Print this page
9842 man page typos and spelling
   1 '\" te
   2 .\" Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology.  For copying and distribution information,  please see the file kerberosv5/mit-sipb-copyright.h.
   3 .\" Portions Copyright (c) 2004, Sun Microsystems, Inc.  All Rights Reserved
   4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   7 .TH WARN.CONF 4 "Mar 30, 2005"
   8 .SH NAME
   9 warn.conf \- Kerberos warning configuration file
  10 .SH SYNOPSIS
  11 .LP
  12 .nf
  13 /etc/krb5/warn.conf
  14 .fi
  15 
  16 .SH DESCRIPTION
  17 .sp
  18 .LP
  19 The \fBwarn.conf\fR file contains configuration information specifying how
  20 users will be warned by the \fBktkt_warnd\fR daemon about ticket expiration. In
  21 addition, this file can be used to auto-renew the user's Ticket-Granting Ticket
  22 (TGT) instead of warning the user. Credential expiration warnings and
  23 auto-renew results are sent, by means of syslog, to \fBauth.notice\fR.
  24 .sp
  25 .LP
  26 Each Kerberos client host must have a \fBwarn.conf\fR file in order for users
  27 on that host to get Kerberos warnings from the client. Entries in the
  28 \fBwarn.conf\fR file must have the following format:
  29 .sp
  30 .in +2
  31 .nf
  32 \fIprincipal\fR [renew[:\fIopt1\fR,...\fIoptN\fR]] syslog|terminal \fItime\fR
  33 .fi
  34 .in -2
  35 
  36 .sp
  37 .LP


  74 .RE
  75 
  76 .sp
  77 .ne 2
  78 .na
  79 \fB\fBlog-failure\fR\fR
  80 .ad
  81 .RS 15n
  82 Log the result of the renew attempt on failure using the specified method
  83 (\fBsyslog\fR|\fBterminal\fR|\fBmail\fR). Some renew failure conditions are:
  84 TGT renewable lifetime has expired, the KDCs are unavailable, or the cred cache
  85 file has been removed.
  86 .RE
  87 
  88 .sp
  89 .ne 2
  90 .na
  91 \fB\fBlog\fR\fR
  92 .ad
  93 .RS 15n
  94 Same as specifing both \fBlog-success\fR and \fBlog-failure\fR.
  95 .RE
  96 
  97 .LP
  98 Note -
  99 .sp
 100 .RS 2
 101 If no log options are given, no logging is done.
 102 .RE
 103 .RE
 104 
 105 .sp
 106 .ne 2
 107 .na
 108 \fB\fBsyslog\fR\fR
 109 .ad
 110 .RS 17n
 111 Sends the warnings to the system's syslog. Depending on the
 112 \fB/etc/syslog.conf\fR file, syslog entries are written to the
 113 \fB/var/adm/messages\fR file and/or displayed on the terminal.
 114 .RE


 190 .in +2
 191 .nf
 192 * renew:log terminal 30m
 193 .fi
 194 .in -2
 195 
 196 .sp
 197 .LP
 198 \&...specifies that renew results will be sent to the user's terminal 30
 199 minutes before the expiration of the TGT for all principals. The form of the
 200 message (on renew success) is:
 201 
 202 .sp
 203 .in +2
 204 .nf
 205 myname@ACME.COM: your kerberos credentials have been renewed
 206 .fi
 207 .in -2
 208 
 209 .SH FILES
 210 .sp
 211 .ne 2
 212 .na
 213 \fB\fB/usr/lib/krb5/ktkt_warnd\fR\fR
 214 .ad
 215 .RS 28n
 216 Kerberos warning daemon
 217 .RE
 218 
 219 .SH ATTRIBUTES
 220 .sp
 221 .LP
 222 See \fBattributes\fR(5) for descriptions of the following attributes:
 223 .sp
 224 
 225 .sp
 226 .TS
 227 box;
 228 c | c
 229 l | l .
 230 ATTRIBUTE TYPE  ATTRIBUTE VALUE
 231 _
 232 Interface Stability     Evolving
 233 .TE
 234 
 235 .SH SEE ALSO
 236 .sp
 237 .LP
 238 \fBkinit\fR(1), \fBkdestroy\fR(1), \fBktkt_warnd\fR(1M), \fBsyslog.conf\fR(4),
 239 \fButmpx\fR(4), \fBattributes\fR(5), \fBkerberos\fR(5), \fBpam_krb5\fR(5)
 240 .SH NOTES
 241 .sp
 242 .LP
 243 The auto-renew of the TGT is attempted only if the user is logged-in, as
 244 determined by examining \fButmpx\fR(4).
   1 '\" te
   2 .\" Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology.  For copying and distribution information,  please see the file kerberosv5/mit-sipb-copyright.h.
   3 .\" Portions Copyright (c) 2004, Sun Microsystems, Inc.  All Rights Reserved
   4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   7 .TH WARN.CONF 4 "Mar 30, 2005"
   8 .SH NAME
   9 warn.conf \- Kerberos warning configuration file
  10 .SH SYNOPSIS
  11 .LP
  12 .nf
  13 /etc/krb5/warn.conf
  14 .fi
  15 
  16 .SH DESCRIPTION

  17 .LP
  18 The \fBwarn.conf\fR file contains configuration information specifying how
  19 users will be warned by the \fBktkt_warnd\fR daemon about ticket expiration. In
  20 addition, this file can be used to auto-renew the user's Ticket-Granting Ticket
  21 (TGT) instead of warning the user. Credential expiration warnings and
  22 auto-renew results are sent, by means of syslog, to \fBauth.notice\fR.
  23 .sp
  24 .LP
  25 Each Kerberos client host must have a \fBwarn.conf\fR file in order for users
  26 on that host to get Kerberos warnings from the client. Entries in the
  27 \fBwarn.conf\fR file must have the following format:
  28 .sp
  29 .in +2
  30 .nf
  31 \fIprincipal\fR [renew[:\fIopt1\fR,...\fIoptN\fR]] syslog|terminal \fItime\fR
  32 .fi
  33 .in -2
  34 
  35 .sp
  36 .LP


  73 .RE
  74 
  75 .sp
  76 .ne 2
  77 .na
  78 \fB\fBlog-failure\fR\fR
  79 .ad
  80 .RS 15n
  81 Log the result of the renew attempt on failure using the specified method
  82 (\fBsyslog\fR|\fBterminal\fR|\fBmail\fR). Some renew failure conditions are:
  83 TGT renewable lifetime has expired, the KDCs are unavailable, or the cred cache
  84 file has been removed.
  85 .RE
  86 
  87 .sp
  88 .ne 2
  89 .na
  90 \fB\fBlog\fR\fR
  91 .ad
  92 .RS 15n
  93 Same as specifying both \fBlog-success\fR and \fBlog-failure\fR.
  94 .RE
  95 
  96 .LP
  97 Note -
  98 .sp
  99 .RS 2
 100 If no log options are given, no logging is done.
 101 .RE
 102 .RE
 103 
 104 .sp
 105 .ne 2
 106 .na
 107 \fB\fBsyslog\fR\fR
 108 .ad
 109 .RS 17n
 110 Sends the warnings to the system's syslog. Depending on the
 111 \fB/etc/syslog.conf\fR file, syslog entries are written to the
 112 \fB/var/adm/messages\fR file and/or displayed on the terminal.
 113 .RE


 189 .in +2
 190 .nf
 191 * renew:log terminal 30m
 192 .fi
 193 .in -2
 194 
 195 .sp
 196 .LP
 197 \&...specifies that renew results will be sent to the user's terminal 30
 198 minutes before the expiration of the TGT for all principals. The form of the
 199 message (on renew success) is:
 200 
 201 .sp
 202 .in +2
 203 .nf
 204 myname@ACME.COM: your kerberos credentials have been renewed
 205 .fi
 206 .in -2
 207 
 208 .SH FILES

 209 .ne 2
 210 .na
 211 \fB\fB/usr/lib/krb5/ktkt_warnd\fR\fR
 212 .ad
 213 .RS 28n
 214 Kerberos warning daemon
 215 .RE
 216 
 217 .SH ATTRIBUTES

 218 .LP
 219 See \fBattributes\fR(5) for descriptions of the following attributes:
 220 .sp
 221 
 222 .sp
 223 .TS
 224 box;
 225 c | c
 226 l | l .
 227 ATTRIBUTE TYPE  ATTRIBUTE VALUE
 228 _
 229 Interface Stability     Evolving
 230 .TE
 231 
 232 .SH SEE ALSO

 233 .LP
 234 \fBkinit\fR(1), \fBkdestroy\fR(1), \fBktkt_warnd\fR(1M), \fBsyslog.conf\fR(4),
 235 \fButmpx\fR(4), \fBattributes\fR(5), \fBkerberos\fR(5), \fBpam_krb5\fR(5)
 236 .SH NOTES

 237 .LP
 238 The auto-renew of the TGT is attempted only if the user is logged-in, as
 239 determined by examining \fButmpx\fR(4).