Print this page
9842 man page typos and spelling
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man4/warn.conf.4
+++ new/usr/src/man/man4/warn.conf.4
1 1 '\" te
2 2 .\" Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology. For copying and distribution information, please see the file kerberosv5/mit-sipb-copyright.h.
3 3 .\" Portions Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved
4 4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
5 5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
6 6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
|
↓ open down ↓ |
6 lines elided |
↑ open up ↑ |
7 7 .TH WARN.CONF 4 "Mar 30, 2005"
8 8 .SH NAME
9 9 warn.conf \- Kerberos warning configuration file
10 10 .SH SYNOPSIS
11 11 .LP
12 12 .nf
13 13 /etc/krb5/warn.conf
14 14 .fi
15 15
16 16 .SH DESCRIPTION
17 -.sp
18 17 .LP
19 18 The \fBwarn.conf\fR file contains configuration information specifying how
20 19 users will be warned by the \fBktkt_warnd\fR daemon about ticket expiration. In
21 20 addition, this file can be used to auto-renew the user's Ticket-Granting Ticket
22 21 (TGT) instead of warning the user. Credential expiration warnings and
23 22 auto-renew results are sent, by means of syslog, to \fBauth.notice\fR.
24 23 .sp
25 24 .LP
26 25 Each Kerberos client host must have a \fBwarn.conf\fR file in order for users
27 26 on that host to get Kerberos warnings from the client. Entries in the
28 27 \fBwarn.conf\fR file must have the following format:
29 28 .sp
30 29 .in +2
31 30 .nf
32 31 \fIprincipal\fR [renew[:\fIopt1\fR,...\fIoptN\fR]] syslog|terminal \fItime\fR
33 32 .fi
34 33 .in -2
35 34
36 35 .sp
37 36 .LP
38 37 or:
39 38 .sp
40 39 .in +2
41 40 .nf
42 41 \fIprincipal\fR [renew[:\fIopt1\fR,...\fIoptN\fR]] mail \fItime\fR [\fIemail address\fR]
43 42 .fi
44 43 .in -2
45 44
46 45 .sp
47 46 .ne 2
48 47 .na
49 48 \fB\fIprincipal\fR\fR
50 49 .ad
51 50 .RS 17n
52 51 Specifies the principal name to be warned. The asterisk (\fB*\fR) wildcard can
53 52 be used to specify groups of principals.
54 53 .RE
55 54
56 55 .sp
57 56 .ne 2
58 57 .na
59 58 \fB\fBrenew\fR\fR
60 59 .ad
61 60 .RS 17n
62 61 Automatically renew the credentials (TGT) until renewable lifetime expires.
63 62 This is equivalent to the user running \fBkinit\fR \fB-R\fR.
64 63 .sp
65 64 The renew options include:
66 65 .sp
67 66 .ne 2
68 67 .na
69 68 \fB\fBlog-success\fR\fR
70 69 .ad
71 70 .RS 15n
72 71 Log the result of the renew attempt on success using the specified method
73 72 (\fBsyslog\fR|\fBterminal\fR|\fBmail\fR).
74 73 .RE
75 74
76 75 .sp
77 76 .ne 2
78 77 .na
79 78 \fB\fBlog-failure\fR\fR
80 79 .ad
81 80 .RS 15n
82 81 Log the result of the renew attempt on failure using the specified method
83 82 (\fBsyslog\fR|\fBterminal\fR|\fBmail\fR). Some renew failure conditions are:
|
↓ open down ↓ |
56 lines elided |
↑ open up ↑ |
84 83 TGT renewable lifetime has expired, the KDCs are unavailable, or the cred cache
85 84 file has been removed.
86 85 .RE
87 86
88 87 .sp
89 88 .ne 2
90 89 .na
91 90 \fB\fBlog\fR\fR
92 91 .ad
93 92 .RS 15n
94 -Same as specifing both \fBlog-success\fR and \fBlog-failure\fR.
93 +Same as specifying both \fBlog-success\fR and \fBlog-failure\fR.
95 94 .RE
96 95
97 96 .LP
98 97 Note -
99 98 .sp
100 99 .RS 2
101 100 If no log options are given, no logging is done.
102 101 .RE
103 102 .RE
104 103
105 104 .sp
106 105 .ne 2
107 106 .na
108 107 \fB\fBsyslog\fR\fR
109 108 .ad
110 109 .RS 17n
111 110 Sends the warnings to the system's syslog. Depending on the
112 111 \fB/etc/syslog.conf\fR file, syslog entries are written to the
113 112 \fB/var/adm/messages\fR file and/or displayed on the terminal.
114 113 .RE
115 114
116 115 .sp
117 116 .ne 2
118 117 .na
119 118 \fB\fBterminal\fR\fR
120 119 .ad
121 120 .RS 17n
122 121 Sends the warnings to display on the terminal.
123 122 .RE
124 123
125 124 .sp
126 125 .ne 2
127 126 .na
128 127 \fB\fBmail\fR\fR
129 128 .ad
130 129 .RS 17n
131 130 Sends the warnings as email to the address specified by \fIemail_address\fR.
132 131 .RE
133 132
134 133 .sp
135 134 .ne 2
136 135 .na
137 136 \fB\fItime\fR\fR
138 137 .ad
139 138 .RS 17n
140 139 Specifies how much time before the \fBTGT\fR expires when a warning should be
141 140 sent. The default time value is seconds, but you can specify \fBh\fR (hours)
142 141 and \fBm\fR (minutes) after the number to specify other time values.
143 142 .RE
144 143
145 144 .sp
146 145 .ne 2
147 146 .na
148 147 \fB\fIemail_address\fR\fR
149 148 .ad
150 149 .RS 17n
151 150 Specifies the email address at which to send the warnings. This field must be
152 151 specified only with the \fBmail\fR field.
153 152 .RE
154 153
155 154 .SH EXAMPLES
156 155 .LP
157 156 \fBExample 1 \fRSpecifying Warnings
158 157 .sp
159 158 .LP
160 159 The following \fBwarn.conf\fR entry
161 160
162 161 .sp
163 162 .in +2
164 163 .nf
165 164 \fB* syslog 5m\fR
166 165 .fi
167 166 .in -2
168 167 .sp
169 168
170 169 .sp
171 170 .LP
172 171 specifies that warnings will be sent to the syslog five minutes before the
173 172 expiration of the \fBTGT\fR for all principals. The form of the message is:
174 173
175 174 .sp
176 175 .in +2
177 176 .nf
178 177 jdb@ACME.COM: your kerberos credentials expire in 5 minutes
179 178 .fi
180 179 .in -2
181 180 .sp
182 181
183 182 .LP
184 183 \fBExample 2 \fRSpecifying Renewal
185 184 .sp
186 185 .LP
187 186 The following \fBwarn.conf\fR entry:
188 187
189 188 .sp
190 189 .in +2
191 190 .nf
192 191 * renew:log terminal 30m
193 192 .fi
194 193 .in -2
195 194
196 195 .sp
197 196 .LP
198 197 \&...specifies that renew results will be sent to the user's terminal 30
199 198 minutes before the expiration of the TGT for all principals. The form of the
|
↓ open down ↓ |
95 lines elided |
↑ open up ↑ |
200 199 message (on renew success) is:
201 200
202 201 .sp
203 202 .in +2
204 203 .nf
205 204 myname@ACME.COM: your kerberos credentials have been renewed
206 205 .fi
207 206 .in -2
208 207
209 208 .SH FILES
210 -.sp
211 209 .ne 2
212 210 .na
213 211 \fB\fB/usr/lib/krb5/ktkt_warnd\fR\fR
214 212 .ad
215 213 .RS 28n
216 214 Kerberos warning daemon
217 215 .RE
218 216
219 217 .SH ATTRIBUTES
220 -.sp
221 218 .LP
222 219 See \fBattributes\fR(5) for descriptions of the following attributes:
223 220 .sp
224 221
225 222 .sp
226 223 .TS
227 224 box;
228 225 c | c
229 226 l | l .
230 227 ATTRIBUTE TYPE ATTRIBUTE VALUE
231 228 _
232 229 Interface Stability Evolving
233 230 .TE
234 231
235 232 .SH SEE ALSO
236 -.sp
237 233 .LP
238 234 \fBkinit\fR(1), \fBkdestroy\fR(1), \fBktkt_warnd\fR(1M), \fBsyslog.conf\fR(4),
239 235 \fButmpx\fR(4), \fBattributes\fR(5), \fBkerberos\fR(5), \fBpam_krb5\fR(5)
240 236 .SH NOTES
241 -.sp
242 237 .LP
243 238 The auto-renew of the TGT is attempted only if the user is logged-in, as
244 239 determined by examining \fButmpx\fR(4).
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX