@ -1,35 +0,0 @@ | |||||
# from @(#)README 8.1 (Berkeley) 6/9/93 | |||||
# $OpenBSD: README,v 1.6 2002/06/09 06:15:15 todd Exp $ | |||||
Notes about the contents of the /etc/kerberosIV directory: | |||||
(Please check the kth-krb infopage for more information about KerberosIV) | |||||
The file master_key contains a copy of the master key under which the | |||||
entire KerberosIV database is encrypted. Disclosing this key would be bad | |||||
news. The reason it is stored in the filesystem is because the following | |||||
programs need to inspect or modify the kereros database, and so the key | |||||
must be available for them, (or else it would have to be typed in by | |||||
hand): | |||||
- kerberos (the server itself) | |||||
- kpasswdd (for changing passwords) | |||||
- kadmind (database administration server) | |||||
The srvtab file contains the encryption keys for each service on the local | |||||
host. Any host offering network services would have a key here, although | |||||
many such files can be used. | |||||
The principal.* files comprise the KerberosIV database itself, and contain | |||||
keys for all principles, and should not be world-readable. | |||||
The krb.conf file contains the configuration for this machine: | |||||
1) which realm I'm in | |||||
if this line begins with '#', KerberosIV is disabled system-wide. | |||||
2) which servers I should talk to for _this_ realm | |||||
3) which servers I should talk to for the following realms. | |||||
The krb.realms file contains the name of KerberosIV servers for | |||||
various (sub)domains. | |||||
KerberosIV log information it placed in /var/log/kerberos.log | |||||
(see /etc/rc to change it) |
@ -1,5 +0,0 @@ | |||||
#MY.DOMAIN | |||||
#MY.DOMAIN me.my.domain admin server | |||||
SIGMASOFT.COM gandalf.sigmasoft.com admin server | |||||
TOAD.COM toad.com admin server | |||||
TETHERLESS.COM gandalf.pa.tetherless.com admin server |
@ -1,10 +0,0 @@ | |||||
# $OpenBSD: krb.equiv,v 1.4 2002/06/09 06:15:15 todd Exp $ | |||||
# krb.equiv contains a list of IP addresses that is to be considered being | |||||
# the same host for KerberosIV purposes. | |||||
# Please refer to krb.equiv(5) for more information. | |||||
# | |||||
# Examples | |||||
# A machine with two interfaces. | |||||
#130.237.232.113 130.237.221.42 # emma emma-ether | |||||
# A machine with *many* interfaces | |||||
#193.10.156.0/24 193.10.157.0/24 # syk-* syk-*-hps |
@ -1,25 +0,0 @@ | |||||
# $OpenBSD: krb.extra,v 1.3 2003/01/06 11:33:25 miod Exp $ | |||||
# | |||||
# This file holds some configuration options that are not normally used. | |||||
# Please see krb.extra(5) for more information about this file - only | |||||
# the most commonly used variables are listed here. | |||||
# | |||||
# You can specify a number of VARIABLE = VALUE pairs in this file. Empty lines | |||||
# and lines beginning with a hash (#) are ignored. | |||||
# kdc_timeout specifies how many seconds to wait for a respons from the KDC. | |||||
# Default is 4 seconds. | |||||
#kdc_timeout=4 | |||||
# kdc_timesync makes KerberosIV store the time difference between the client | |||||
# and the KDC. This makes it possible to use KerberosIV if for some reason you | |||||
# cannot synchronize the clocks. Default is no. | |||||
#kdc_timesync=yes | |||||
# To get KerberosIV tickets via a http proxy, use krb4_proxy to specify what | |||||
# proxy to user. Default is to not use a proxy. | |||||
#krb4_proxy=proxy | |||||
# If your network uses NAT (Network Address Translation), this enables some | |||||
# code that will make your life easier. Default is no. | |||||
#nat_in_use=yes |
@ -1,13 +0,0 @@ | |||||
my.domain MY.DOMAIN | |||||
.my.domain MY.DOMAIN | |||||
sigmasoft.com SIGMASOFT.COM | |||||
.sigmasoft.com SIGMASOFT.COM | |||||
toad.com TOAD.COM | |||||
.toad.com TOAD.COM | |||||
tetherless.com TETHERLESS.COM | |||||
.tetherless.com TETHERLESS.COM | |||||
.pa.tetherless.com TETHERLESS.COM | |||||
tetherless.net TETHERLESS.COM | |||||
.tetherless.net TETHERLESS.COM | |||||
.pa.tetherless.net TETHERLESS.COM | |||||
.ba.tetherless.net TETHERLESS.COM |