From: Zhanna Tsitkov Date: Tue, 8 Nov 2011 15:16:29 +0000 (+0000) Subject: Added Environment Variables document. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=4425fba37b85df43c6feab853e2a26726ce5b85d;p=krb5.git Added Environment Variables document. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25457 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/doc/rst_source/krb_admins/env_variables.rst b/doc/rst_source/krb_admins/env_variables.rst new file mode 100644 index 000000000..5f495508d --- /dev/null +++ b/doc/rst_source/krb_admins/env_variables.rst @@ -0,0 +1,56 @@ +Environment variables +========================== + +The following environment variables can be used during runtime: + + +**KRB5_CONFIG** + Main Kerberos configuration file. + (See :ref:`mitK5defaults` for the default name) + +**KRB5_KDC_PROFILE** + KDC configuration file. + (See :ref:`mitK5defaults` for the default name) + +**KRB5_KTNAME** + Default *keytab* file name. + (See :ref:`mitK5defaults` for the default name) + +**KRB5CCNAME** + Default name for the credentials cache file. + +**KRB5RCACHETYPE** + Default replay cache type. Defaults to "dfl". + + E.g. *KRB5RCACHETYPE="none"* + +**KRB5RCACHENAME** + Default replay cache name. + (See :ref:`mitK5defaults` for the default name) + +**KRB5RCACHEDIR** + Default replay cache directory. + (See :ref:`mitK5defaults` for the default location) + +**KPROP_PORT** + *kprop* port to use. Defaults to 754. + +**KRB5_TRACE** + Debugging and tracing. (Introduced in release 1.9) + + E.g. *KRB5_TRACE=/dev/stdout kinit* + + This environment variable overrides the tracing behavior + set by the application using either of the following API: + + - :c:func:`krb5_set_trace_callback()` or + - :c:func:`krb5_set_trace_filename()` + +------------------ + +Feedback + + +Please, provide your feedback on this document at krb5-bugs@mit.edu?subject=Documentation___env + + diff --git a/doc/rst_source/krb_admins/index.rst b/doc/rst_source/krb_admins/index.rst index 4a2178d60..ae51765df 100644 --- a/doc/rst_source/krb_admins/index.rst +++ b/doc/rst_source/krb_admins/index.rst @@ -23,6 +23,8 @@ Contents: :maxdepth: 1 admin_commands/index.rst + ../mitK5defaults.rst + env_variables.rst troubleshoot.rst advanced/index.rst various_envs.rst diff --git a/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst b/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst index 84babc925..483bd39a9 100644 --- a/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst +++ b/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst @@ -15,6 +15,7 @@ Finally, manually propagate the database to each slave KDC, as in the following Just in case you need an additional confirmation of the successful propagation, do the following on the slave: + - make sure that only this slave's *kdc* is listed in the *krb5.conf* file, then - start *krb5kdc* on the slave server and - run "kinit admin/admin\@ATHENA.MIT.EDU" which should succeed once the correct password diff --git a/doc/rst_source/mitK5defaults.rst b/doc/rst_source/mitK5defaults.rst index 995590eee..dc01bedaf 100644 --- a/doc/rst_source/mitK5defaults.rst +++ b/doc/rst_source/mitK5defaults.rst @@ -8,25 +8,28 @@ The list of the site- and OS- dependent configuration ------------------------------------------------------- - ================================================== ================================ - Keytab file FILE\:/etc/krb5.keytab - Path to Kerberos configuration file /etc/krb5.conf:SYSCONFDIR/krb5.conf - KDC configuration file LOCALSTATEDIR/krb5kdc/kdc.conf + ================================================== ============================================== ===================================== + \ Default Environment + ================================================== ============================================== ===================================== + Keytab file FILE\:/etc/krb5.keytab KRB5_KTNAME + Path to Kerberos configuration file /etc/krb5.conf:SYSCONFDIR/krb5.conf KRB5_CONFIG + KDC configuration file LOCALSTATEDIR/krb5kdc/kdc.conf KRB5_KDC_PROFILE The location of the default database LOCALSTATEDIR/krb5kdc/principal - Master key stash file location and prefix LOCALSTATEDIR/krb5kdc/.k5. (for example, /usr/local/var/krb5kdc/.k5.YOURREALM) + Master key stash file location and prefix LOCALSTATEDIR/krb5kdc/.k5. + (e.g., /usr/local/var/krb5kdc/.k5.YOURREALM) Admin Access Control List (ACL) file LOCALSTATEDIR/krb5kdc/krb5_adm.acl Admin ACL file used by old admin server LOCALSTATEDIR/krb5kdc/kadm_old.acl Kerberos database library path MODULEDIR/kdb Base directory where plugins are located LIBDIR/krb5/plugins Master key default enctype ENCTYPE_AES256_CTS_HMAC_SHA1_96 - The name of the rcache used by KDC dfl:krb5kdc_rcache + The name of the replay cache used by KDC dfl:krb5kdc_rcache KRB5RCACHETYPE, KRB5RCACHENAME KDC portname used for /etc/services or equiv. "kerberos" KDC secondary portname for backward compatibility "kerberos-sec" KDC default port 88 KDC default port for authentication 750 Admin change password port 464 KDC UDP default portlist "88,750" - ================================================== ================================ + ================================================== ============================================== ===================================== MAC OS specific @@ -52,29 +55,37 @@ Windows specific Defaults for the KADM5 admin system --------------------------------------- - ====================================================================== ================================ - Admin keytab file LOCALSTATEDIR/krb5kdc/kadm5.keytab + ====================================================================== ====================================== ============================== + \ Default Environment + ====================================================================== ====================================== ============================== + Admin keytab file LOCALSTATEDIR/krb5kdc/kadm5.keytab KRB5_KTNAME Admin ACL file that defines access rights to the Kerberos database LOCALSTATEDIR/krb5kdc/kadm5.acl Admin server default port 749 - Default supported enctype/salttype matrix aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal arcfour-hmac-md5:normal + Default supported enctype/salttype matrix aes256-cts-hmac-sha1-96:normal + aes128-cts-hmac-sha1-96:normal + des3-cbc-sha1:normal + arcfour-hmac-md5:normal Max datagram size 4096 - Directory to store replay caches KRB5RCTMPDIR + Directory to store replay caches KRB5RCTMPDIR KRB5RCACHEDIR Kerberized login program SBINDIR/login.krb5 Kerberized remote login program BINDIR/rlogin - ====================================================================== ================================ + ====================================================================== ====================================== ============================== krb5 *slave* support ----------------------------- - ============================================================ ================================ + ============================================================ ======================================= =============================== + \ Default Environment + ============================================================ ======================================= =============================== kprop database dump file LOCALSTATEDIR/krb5kdc/slave_datatrans kpropd temporary database file LOCALSTATEDIR/krb5kdc/from_master Location of the utility used to load the principal database SBINDIR/kdb5_util kpropd default kprop SBINDIR/kprop kpropd principal database location LOCALSTATEDIR/krb5kdc/principal kpropd ACL file LOCALSTATEDIR/krb5kdc/kpropd.acl - ============================================================ ================================ + kprop port 754 KPROP_PORT + ============================================================ ======================================= =============================== Site- and system-wide initialization for the code compiled on Linux or Solaris diff --git a/doc/rst_source/mitK5features.rst b/doc/rst_source/mitK5features.rst index ea4cec639..89958cf29 100644 --- a/doc/rst_source/mitK5features.rst +++ b/doc/rst_source/mitK5features.rst @@ -13,8 +13,8 @@ Quick facts ====================================================== ======================================= ============================================================================= - Latest stable version 1.9.1 - Supported versions 1.7.2, 1.8.4, 1.9.1 + Latest stable version 1.9.2 + Supported versions 1.7.3, 1.8.5, 1.9.2 Release cycle 9 - 12 months Supported platforms/OS distributions Solaris - SPARC @@ -41,7 +41,6 @@ Quick facts GSS-API extensions for storing delegated credentials 1.8+ :rfc:`5588` License :ref:`mitK5license` - Defaults :ref:`mitK5defaults` ====================================================== ======================================= =============================================================================