From c45662c1c261bc69e8fea4799a384e5e9da04ce5 Mon Sep 17 00:00:00 2001 From: John Kohl Date: Wed, 1 May 1991 12:06:31 +0000 Subject: [PATCH] Initial revision git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2084 dc483132-0cff-0310-8789-dd5450dbe970 --- src/config-files/krb.conf.M | 47 +++++++++++++++++++++++++++ src/config-files/krb.realms.M | 60 +++++++++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 src/config-files/krb.conf.M create mode 100644 src/config-files/krb.realms.M diff --git a/src/config-files/krb.conf.M b/src/config-files/krb.conf.M new file mode 100644 index 000000000..ace57a2d4 --- /dev/null +++ b/src/config-files/krb.conf.M @@ -0,0 +1,47 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1989,1991 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KRB.CONF 5 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +krb.conf \- Kerberos configuration file +.SH DESCRIPTION +.I krb.conf +contains configuration information describing the Kerberos realm and the +Kerberos key distribution center (KDC) servers for known realms. +.PP +.I krb.conf +contains two sections. The first section consists of only the first +line in the file. This line identifies the default realm to be used in +a client host's Kerberos activity. +.PP +The second section consists of the remainder of the file. Each +subsequent line maps a realm name to a host running a KDC for that +realm. The first token on the line is the realm name, and the second is +the hostname of a host running a KDC for that realm. The words "admin +server" following the hostname indicate that the host also provides an +administrative database server. For example, this file: +.sp +.nf +.in +1i +FOO.MIT.EDU +ATHENA.MIT.EDU kerberos-1.mit.edu admin server +ATHENA.MIT.EDU kerberos-2.mit.edu +FOO.MIT.EDU bar-kerberos.mit.edu +LCS.MIT.EDU kerberos.lcs.mit.edu admin server +.in -1i +.fi +.sp +configures the local host to run in the FOO.MIT.EDU realm by default, +identifies kerberos-1.mit.edu and kerberos-2.mit.edu as KDC's for the +ATHENA.MIT.EDU realm, bar-kerberos.mit.edu as a KDC for the FOO.MIT.EDU +realm, and kerberos.lcs.mit.edu as a KDC for the LCS.MIT.EDU. +In addition, kerberos.lcs.mit.edu provides an administrative server for +the LCS realm, and kerberos-1.mit.edu provides such a server for the +Athena realm. +.SH SEE ALSO +krb.realms(5) diff --git a/src/config-files/krb.realms.M b/src/config-files/krb.realms.M new file mode 100644 index 000000000..2074050d7 --- /dev/null +++ b/src/config-files/krb.realms.M @@ -0,0 +1,60 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1989,1991 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KRB.REALMS 5 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +krb.realms \- host to Kerberos realm translation file +.SH DESCRIPTION +.I krb.realms +provides a translation from a hostname to the Kerberos realm name for +the services provided by that host. +.PP +Each line of the translation file is in one of the following forms +(domain_name should be of the form .XXX.YYY, e.g. .LCS.MIT.EDU): +.nf +.in +5n +host_name kerberos_realm +domain_name kerberos_realm +.in -5n +.fi +If a hostname exactly matches the +.I host_name +field in a line of the first +form, the corresponding realm is the realm of the host. +If a hostname does not match any +.I host_name +in the file, but its +domain exactly matches the +.I domain_name +field in a line of the second +form, the corresponding realm is the realm of the host. +.PP +If no translation entry applies, the host's realm is considered to be +the hostname's domain portion converted to upper case. +For example, the following file: +.sp +.nf +.in +1i + .MIT.EDU ATHENA.MIT.EDU + .MIT.EDU. ATHENA.MIT.EDU + MIT.EDU ATHENA.MIT.EDU + DODO.MIT.EDU SMS_TEST.MIT.EDU + .UCSC.EDU CATS.UCSC.EDU + .UCSC.EDU. CATS.UCSC.EDU +.in -1i +.fi +.sp +maps dodo.mit.edu into the SMS_TEST.MIT.EDU realm, all other hosts in +the MIT.EDU domain to the ATHENA.MIT.EDU realm, and all hosts in the +UCSC.EDU domain into the CATS.UCSC.EDU realm. [The trailing dot is to +ensure that anchored domain names are properly matched.] +ucbvax.berkeley.edu would be mapped by the default rules to the +BERKELEY.EDU realm, while sage.lcs.mit.edu would be mapped to the +LCS.MIT.EDU realm. +.SH SEE ALSO +krb.conf(5) -- 2.26.2