From 02bfebe0e937a9c578bee586d37ce1f723dd92ae Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Mon, 20 May 1996 21:27:22 +0000 Subject: [PATCH] krb5.conf.M: Document kdc_req_checksumtype, as_req_checksum_type, and safe_checksum_type. krb5.conf: Remove the tkt_lifetime parameter altogether. We may end up doing it slightly differently post-Beta 6... git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8067 dc483132-0cff-0310-8789-dd5450dbe970 --- src/config-files/ChangeLog | 8 ++++++++ src/config-files/krb5.conf | 1 - src/config-files/krb5.conf.M | 16 +++++++++++++++- 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/src/config-files/ChangeLog b/src/config-files/ChangeLog index e28f88994..8bea0b64f 100644 --- a/src/config-files/ChangeLog +++ b/src/config-files/ChangeLog @@ -1,3 +1,11 @@ +Mon May 20 17:25:09 1996 Theodore Y. Ts'o + + * krb5.conf.M: Document kdc_req_checksumtype, + as_req_checksum_type, and safe_checksum_type. + + * krb5.conf: Remove the tkt_lifetime parameter altogether. We may + end up doing it slightly differently post-Beta 6... + Mon May 13 20:39:33 1996 Theodore Y. Ts'o * krb5.conf: Change the default ticket lifetime to something diff --git a/src/config-files/krb5.conf b/src/config-files/krb5.conf index c0402662c..d087d0cbf 100644 --- a/src/config-files/krb5.conf +++ b/src/config-files/krb5.conf @@ -1,5 +1,4 @@ [libdefaults] - tkt_lifetime = 36000 default_realm = ATHENA.MIT.EDU default_tgs_enctypes = des-cbc-crc default_tkt_enctypes = des-cbc-crc diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M index bd1c957da..581a75643 100644 --- a/src/config-files/krb5.conf.M +++ b/src/config-files/krb5.conf.M @@ -118,12 +118,26 @@ the difference between the system clock and the time returned by the KDC and in order to correct for an inaccurate system clock. This corrective factor is only used by the Kerberos library. -.IP checksum_type +.IP kdc_req_checksum_type For compatability with DCE security servers which do not support the default CKSUMTYPE_RSA_MD5 used by this version of Kerberos. Use a value of 2 to use the CKSUMTYPE_RSA_MD4 instead. This applies to DCE 1.1 and earlier. +.IP ap_req_checksum_type +This allows you to set the checksum type used in the authenticator of +KRB_AP_REQ messages. The default value for this type is CKSUMTYPE_RSA_MD5. +For compatibility with applications linked against DCE Kerberos libraries, +use a value of 2 to use the CKSUMTYPE_RSA_MD4 instead. This applies to +DCE 1.1 and earlier. + +.IP safe_checksum_type +This allows you to set the keyed-checksum type used in +KRB_SAFE messages. The default value for this type is CKSUMTYPE_RSA_MD5_DES. +For compatibility with applications linked against DCE Kerberos libraries, +use a value of 3 to use the CKSUMTYPE_RSA_MD4_DES instead. This applies to +DCE 1.1 and earlier. + .IP ccache_type User this parameter on systems which are DCE clients, to specify the type of cache to be created by kinit, or when forwarded tickets are -- 2.26.2