From: Theodore Tso <tytso@mit.edu>
Date: Thu, 24 Sep 1992 23:19:55 +0000 (+0000)
Subject: Added sample (un)defines for KRBCONF_VAGUE_ERRORS and
X-Git-Tag: krb5-1.0-beta2~68
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a2ffdd033cd5f3bcf0f08a9d3a74e7b3d634ab94;p=krb5.git

Added sample (un)defines for KRBCONF_VAGUE_ERRORS and
KRBCONF_KDC_MODIFIES_KDB

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2394 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/include/krb5/stock/config.h b/src/include/krb5/stock/config.h
index 314ee1f79..2d6a1f3a0 100644
--- a/src/include/krb5/stock/config.h
+++ b/src/include/krb5/stock/config.h
@@ -154,5 +154,23 @@ typedef int krb5_sigtype;
 #define	KRB5_KDB_MAX_RLIFE	(60*60*24*7) /* one week */
 #define	KRB5_KDB_EXPIRATION	2145830400 /* Thu Jan  1 00:00:00 2038 UTC */
 
+/*
+ * For paranoid DOE types that don't want to give helpful error
+ * messages to the client....er, attacker
+ */
+#undef KRBCONF_VAGUE_ERRORS
+
+/*
+ * Define this if you want the KDC to modify the Kerberos database;
+ * this allows the last request information to be updated, as well as
+ * the failure count information.
+ * 
+ * Note that this doesn't work if you're using slave servers!!!  It
+ * also causes the database to be modified (and thus need to be
+ * locked) frequently.
+ */
+#undef KRBCONF_KDC_MODIFIES_KDB
+    
+
 #endif /* KRB5_CONFIG__ */