From d604fed1d0c8700cbdbd828556413f100ecfb84d Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 28 Mar 2012 21:10:49 +0000 Subject: [PATCH] Edit defaults page in documentation Eliminate unused values and OS-specific stuff. Reformat tables. Add a path substitution for sysconfdir to be used in the default config file path. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25793 dc483132-0cff-0310-8789-dd5450dbe970 --- doc/rst_source/conf.py | 3 + doc/rst_source/mitK5defaults.rst | 150 ++++++++++++------------------- src/man/Makefile.in | 4 +- 3 files changed, 63 insertions(+), 94 deletions(-) diff --git a/doc/rst_source/conf.py b/doc/rst_source/conf.py index c423e08e5..8381fb477 100644 --- a/doc/rst_source/conf.py +++ b/doc/rst_source/conf.py @@ -213,17 +213,20 @@ if 'mansubs' in tags: sbindir = '@SBINDIR@' libdir = '@LIBDIR@' localstatedir = '@LOCALSTATEDIR@' + sysconfdir = '@SYSCONFDIR@' else: bindir = '/usr/local/bin' sbindir = '/usr/local/sbin' libdir = '/usr/local/lib' localstatedir = '/usr/local/var' + sysconfdir = '/usr/local/etc' rst_epilog = '\n' rst_epilog += '.. |bindir| replace:: ``%s``\n' % bindir rst_epilog += '.. |sbindir| replace:: ``%s``\n' % sbindir rst_epilog += '.. |libdir| replace:: ``%s``\n' % libdir rst_epilog += '.. |kdcdir| replace:: ``%s/krb5kdc``\n' % localstatedir +rst_epilog += '.. |sysconfdir| replace:: ``%s``\n' % sysconfdir rst_epilog += ''' .. |keytab| replace:: ``/etc/krb5.keytab`` .. |krb5conf| replace:: ``/etc/krb5.conf`` diff --git a/doc/rst_source/mitK5defaults.rst b/doc/rst_source/mitK5defaults.rst index db6e067e0..18c1abb19 100644 --- a/doc/rst_source/mitK5defaults.rst +++ b/doc/rst_source/mitK5defaults.rst @@ -3,100 +3,64 @@ MIT Kerberos defaults ===================== -The list of the site- and OS- dependent configuration ------------------------------------------------------ - - ================================================== ============================================== ===================================== - \ Default Environment - ================================================== ============================================== ===================================== - Keytab file FILE\:/etc/krb5.keytab KRB5_KTNAME - Path to Kerberos configuration file /etc/krb5.conf:SYSCONFDIR/krb5.conf KRB5_CONFIG - KDC configuration file LOCALSTATEDIR/krb5kdc/kdc.conf KRB5_KDC_PROFILE - The location of the default database LOCALSTATEDIR/krb5kdc/principal - Master key stash file location and prefix LOCALSTATEDIR/krb5kdc/.k5. - (e.g., /usr/local/var/krb5kdc/.k5.YOURREALM) - Admin Access Control List (ACL) file LOCALSTATEDIR/krb5kdc/krb5_adm.acl - Admin ACL file used by old admin server LOCALSTATEDIR/krb5kdc/kadm_old.acl - Kerberos database library path MODULEDIR/kdb - Base directory where plugins are located LIBDIR/krb5/plugins - Master key default enctype ENCTYPE_AES256_CTS_HMAC_SHA1_96 - The name of the replay cache used by KDC dfl:krb5kdc_rcache KRB5RCACHETYPE, KRB5RCACHENAME - KDC portname used for /etc/services or equiv. "kerberos" - KDC secondary portname for backward compatibility "kerberos-sec" - KDC default port 88 - KDC default port for authentication 750 - Admin change password port 464 - KDC UDP default portlist "88,750" - ================================================== ============================================== ===================================== - - -MAC OS specific ---------------- - - ============================================================ ================================ - Path to Kerberos config file ~/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:SYSCONFDIR/krb5.conf - Base directory where krb5 plugins are located /System/Library/KerberosPlugins/KerberosFrameworkPlugins - Base directory where Kerberos databadse plugins are located /System/Library/KerberosPlugins/KerberosDatabasePlugins - Base directory where authorization data plugins are located /System/Library/KerberosPlugins/KerberosAuthDataPlugins - ============================================================ ================================ - - -Windows specific +General defaults ---------------- - ======================================= ==================================================== - Kerberos config file name krb5.ini - Keytab file name FILE\:%s\\krb5kt (for example, C:\\WINDOWS\\krb5kt) - ======================================= ==================================================== - - -Defaults for the KADM5 admin system +========================== ============================= ==================== +Description Default Environment +========================== ============================= ==================== +Keytab file ``FILE:``\ |keytab| **KRB5_KTNAME** +Kerberos config file |krb5conf|\ ``:``\ **KRB5_CONFIG** + |sysconfdir|\ ``/krb5.conf`` +KDC config file |kdcdir|\ ``/kdc.conf`` **KRB5_KDC_PROFILE** +KDC database path (DB2) |kdcdir|\ ``/principal`` +Master key stash file |kdcdir|\ ``/.k5.``\ *realm* +Admin server ACL file |kdcdir|\ ``/kadm5.acl`` +Plugin base directory |libdir|\ ``/krb5/plugins`` +Replay cache directory ``/var/tmp`` **KRB5RCACHEDIR** +Master key default enctype |defmkey| +Supported enc/salt types |defkeysalts| +Permitted enctypes |defetypes| +KDC default port 88 +Second KDC default port 750 +Admin server port 749 +Password change port 464 +========================== ============================= ==================== + + +Slave KDC propagation defaults +------------------------------ + +This table shows defaults used by the :ref:`kprop(8)` and +:ref:`kpropd(8)` programs. + +========================== ============================== =========== +Description Default Environment +========================== ============================== =========== +kprop database dump file |kdcdir|\ ``/slave_datatrans`` +kpropd temporary dump file |kdcdir|\ ``/from_master`` +kdb5_util location |sbindir|\ ``/kdb5_util`` +kprop location |sbindir|\ ``/kprop`` +kpropd ACL file |kdcdir|\ ``/kpropd.acl`` +kprop port 754 KPROP_PORT +========================== ============================== =========== + + +Default paths for Unix-like systems ----------------------------------- - ====================================================================== ====================================== ============================== - \ Default Environment - ====================================================================== ====================================== ============================== - Admin keytab file LOCALSTATEDIR/krb5kdc/kadm5.keytab KRB5_KTNAME - Admin ACL file that defines access rights to the Kerberos database LOCALSTATEDIR/krb5kdc/kadm5.acl - Admin server default port 749 - Default supported enctype/salttype matrix aes256-cts-hmac-sha1-96:normal - aes128-cts-hmac-sha1-96:normal - des3-cbc-sha1:normal - arcfour-hmac-md5:normal - Max datagram size 4096 - Directory to store replay caches KRB5RCTMPDIR KRB5RCACHEDIR - Kerberized login program SBINDIR/login.krb5 - Kerberized remote login program BINDIR/rlogin - ====================================================================== ====================================== ============================== - - -krb5 *slave* support --------------------- - - ============================================================ ======================================= =============================== - \ Default Environment - ============================================================ ======================================= =============================== - kprop database dump file LOCALSTATEDIR/krb5kdc/slave_datatrans - kpropd temporary database file LOCALSTATEDIR/krb5kdc/from_master - Location of the utility used to load the principal database SBINDIR/kdb5_util - kpropd default kprop SBINDIR/kprop - kpropd principal database location LOCALSTATEDIR/krb5kdc/principal - kpropd ACL file LOCALSTATEDIR/krb5kdc/kpropd.acl - kprop port 754 KPROP_PORT - ============================================================ ======================================= =============================== - - -Site- and system-wide initialization for the code compiled on Linux or Solaris ------------------------------------------------------------------------------- - - ===================== ============================== ================= - BINDIR /usr/local/bin/ - KRB5RCTMPDIR /var/tmp - LIBDIR /usr/local/lib/ krb5 library directory - LOCALSTATEDIR /usr/local/var/ - MODULEDIR /usr/local/lib/krb5/plugins/ krb5 static plugins directory - SBINDIR /usr/local/sbin/ - SYSCONFDIR /usr/local/etc/ - ===================== ============================== ================= - - +On Unix-like systems, some paths used by MIT krb5 depend on parameters +chosen at build time. For a custom build, these paths default to +subdirectories of ``/usr/local``. When MIT krb5 is integrated into an +operating system, the paths are generally chosen to match the +operating system's filesystem layout. + +======================= =============== =================== =============== +Description Symbolic name Custom build path Typical OS path +======================= =============== =================== =============== +User programs BINDIR ``/usr/local/bin`` ``/usr/bin`` +Libraries and plugins LIBDIR ``/usr/local/lib`` ``/usr/lib`` +Parent of KDC state dir LOCALSTATEDIR ``/usr/local/var`` ``/var`` +Administrative programs SBINDIR ``/usr/local/sbin`` ``/usr/sbin`` +Alternate krb5.conf dir SYSCONFDIR ``/usr/local/etc`` ``/etc`` +======================= =============== =================== =============== diff --git a/src/man/Makefile.in b/src/man/Makefile.in index c9c58850c..b6f38c9b8 100644 --- a/src/man/Makefile.in +++ b/src/man/Makefile.in @@ -5,6 +5,7 @@ SPHINX_BUILD=sphinx-build GROFF=@GROFF@ GROFF_MAN=$(GROFF) -mtty-char -Tascii -mandoc -c localstatedir=@localstatedir@ +sysconfdir=@sysconfdir@ MANSUBS=k5identity.sub k5login.sub k5srvutil.sub kadmin.sub kadmind.sub \ kdb5_ldap_util.sub kdb5_util.sub kdc.conf.sub kdestroy.sub kinit.sub \ @@ -33,7 +34,8 @@ rstman: sed -e 's|@BINDIR@|$(CLIENT_BINDIR)|g' \ -e 's|@SBINDIR@|$(SERVER_BINDIR)|g' \ -e 's|@LIBDIR@|$(KRB5_LIBDIR)|g' \ - -e 's|@LOCALSTATEDIR@|$(localstatedir)|g' $? > $@ + -e 's|@LOCALSTATEDIR@|$(localstatedir)|g' \ + -e 's|@SYSCONFDIR@|$(sysconfdir)|g' $? > $@ all:: $(MANSUBS) -- 2.26.2