Browse Source

Ship a simpler krb5.conf which logs to syslog(3) by default.

Remove useless README -- the info(1) and man(1) pages contains all the
required information.
ok dcoppa@ robert@ beck@
OPENBSD_5_4
ajacoutot 11 years ago
parent
commit
40ea57dfe9
3 changed files with 18 additions and 71 deletions
  1. +1
    -3
      src/etc/Makefile
  2. +0
    -19
      src/etc/kerberosV/README
  3. +17
    -49
      src/etc/kerberosV/krb5.conf.example

+ 1
- 3
src/etc/Makefile View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.332 2013/06/01 14:06:20 naddy Exp $
# $OpenBSD: Makefile,v 1.333 2013/07/10 05:12:15 ajacoutot Exp $
TZDIR= /usr/share/zoneinfo TZDIR= /usr/share/zoneinfo
LOCALTIME= Canada/Mountain LOCALTIME= Canada/Mountain
@ -167,8 +167,6 @@ distribution-etc-root-var: distrib-dirs
${INSTALL} -c -o root -g wheel -m 600 /dev/null \ ${INSTALL} -c -o root -g wheel -m 600 /dev/null \
${DESTDIR}/etc/skel/.ssh/authorized_keys ${DESTDIR}/etc/skel/.ssh/authorized_keys
cd kerberosV; \ cd kerberosV; \
${INSTALL} -c -o root -g wheel -m 644 README \
${DESTDIR}/etc/kerberosV; \
${INSTALL} -c -o root -g wheel -m 644 krb5.conf.example \ ${INSTALL} -c -o root -g wheel -m 644 krb5.conf.example \
${DESTDIR}/etc/kerberosV ${DESTDIR}/etc/kerberosV
cd amd; \ cd amd; \


+ 0
- 19
src/etc/kerberosV/README View File

@ -1,19 +0,0 @@
# $OpenBSD: README,v 1.3 2003/08/01 08:42:37 hin Exp $
Notes about the KerberosV support in OpenBSD:
- Please check the heimdal info page (type "info heimdal") to get more
information. A number of manpages also exists, although the info-page
is currently the best installation instruction.
- There are some very informational RFCs in the source directory.
- Before you use KerberosV you should setup an /etc/kerberosV/krb5.conf
according to the instructions in the heimdal infopage.
- The directory /var/heimdal contains logs, the database and acl files,
and must be created before the kdc, kadmind or kpasswdd can be used.
Disclosing the database would be a _really_ bad thing.
- The file /etc/kerberosV/krb5.keytab contains the encryption keys and
its important that you keep this file secret.

+ 17
- 49
src/etc/kerberosV/krb5.conf.example View File

@ -1,59 +1,27 @@
# $OpenBSD: krb5.conf.example,v 1.6 2005/02/07 06:08:10 david Exp $
# $OpenBSD: krb5.conf.example,v 1.7 2013/07/10 05:12:15 ajacoutot Exp $
# #
# Example Kerberos 5 configuration file. You may need to change the defaults
# in this file to match your environment.
#
# See krb5.conf(5) and the heimdal infopage for more information.
#
# Normally, the realm should be your DNS domain name with uppercase
# letters. In this example file, we've written the realm as MY.REALM
# and the domain as my.domain to make it clear what we refer to.
#
# Normally, it is not necessary to do any changes on client-only
# machines, as it's recommended that the information needed is put
# in DNS.
# On server machines, it is not strictly necessary, but it is recommended
# to have local configuration.
#
[libdefaults]
# Set the realm of this host here
default_realm = MY.REALM
# Maximum allowed time difference between KDC and this host
clockskew = 300
# Kerberos 5 minimal configuration example.
# See krb5.conf(5) and the heimdal info(1) page for more information.
# Uncomment this if you run NAT on the client side of kauth.
# This may be considered a security issue though.
# no-addresses = yes
[libdefaults]
# local realm(s)
default_realm = DOMAIN.TLD
[realms] [realms]
MY.REALM = {
# Specify KDC here
kdc = kerberos.my.domain
# Administration server, used for creating users etc.
admin_server = kerberos.my.domain
}
DOMAIN.TLD = {
# list of KDC(s) for this realm
kdc = kerberos.domain.tld
# Example of a "foreign" realm
OTHER.REALM = {
kdc = kerberos.other.domain
default_domain = other.domain
v4_domains = other.domain
# admin server for this realm
admin_server = kerberos.domain.tld
} }
# This sections describes how to figure out a realm given a DNS name
[domain_realm]
.my.domain = MY.REALM
[kadmin] [kadmin]
# This is the trickiest part of a Kerberos installation. See the
# heimdal infopage for more information about encryption types.
# For a k5 only realm, this will be fine
# default_keys = v5
# default salt string
default_keys = v5
[logging] [logging]
# The KDC logs by default, but it's nice to have a kadmind log as well.
kadmind = FILE:/var/heimdal/kadmind.log
# log to syslog(3)
kdc = SYSLOG:INFO:DAEMON
kpasswdd = SYSLOG:INFO:AUTH
default = SYSLOG:INFO:DAEMON

Loading…
Cancel
Save