From 320923ee5f14cad20a85693ed74ecb1c993d5a84 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 20 Jun 2003 21:14:56 +0000 Subject: * krb5.conf.M: Sync with doc/krb5conf.texinfo ticket: 1085 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15641 dc483132-0cff-0310-8789-dd5450dbe970 --- src/config-files/ChangeLog | 4 ++++ src/config-files/krb5.conf.M | 48 ++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 48 insertions(+), 4 deletions(-) (limited to 'src/config-files') diff --git a/src/config-files/ChangeLog b/src/config-files/ChangeLog index fa15846873..f2a28effcc 100644 --- a/src/config-files/ChangeLog +++ b/src/config-files/ChangeLog @@ -1,3 +1,7 @@ +2003-06-20 Tom Yu + + * krb5.conf.M: Sync with doc/krb5conf.texinfo. + 2003-05-30 Ken Raeburn * kdc.conf: Delete supported and master key type specs. diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M index 97ba8386c0..87582c0b4f 100644 --- a/src/config-files/krb5.conf.M +++ b/src/config-files/krb5.conf.M @@ -128,10 +128,10 @@ that the library will tolerate before assuming that a Kerberos message is invalid. The default value is 300 seconds, or five minutes. .IP kdc_timesync -If the value of this relation is non-zero, the library will compute the -difference between the system clock and the time returned by the KDC and -in order to correct for an inaccurate system clock. This corrective -factor is only used by the Kerberos library. +If the value of this relation is non-zero (the default), the library +will compute the difference between the system clock and the time +returned by the KDC and in order to correct for an inaccurate system +clock. This corrective factor is only used by the Kerberos library. .IP kdc_req_checksum_type For compatability with DCE security servers which do not support the @@ -164,6 +164,18 @@ do not support the default cache as created by this version of Kerberos. Use a value of 1 on DCE 1.0.3a systems, and a value of 2 on DCE 1.1 systems. +.IP krb4_srvtab +Specifies the location of the Kerberos V4 srvtab file. Default is +"/etc/srvtab". + +.IP krb4_config +Specifies the location of hte Kerberos V4 configuration file. Default +is "/etc/krb.conf". + +.IP krb4_realms +Specifies the location of the Kerberos V4 domain/realm translation +file. Default is "/etc/krb.realms". + .IP dns_lookup_kdc Indicate whether DNS SRV records shoud be used to locate the KDCs and other servers for a realm, if they are not listed in the information @@ -182,6 +194,34 @@ This allows a computer to use multiple local addresses, in order to allow Kerberos to work in a network that uses NATs. The addresses should be in a comma-separated list. +.IP udp_preference_limit +When sending a message to the KDC, the library will try using TCP +before UDP if the size of the message is above "udp_preference_list". +If the message is smaller than "udp_preference_list", then UDP will be +tried before TCP. Regardless of the size, both protocols will be +tried if the first attempt fails. + +.IP verify_ap_req_nofail +If this flag is set, then an attempt to get initial credentials will +fail if the client machine does not have a keytab. The default for the +flag is false. + +.IP renew_lifetime +The value of this tag is the default renewable lifetime for initial +tickets. The default value for the tag is 0. + +.IP noaddresses +Setting this flag causes the initial Kerberos ticket to be addressless. +The default for the flag is true. + +.IP forwardable +If this flag is set, initial tickets by default will be forwardable. +The default value for this flag is false. + +.IP proxiable +If this flag is set, initial tickets by default will be proxiable. +The default value for this flag is false. + .SH APPDEFAULTS SECTION Each tag in the [appdefaults] section names a Kerberos V5 application -- cgit