Browse Source

Don't mention kerberos 4, plus some cleanup.

OPENBSD_3_4
hin 21 years ago
parent
commit
8448a41822
1 changed files with 9 additions and 30 deletions
  1. +9
    -30
      src/etc/kerberosV/krb5.conf.example

+ 9
- 30
src/etc/kerberosV/krb5.conf.example View File

@ -1,6 +1,6 @@
# $OpenBSD: krb5.conf.example,v 1.3 2002/06/09 06:15:15 todd Exp $
# $OpenBSD: krb5.conf.example,v 1.4 2003/08/01 08:41:52 hin Exp $
# #
# Example Kerberos 5 configuration file. You need to change the defaults
# Example Kerberos 5 configuration file. You may need to change the defaults
# in this file to match your environment. # in this file to match your environment.
# #
# See krb5.conf(5) and the heimdal infopage for more information. # See krb5.conf(5) and the heimdal infopage for more information.
@ -8,7 +8,13 @@
# Normally, the realm should be your DNS domain name with uppercase # Normally, the realm should be your DNS domain name with uppercase
# letters. In this example file, we've written the realm as MY.REALM # letters. In this example file, we've written the realm as MY.REALM
# and the domain as my.domain to make it clear what we refer to. # and the domain as my.domain to make it clear what we refer to.
#
# Normally, it is not necessary to do any changes on client-only
# machines, as it's recommended that the information needed is put
# in DNS.
# On server machines, it is not strictly necessary, but it is recommended
# to have local configuration.
#
[libdefaults] [libdefaults]
# Set the realm of this host here # Set the realm of this host here
default_realm = MY.REALM default_realm = MY.REALM
@ -16,12 +22,6 @@
# Maximum allowed time difference between KDC and this host # Maximum allowed time difference between KDC and this host
clockskew = 300 clockskew = 300
# Use DNS to convert Kerberos 4 host instances
v4_instance_resolve = yes
# Get Kerberos 4 tickets in kauth, login et al.
krb4_get_tickets = yes
# Uncomment this if you run NAT on the client side of kauth. # Uncomment this if you run NAT on the client side of kauth.
# This may be considered a security issue though. # This may be considered a security issue though.
# no-addresses = yes # no-addresses = yes
@ -30,20 +30,6 @@
MY.REALM = { MY.REALM = {
# Specify KDC here # Specify KDC here
kdc = kerberos.my.domain kdc = kerberos.my.domain
# If you use Kerberos 4 compatibility, you probably want this.
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
pop = pop
}
}
# Use this/these DNS domains when trying to convert
# Kerberos 4 principals
default_domain = my.domain
v4_domains = my.domain
} }
# Example of a "foreign" realm # Example of a "foreign" realm
@ -65,13 +51,6 @@
# For a k5 only realm, this will be fine # For a k5 only realm, this will be fine
# default_keys = v5 # default_keys = v5
# For a k5 realm with k4 compatibilty, you probably want this
# default_keys = v5 v4
# For a k5 realm with k4 nodes and AFS, this should work.
# Remember to set your cell name here - used for salting the password
# default_keys = v5 v4 des:afs3-salt:my.afs.cell
[logging] [logging]
# The KDC logs by default, but it's nice to have a kadmind log as well. # The KDC logs by default, but it's nice to have a kadmind log as well.
kadmind = FILE:/var/heimdal/kadmind.log kadmind = FILE:/var/heimdal/kadmind.log

Loading…
Cancel
Save