diff options
Diffstat (limited to 'crypto/heimdal/packages/debian/extras/kdc.conf')
-rw-r--r-- | crypto/heimdal/packages/debian/extras/kdc.conf | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/crypto/heimdal/packages/debian/extras/kdc.conf b/crypto/heimdal/packages/debian/extras/kdc.conf new file mode 100644 index 0000000..859133f --- /dev/null +++ b/crypto/heimdal/packages/debian/extras/kdc.conf @@ -0,0 +1,91 @@ +[kdc] +# See allowed values in krb5_openlog(3) man page. +logging = FILE:/var/log/heimdal-kdc.log + +# detach = boolean + +# Gives an upper limit on the size of the requests that the kdc is +# willing to handle. +# max-request = integer + +# Turn off the requirement for pre-autentication in the initial AS- +# REQ for all principals. The use of pre-authentication makes it +# more difficult to do offline password attacks. You might want to +# turn it off if you have clients that don't support pre-authenti- +# cation. Since the version 4 protocol doesn't support any pre- +# authentication, serving version 4 clients is just about the same +# as not requiring pre-athentication. The default is to require +# pre-authentication. Adding the require-preauth per principal is +# a more flexible way of handling this. +# require-preauth = boolean + +# Specifies the set of ports the KDC should listen on. It is given +# as a white-space separated list of services or port numbers. +# ports = 88,750 + +# The list of addresses to listen for requests on. By default, the +# kdc will listen on all the locally configured addresses. If only +# a subset is desired, or the automatic detection fails, this +# option might be used. +# addresses = list of ip addresses + +# respond to Kerberos 4 requests +# enable-kerberos4 = false + +# respond to Kerberos 4 requests from foreign realms. This is a +# known security hole and should not be enabled unless you under- +# stand the consequences and are willing to live with them. +# enable-kerberos4-cross-realm = false + +# respond to 524 requests +# enable-524 = value of enable-kerberos4 + +# Makes the kdc listen on port 80 and handle requests encapsulated +# in HTTP. +# enable-http = boolean + +# What realm this server should act as when dealing with version 4 +# requests. The database can contain any number of realms, but +# since the version 4 protocol doesn't contain a realm for the +# server, it must be explicitly specified. The default is whatever +# is returned by krb_get_lrealm(). This option is only availabe if +# the KDC has been compiled with version 4 support. +# v4-realm = string + +# Enable kaserver emulation (in case it's compiled in). +# enable-kaserver = false + +# Check the addresses in the ticket when processing TGS requests. +# check-ticket-addresses = true + +# Permit tickets with no addresses. This option is only +# relevent when check-ticket-addresses is TRUE. +# allow-null-ticket-addresses = true + +# Permit anonymous tickets with no addresses. +# allow-anonymous = boolean + +# Always verify the transited policy, ignoring the +# disable-transited-check flag if set in the KDC client request. +# transited-policy = {always-check,allow-per-principal,always-honour-request} + +# Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE +# code. The Heimdal clients allow both. +# encode_as_rep_as_tgs_rep = boolean + +# How long before password/principal expiration the KDC should +# start sending out warning messages. +# kdc_warn_pwexpire = time + +# Specifies the set of ports the KDC should listen on. It is given +# as a white-space separated list of services or port numbers. +# kdc_ports = 88,750 + +# [password_quality] +# check_library = LIBRARY +# check_function = FUNCTION +# min_length = value + +# [kadmin] +# default_keys = list of strings +# use_v4_salt = boolean |