1 '\" te
2 .\" Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology. For copying and distribution information, please see the file kerberosv5/mit-sipb-copyright.h.
3 .\" Portions Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved
4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 .TH WARN.CONF 4 "Mar 30, 2005"
8 .SH NAME
9 warn.conf \- Kerberos warning configuration file
10 .SH SYNOPSIS
11 .LP
12 .nf
13 /etc/krb5/warn.conf
14 .fi
15
16 .SH DESCRIPTION
17 .sp
18 .LP
19 The \fBwarn.conf\fR file contains configuration information specifying how
20 users will be warned by the \fBktkt_warnd\fR daemon about ticket expiration. In
21 addition, this file can be used to auto-renew the user's Ticket-Granting Ticket
22 (TGT) instead of warning the user. Credential expiration warnings and
23 auto-renew results are sent, by means of syslog, to \fBauth.notice\fR.
24 .sp
25 .LP
26 Each Kerberos client host must have a \fBwarn.conf\fR file in order for users
27 on that host to get Kerberos warnings from the client. Entries in the
28 \fBwarn.conf\fR file must have the following format:
29 .sp
30 .in +2
31 .nf
32 \fIprincipal\fR [renew[:\fIopt1\fR,...\fIoptN\fR]] syslog|terminal \fItime\fR
33 .fi
34 .in -2
35
36 .sp
37 .LP
74 .RE
75
76 .sp
77 .ne 2
78 .na
79 \fB\fBlog-failure\fR\fR
80 .ad
81 .RS 15n
82 Log the result of the renew attempt on failure using the specified method
83 (\fBsyslog\fR|\fBterminal\fR|\fBmail\fR). Some renew failure conditions are:
84 TGT renewable lifetime has expired, the KDCs are unavailable, or the cred cache
85 file has been removed.
86 .RE
87
88 .sp
89 .ne 2
90 .na
91 \fB\fBlog\fR\fR
92 .ad
93 .RS 15n
94 Same as specifing both \fBlog-success\fR and \fBlog-failure\fR.
95 .RE
96
97 .LP
98 Note -
99 .sp
100 .RS 2
101 If no log options are given, no logging is done.
102 .RE
103 .RE
104
105 .sp
106 .ne 2
107 .na
108 \fB\fBsyslog\fR\fR
109 .ad
110 .RS 17n
111 Sends the warnings to the system's syslog. Depending on the
112 \fB/etc/syslog.conf\fR file, syslog entries are written to the
113 \fB/var/adm/messages\fR file and/or displayed on the terminal.
114 .RE
190 .in +2
191 .nf
192 * renew:log terminal 30m
193 .fi
194 .in -2
195
196 .sp
197 .LP
198 \&...specifies that renew results will be sent to the user's terminal 30
199 minutes before the expiration of the TGT for all principals. The form of the
200 message (on renew success) is:
201
202 .sp
203 .in +2
204 .nf
205 myname@ACME.COM: your kerberos credentials have been renewed
206 .fi
207 .in -2
208
209 .SH FILES
210 .sp
211 .ne 2
212 .na
213 \fB\fB/usr/lib/krb5/ktkt_warnd\fR\fR
214 .ad
215 .RS 28n
216 Kerberos warning daemon
217 .RE
218
219 .SH ATTRIBUTES
220 .sp
221 .LP
222 See \fBattributes\fR(5) for descriptions of the following attributes:
223 .sp
224
225 .sp
226 .TS
227 box;
228 c | c
229 l | l .
230 ATTRIBUTE TYPE ATTRIBUTE VALUE
231 _
232 Interface Stability Evolving
233 .TE
234
235 .SH SEE ALSO
236 .sp
237 .LP
238 \fBkinit\fR(1), \fBkdestroy\fR(1), \fBktkt_warnd\fR(1M), \fBsyslog.conf\fR(4),
239 \fButmpx\fR(4), \fBattributes\fR(5), \fBkerberos\fR(5), \fBpam_krb5\fR(5)
240 .SH NOTES
241 .sp
242 .LP
243 The auto-renew of the TGT is attempted only if the user is logged-in, as
244 determined by examining \fButmpx\fR(4).
|
1 '\" te
2 .\" Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology. For copying and distribution information, please see the file kerberosv5/mit-sipb-copyright.h.
3 .\" Portions Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved
4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 .TH WARN.CONF 4 "Mar 30, 2005"
8 .SH NAME
9 warn.conf \- Kerberos warning configuration file
10 .SH SYNOPSIS
11 .LP
12 .nf
13 /etc/krb5/warn.conf
14 .fi
15
16 .SH DESCRIPTION
17 .LP
18 The \fBwarn.conf\fR file contains configuration information specifying how
19 users will be warned by the \fBktkt_warnd\fR daemon about ticket expiration. In
20 addition, this file can be used to auto-renew the user's Ticket-Granting Ticket
21 (TGT) instead of warning the user. Credential expiration warnings and
22 auto-renew results are sent, by means of syslog, to \fBauth.notice\fR.
23 .sp
24 .LP
25 Each Kerberos client host must have a \fBwarn.conf\fR file in order for users
26 on that host to get Kerberos warnings from the client. Entries in the
27 \fBwarn.conf\fR file must have the following format:
28 .sp
29 .in +2
30 .nf
31 \fIprincipal\fR [renew[:\fIopt1\fR,...\fIoptN\fR]] syslog|terminal \fItime\fR
32 .fi
33 .in -2
34
35 .sp
36 .LP
73 .RE
74
75 .sp
76 .ne 2
77 .na
78 \fB\fBlog-failure\fR\fR
79 .ad
80 .RS 15n
81 Log the result of the renew attempt on failure using the specified method
82 (\fBsyslog\fR|\fBterminal\fR|\fBmail\fR). Some renew failure conditions are:
83 TGT renewable lifetime has expired, the KDCs are unavailable, or the cred cache
84 file has been removed.
85 .RE
86
87 .sp
88 .ne 2
89 .na
90 \fB\fBlog\fR\fR
91 .ad
92 .RS 15n
93 Same as specifying both \fBlog-success\fR and \fBlog-failure\fR.
94 .RE
95
96 .LP
97 Note -
98 .sp
99 .RS 2
100 If no log options are given, no logging is done.
101 .RE
102 .RE
103
104 .sp
105 .ne 2
106 .na
107 \fB\fBsyslog\fR\fR
108 .ad
109 .RS 17n
110 Sends the warnings to the system's syslog. Depending on the
111 \fB/etc/syslog.conf\fR file, syslog entries are written to the
112 \fB/var/adm/messages\fR file and/or displayed on the terminal.
113 .RE
189 .in +2
190 .nf
191 * renew:log terminal 30m
192 .fi
193 .in -2
194
195 .sp
196 .LP
197 \&...specifies that renew results will be sent to the user's terminal 30
198 minutes before the expiration of the TGT for all principals. The form of the
199 message (on renew success) is:
200
201 .sp
202 .in +2
203 .nf
204 myname@ACME.COM: your kerberos credentials have been renewed
205 .fi
206 .in -2
207
208 .SH FILES
209 .ne 2
210 .na
211 \fB\fB/usr/lib/krb5/ktkt_warnd\fR\fR
212 .ad
213 .RS 28n
214 Kerberos warning daemon
215 .RE
216
217 .SH ATTRIBUTES
218 .LP
219 See \fBattributes\fR(5) for descriptions of the following attributes:
220 .sp
221
222 .sp
223 .TS
224 box;
225 c | c
226 l | l .
227 ATTRIBUTE TYPE ATTRIBUTE VALUE
228 _
229 Interface Stability Evolving
230 .TE
231
232 .SH SEE ALSO
233 .LP
234 \fBkinit\fR(1), \fBkdestroy\fR(1), \fBktkt_warnd\fR(1M), \fBsyslog.conf\fR(4),
235 \fButmpx\fR(4), \fBattributes\fR(5), \fBkerberos\fR(5), \fBpam_krb5\fR(5)
236 .SH NOTES
237 .LP
238 The auto-renew of the TGT is attempted only if the user is logged-in, as
239 determined by examining \fButmpx\fR(4).
|