory with the configure script, and will have only $(LOCAL_SUBDIRS) elsewhere. Drop the use of "MY_SUBDIRS=." to override SUBDIRS in favor of this way of keeping SUBDIRS empty. Drop other uses of MY_SUBDIRS in favor of LOCAL_SUBDIRS or (in one case, the top level) overriding the SUBDIRS setting from pre.in. One less thing to keep tweaking as configure scripts get reorganized and merged. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16158 dc483132-0cff-0310-8789-dd5450dbe970
* Fixed filename substitution typos. @LOCALSTATEDIR -> /usr/local/varJen Selby2003-06-272-2/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15661 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5.conf.M: Sync with doc/krb5conf.texinfoTom Yu2003-06-202-4/+48
| | | | | | | ticket: 1085 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15641 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc.conf: Delete supported and master key type specsKen Raeburn2003-05-312-2/+2
| | | | | | | ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15538 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5.conf: Delete commented-out enctype specsKen Raeburn2003-05-312-4/+2
| | | | | | | ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15537 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5.conf: Delete Athena KDC specifications. Delete Cygnus realm info.Ken Raeburn2003-05-312-13/+10
| | | | | | | | | | | Replace CLUB.CC.CMU.EDU info with ANDREW.CMU.EDU, which has SRV records and thus doesn't need KDC specs. Provide a commented-out example of a [logging] spec. ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15536 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-05-28 20:39:58 +0000