Print this page
12743 man page spelling mistakes

*** 1,21 **** '\" te .\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] ! .TH KRB5.CONF 4 "Nov 26, 2017" .SH NAME krb5.conf \- Kerberos configuration file .SH SYNOPSIS - .LP .nf /etc/krb5/krb5.conf .fi .SH DESCRIPTION - .LP The \fBkrb5.conf\fR file contains Kerberos configuration information, including the locations of \fBKDC\fRs and administration daemons for the Kerberos realms of interest, defaults for the current realm and for Kerberos applications, and mappings of host names onto Kerberos realms. This file must reside on all Kerberos clients. --- 1,19 ---- '\" te .\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] ! .TH KRB5.CONF 4 "May 16, 2020" .SH NAME krb5.conf \- Kerberos configuration file .SH SYNOPSIS .nf /etc/krb5/krb5.conf .fi .SH DESCRIPTION The \fBkrb5.conf\fR file contains Kerberos configuration information, including the locations of \fBKDC\fRs and administration daemons for the Kerberos realms of interest, defaults for the current realm and for Kerberos applications, and mappings of host names onto Kerberos realms. This file must reside on all Kerberos clients.
*** 139,149 **** For a Key Distribution Center (\fBKDC\fR), can contain the location of the \fBkdc.conf\fR file. .RE .SS "The \fB[libdefaults]\fR Section" - .LP The \fB[libdefaults]\fR section can contain any of the following relations: .sp .ne 2 .na \fB\fBdatabase_module\fR\fR --- 137,146 ----
*** 344,354 **** .sp .6 .RS 4n Indicates whether DNS SRV records need to be used to locate the KDCs and the other servers for a realm, if they have not already been listed in the \fB[realms]\fR section. This option makes the machine vulnerable to a certain ! type of DoS attack if somone spoofs the DNS records and does a redirect to another server. This is, however, no worse than a DoS, since the bogus KDC is unable to decode anything sent (excepting the initial ticket request, which has no encrypted data). Also, anything the fake KDC sends out isl not trusted without verification (the local machine is unaware of the secret key to be used). If \fBdns_lookup_kdc\fR is not specified but \fBdns_fallback\fR is, then --- 341,351 ---- .sp .6 .RS 4n Indicates whether DNS SRV records need to be used to locate the KDCs and the other servers for a realm, if they have not already been listed in the \fB[realms]\fR section. This option makes the machine vulnerable to a certain ! type of DoS attack if someone spoofs the DNS records and does a redirect to another server. This is, however, no worse than a DoS, since the bogus KDC is unable to decode anything sent (excepting the initial ticket request, which has no encrypted data). Also, anything the fake KDC sends out isl not trusted without verification (the local machine is unaware of the secret key to be used). If \fBdns_lookup_kdc\fR is not specified but \fBdns_fallback\fR is, then
*** 405,415 **** to set it on a per-realm basis, or it can be in the \fB[libdefaults]\fR section to make it a network-wide setting for all realms. .RE .SS "The \fB[appdefaults]\fR Section" - .LP This section contains subsections for Kerberos V5 applications, where \fIrelation-subsection\fR is the name of an application. Each subsection contains relations that define the default behaviors for that application. .sp .LP --- 402,411 ----
*** 587,597 **** .sp .LP The application defaults specified here are overridden by those specified in the \fB[realms]\fR section. .SS "The \fB[realms]\fR Section" - .LP This section contains subsections for Kerberos realms, where \fIrelation-subsection\fR is the name of a realm. Each subsection contains relations that define the properties for that particular realm. The following relations can be specified in each \fB[realms]\fR subsection: .sp --- 583,592 ----
*** 867,877 **** Notice that \fBkpasswd_server\fR and \fBkpasswd_protocol\fR are realm-specific parameters. Most often, you need to specify them only when using a non-Solaris-based Kerberos server. Otherwise, the change request is sent over \fBRPCSEC_GSS\fR to the Solaris Kerberos administration server. .SS "The \fB[domain_realm]\fR Section" - .LP This section provides a translation from a domain name or hostname to a Kerberos realm name. The \fIrelation\fR can be a host name, or a domain name, where domain names are indicated by a period (`\fB\&.\fR') prefix. \fIrelation-value\fR is the Kerberos realm name for that particular host or domain. Host names and domain names should be in lower case. --- 862,871 ----
*** 900,910 **** \fBATHENA.MIT.EDU\fR realm, and all hosts in the \fBfubar.org\fR domain maps by default into the \fBFUBAR.ORG\fR realm. The entries for the hosts \fBmit.edu\fR and \fBfubar.org\fR. Without these entries, these hosts would be mapped into the Kerberos realms \fBEDU\fR and \fBORG\fR, respectively. .SS "The \fB[logging]\fR Section" - .LP This section indicates how Kerberos programs are to perform logging. There are two types of relations for this section: relations to specify how to log and a relation to specify how to rotate \fBkdc\fR log files. .sp .LP --- 894,903 ----
*** 1109,1119 **** .fi .in -2 .sp .SS "The \fB[capaths]\fR Section" - .LP In order to perform direct (non-hierarchical) cross-realm authentication, a database is needed to construct the authentication paths between the realms. This section defines that database. .sp .LP --- 1102,1111 ----
*** 1213,1223 **** .LP In the above examples, the ordering is not important, except when the same relation is used more than once. The client uses this to determine the path. (It is not important to the server, since the transited field is not sorted.) .SS "PKINIT-specific Options" - .LP The following are \fBpkinit-specific\fR options. These values can be specified in \fB[libdefaults]\fR as global defaults, or within a realm-specific subsection of \fB[libdefaults]\fR, or can be specified as realm-specific values in the \fB[realms]\fR section. A realm-specific value overrides, does not add to, a generic \fB[libdefaults]\fR specification. --- 1205,1214 ----
*** 1644,1654 **** example, \fBENV:X509_PROXY\fR, where environment variable \fBX509_PROXY\fR has been set to \fBFILE:/tmp/my_proxy.pem\fR. .RE .SS "The \fB[dbmodules]\fR Section" - .LP This section consists of relations that provide configuration information for plug-in modules. In particular, the relations describe the configuration for LDAP KDB plug-in. Use of the \fBdb2\fR KDB plug-in is the default behavior and that this section does not need to be filled out in that case. .sp --- 1635,1644 ----
*** 1759,1769 **** .RS 4n Port number for SSL connection with directory server. The default is \fB389\fR. .RE .SH EXAMPLES - .LP \fBExample 1 \fRSample File .sp .LP The following is an example of a generic \fBkrb5.conf\fR file: --- 1749,1758 ----
*** 1838,1848 **** .RS 4n \fBKDC\fR logging file .RE .SH ATTRIBUTES - .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp .sp .TS --- 1827,1836 ----
*** 1857,1872 **** .sp .LP All of the keywords are Committed, except for the \fBPKINIT\fR keywords, which are Volatile. .SH SEE ALSO - .LP \fBkinit\fR(1), \fBrcp\fR(1), \fBrdist\fR(1), \fBrlogin\fR(1), \fBrsh\fR(1), \fBtelnet\fR(1), \fBsyslog\fR(3C), \fBattributes\fR(5), \fBkerberos\fR(5), \fBregex\fR(5) .SH NOTES - .LP If the \fBkrb5.conf\fR file is not formatted properly, the \fBtelnet\fR command fails. However, the \fBdtlogin\fR and \fBlogin\fR commands still succeed, even if the \fBkrb5.conf\fR file is specified as required for the commands. If this occurs, the following error message is displayed: .sp --- 1845,1858 ----