Added sample (un)defines for KRBCONF_VAGUE_ERRORS and
authorTheodore Tso <tytso@mit.edu>
Thu, 24 Sep 1992 23:19:55 +0000 (23:19 +0000)
committerTheodore Tso <tytso@mit.edu>
Thu, 24 Sep 1992 23:19:55 +0000 (23:19 +0000)
KRBCONF_KDC_MODIFIES_KDB

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2394 dc483132-0cff-0310-8789-dd5450dbe970

src/include/krb5/stock/config.h

index 314ee1f793c84be8c844b94e59d8121e649b058d..2d6a1f3a05a169c0b2f3ed9db0e4ce94bf7e3a6b 100644 (file)
@@ -154,5 +154,23 @@ typedef int krb5_sigtype;
 #define        KRB5_KDB_MAX_RLIFE      (60*60*24*7) /* one week */
 #define        KRB5_KDB_EXPIRATION     2145830400 /* Thu Jan  1 00:00:00 2038 UTC */
 
+/*
+ * For paranoid DOE types that don't want to give helpful error
+ * messages to the client....er, attacker
+ */
+#undef KRBCONF_VAGUE_ERRORS
+
+/*
+ * Define this if you want the KDC to modify the Kerberos database;
+ * this allows the last request information to be updated, as well as
+ * the failure count information.
+ * 
+ * Note that this doesn't work if you're using slave servers!!!  It
+ * also causes the database to be modified (and thus need to be
+ * locked) frequently.
+ */
+#undef KRBCONF_KDC_MODIFIES_KDB
+    
+
 #endif /* KRB5_CONFIG__ */