From: Paul Park Date: Wed, 12 Jul 1995 18:56:22 +0000 (+0000) Subject: Update kdc.conf syntax X-Git-Tag: krb5-1.0-beta6~1531 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=f9e9d25e38d2be7ef3b7e89206acd269d74273b6;p=krb5.git Update kdc.conf syntax git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6286 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/config-files/ChangeLog b/src/config-files/ChangeLog index fe4209842..2c10f7bf2 100644 --- a/src/config-files/ChangeLog +++ b/src/config-files/ChangeLog @@ -1,4 +1,10 @@ +Wed Jul 12 12:06:10 EDT 1995 Paul Park (pjpark@mit.edu) + * kdc.conf[.M] - Change syntax. KDC now has per-realm information in + [realms] section and has [kdcdefaults] to contain global data. + Add profile and secondary_port per-realm data. + + Fri Jun 23 10:36:48 EDT 1995 Paul Park (pjpark@mit.edu) * kdc.conf[.M] - Add description of new KDC configuration file. diff --git a/src/config-files/kdc.conf b/src/config-files/kdc.conf index 39d1d033d..25928d168 100644 --- a/src/config-files/kdc.conf +++ b/src/config-files/kdc.conf @@ -1,7 +1,14 @@ +[kdcdefaults] + primary_ports = 750 + secondary_ports = 88 -[ATHENA.MIT.EDU] - database_name = /usr/local/lib/krb5kdc/principal - key_stash_file = /usr/local/lib/krb5kdc/stash - port = 88 - max_life = 8h 0m 0s - max_renewable_life = 7d 0h 0m 0s +[realms] + ATHENA.MIT.EDU = { + profile = /etc/krb5.conf + database_name = /usr/local/lib/krb5kdc/principal + key_stash_file = /usr/local/lib/krb5kdc/stash + port = 750 + secondary_port = 88 + max_life = 8h 0m 0s + max_renewable_life = 7d 0h 0m 0s + } diff --git a/src/config-files/kdc.conf.M b/src/config-files/kdc.conf.M index ccc9bf706..ffe06d7af 100644 --- a/src/config-files/kdc.conf.M +++ b/src/config-files/kdc.conf.M @@ -33,11 +33,65 @@ file. For a basic description of the syntax, please refer to the .I krb5.conf description. .PP -Each section in +The following sections are currently used in the .I kdc.conf -describes a particular realm and the individual tags describe that -parameter value for that realm. The following tags are currently -used: +file: +.IP [kdcdefaults] +Contains parameters which control the overall behaviour of the KDC. +.IP [realms] +Contains subsections keyed by Kerberos realm names which describe per-realm +KDC parameters. +.SH KDCDEFAULTS SECTION +The following relations are defined in the +.I [kdcdefaults] +section: +.IP primary_ports +This relation lists the primary ports (e.g. ports to serve Kerberos version +5 requests) to listen on. This list is a comma separated list of integers. +If supplied, this list serves as a base list of ports to listen on. If any +other ports are named in the +.I [realms] +section explicitly; or are named by +.B kdc +relations specifying this host in the +.I krb5.conf +file specified in the +.B profile +entry for a particular realm, then these ports are also listened on. +.IP secondary_ports +This relation lists the secondary ports (e.g. ports to serve Kerberos version +4 requests) to listen on. If supplied, this list serves as a base list of +ports to listen on. If any other ports are named in the +.I [realms] +section explicitly; or are named by +.B v4kdc +relations specifying this host in the +.I krb5.conf +file specified in the +.B profile +entry for a particular realm, then these ports are also listened on. +Further, if this list is specified and the first element is +.I \-1 +then no secondary ports are listened to, even if specified in the +.I [realms] +section. +.SH REALMS SECTION +Each tag in the +.I [realms] +section of the file names a Kerbveros realm. The value of the tag is a +subsection where the relations in that subsection define KDC parameters for +that particular realm. +.PP +For each realm, the following tags may be specified in the +.I [realms] +subsection: +.IP profile +This +.B string +specifies the location of the Kerberos configuration file, e.g. +.I krb5.conf +, for that realm. + .IP database_name This .B string @@ -71,6 +125,12 @@ This specifies the primary port that the KDC is to listen to for this realm. +.IP secondary_port +This +.B integer +specifies the secondary port that the KDC is to listen to for this +realm. + .IP max_life This .B string