diff options
| author | Nathaniel McCallum <npmccallum@redhat.com> | 2014-02-05 10:59:46 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2014-02-06 16:17:27 -0500 |
| commit | 1e4bdcfed2c7bda94d5c135cc32a5993ca032501 (patch) | |
| tree | d4a0a8ee96b73ad78152e1219183eb2787493897 /doc/admin | |
| parent | 53cfb8327c452bd72a8e915338fb5ec838079cd3 (diff) | |
Move OTP sockets to KDC_RUN_DIR
Some system configurations expect Unix-domain sockets to live under
/run or /var/run, and not other parts of /var where persistent
application state lives. Define a new directory KDC_RUN_DIR using
$runstatedir (new in autoconf 2.70, so fall back to $localstatedir/run
if it's not set) and use that for the default socket path.
[ghudson@mit.edu: commit message, otp.rst formatting fix]
ticket: 7859 (new)
Diffstat (limited to 'doc/admin')
| -rw-r--r-- | doc/admin/otp.rst | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/admin/otp.rst b/doc/admin/otp.rst index 0abd5ff83..f12c36d4f 100644 --- a/doc/admin/otp.rst +++ b/doc/admin/otp.rst @@ -23,7 +23,7 @@ the following format:: [otp] <name> = { - server = <host:port or filename> (default: $KDCDIR/<name>.socket) + server = <host:port or filename> (default: see below) secret = <filename> timeout = <integer> (default: 5 [seconds]) retries = <integer> (default: 3) @@ -33,7 +33,8 @@ the following format:: If the server field begins with '/', it will be interpreted as a UNIX socket. Otherwise, it is assumed to be in the format host:port. When a UNIX domain socket is specified, the secret field is optional and an -empty secret is used by default. +empty secret is used by default. If the server field is not +specified, it defaults to |kdcrundir|\ ``/<name>.socket``. When forwarding the request over RADIUS, by default the principal is used in the User-Name attribute of the RADIUS packet. The strip_realm |