"Fossies" - the Fresh Open Source Software Archive

Member "krb5-1.18/doc/html/mitK5defaults.html" (12 Feb 2020, 20111 Bytes) of package /linux/misc/krb5-1.18.tar.gz:


The requested HTML page contains a <FORM> tag that is unusable on "Fossies" in "automatic" (rendered) mode so that page is shown as HTML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 
    2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    3   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    4 
    5 <html xmlns="http://www.w3.org/1999/xhtml">
    6   <head>
    7     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    8     <title>MIT Kerberos defaults &#8212; MIT Kerberos Documentation</title>
    9     <link rel="stylesheet" href="_static/agogo.css" type="text/css" />
   10     <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
   11     <link rel="stylesheet" href="_static/kerb.css" type="text/css" />
   12     <script type="text/javascript">
   13       var DOCUMENTATION_OPTIONS = {
   14         URL_ROOT:    './',
   15         VERSION:     '1.18',
   16         COLLAPSE_INDEX: false,
   17         FILE_SUFFIX: '.html',
   18         HAS_SOURCE:  true,
   19         SOURCELINK_SUFFIX: '.txt'
   20       };
   21     </script>
   22     <script type="text/javascript" src="_static/jquery.js"></script>
   23     <script type="text/javascript" src="_static/underscore.js"></script>
   24     <script type="text/javascript" src="_static/doctools.js"></script>
   25     <link rel="author" title="About these documents" href="about.html" />
   26     <link rel="index" title="Index" href="genindex.html" />
   27     <link rel="search" title="Search" href="search.html" />
   28     <link rel="copyright" title="Copyright" href="copyright.html" />
   29     <link rel="next" title="Environment variables" href="admin/env_variables.html" />
   30     <link rel="prev" title="sserver" href="admin/admin_commands/sserver.html" /> 
   31   </head>
   32   <body>
   33     <div class="header-wrapper">
   34         <div class="header">
   35             
   36             
   37             <h1><a href="index.html">MIT Kerberos Documentation</a></h1>
   38             
   39             <div class="rel">
   40                 
   41         <a href="index.html" title="Full Table of Contents"
   42             accesskey="C">Contents</a> |
   43         <a href="admin/admin_commands/sserver.html" title="sserver"
   44             accesskey="P">previous</a> |
   45         <a href="admin/env_variables.html" title="Environment variables"
   46             accesskey="N">next</a> |
   47         <a href="genindex.html" title="General Index"
   48             accesskey="I">index</a> |
   49         <a href="search.html" title="Enter search criteria"
   50             accesskey="S">Search</a> |
   51     <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__MIT Kerberos defaults">feedback</a>
   52             </div>
   53         </div>
   54     </div>
   55 
   56     <div class="content-wrapper">
   57       <div class="content">
   58         <div class="document">
   59             
   60       <div class="documentwrapper">
   61         <div class="bodywrapper">
   62           <div class="body" role="main">
   63             
   64   <div class="section" id="mit-kerberos-defaults">
   65 <span id="mitk5defaults"></span><h1>MIT Kerberos defaults<a class="headerlink" href="#mit-kerberos-defaults" title="Permalink to this headline"></a></h1>
   66 <div class="section" id="general-defaults">
   67 <h2>General defaults<a class="headerlink" href="#general-defaults" title="Permalink to this headline"></a></h2>
   68 <table border="1" class="docutils">
   69 <colgroup>
   70 <col width="45%" />
   71 <col width="31%" />
   72 <col width="24%" />
   73 </colgroup>
   74 <thead valign="bottom">
   75 <tr class="row-odd"><th class="head">Description</th>
   76 <th class="head">Default</th>
   77 <th class="head">Environment</th>
   78 </tr>
   79 </thead>
   80 <tbody valign="top">
   81 <tr class="row-even"><td><a class="reference internal" href="basic/keytab_def.html#keytab-definition"><span class="std std-ref">keytab</span></a> file</td>
   82 <td><a class="reference internal" href="#paths"><span class="std std-ref">DEFKTNAME</span></a></td>
   83 <td><strong>KRB5_KTNAME</strong></td>
   84 </tr>
   85 <tr class="row-odd"><td>Client <a class="reference internal" href="basic/keytab_def.html#keytab-definition"><span class="std std-ref">keytab</span></a> file</td>
   86 <td><a class="reference internal" href="#paths"><span class="std std-ref">DEFCKTNAME</span></a></td>
   87 <td><strong>KRB5_CLIENT_KTNAME</strong></td>
   88 </tr>
   89 <tr class="row-even"><td>Kerberos config file <a class="reference internal" href="admin/conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a></td>
   90 <td><code class="docutils literal"><span class="pre">/etc/krb5.conf</span></code><code class="docutils literal"><span class="pre">:</span></code><a class="reference internal" href="#paths"><span class="std std-ref">SYSCONFDIR</span></a><code class="docutils literal"><span class="pre">/krb5.conf</span></code></td>
   91 <td><strong>KRB5_CONFIG</strong></td>
   92 </tr>
   93 <tr class="row-odd"><td>KDC config file <a class="reference internal" href="admin/conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a></td>
   94 <td><a class="reference internal" href="#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/kdc.conf</span></code></td>
   95 <td><strong>KRB5_KDC_PROFILE</strong></td>
   96 </tr>
   97 <tr class="row-even"><td>GSS mechanism config file</td>
   98 <td><a class="reference internal" href="#paths"><span class="std std-ref">SYSCONFDIR</span></a><code class="docutils literal"><span class="pre">/gss/mech</span></code></td>
   99 <td><strong>GSS_MECH_CONFIG</strong></td>
  100 </tr>
  101 <tr class="row-odd"><td>KDC database path (DB2)</td>
  102 <td><a class="reference internal" href="#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/principal</span></code></td>
  103 <td>&#160;</td>
  104 </tr>
  105 <tr class="row-even"><td>Master key <a class="reference internal" href="basic/stash_file_def.html#stash-definition"><span class="std std-ref">stash file</span></a></td>
  106 <td><a class="reference internal" href="#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/.k5.</span></code><em>realm</em></td>
  107 <td>&#160;</td>
  108 </tr>
  109 <tr class="row-odd"><td>Admin server ACL file <a class="reference internal" href="admin/conf_files/kadm5_acl.html#kadm5-acl-5"><span class="std std-ref">kadm5.acl</span></a></td>
  110 <td><a class="reference internal" href="#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/kadm5.acl</span></code></td>
  111 <td>&#160;</td>
  112 </tr>
  113 <tr class="row-even"><td>OTP socket directory</td>
  114 <td><a class="reference internal" href="#paths"><span class="std std-ref">RUNSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code></td>
  115 <td>&#160;</td>
  116 </tr>
  117 <tr class="row-odd"><td>Plugin base directory</td>
  118 <td><a class="reference internal" href="#paths"><span class="std std-ref">LIBDIR</span></a><code class="docutils literal"><span class="pre">/krb5/plugins</span></code></td>
  119 <td>&#160;</td>
  120 </tr>
  121 <tr class="row-even"><td><a class="reference internal" href="basic/rcache_def.html#rcache-definition"><span class="std std-ref">replay cache</span></a> directory</td>
  122 <td><code class="docutils literal"><span class="pre">/var/tmp</span></code></td>
  123 <td><strong>KRB5RCACHEDIR</strong></td>
  124 </tr>
  125 <tr class="row-odd"><td>Master key default enctype</td>
  126 <td><code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span></code></td>
  127 <td>&#160;</td>
  128 </tr>
  129 <tr class="row-even"><td>Default <a class="reference internal" href="admin/conf_files/kdc_conf.html#keysalt-lists"><span class="std std-ref">keysalt list</span></a></td>
  130 <td><code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96:normal</span> <span class="pre">aes128-cts-hmac-sha1-96:normal</span></code></td>
  131 <td>&#160;</td>
  132 </tr>
  133 <tr class="row-odd"><td>Permitted enctypes</td>
  134 <td><code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span> <span class="pre">aes128-cts-hmac-sha1-96</span> <span class="pre">aes256-cts-hmac-sha384-192</span> <span class="pre">aes128-cts-hmac-sha256-128</span> <span class="pre">des3-cbc-sha1</span> <span class="pre">arcfour-hmac-md5</span> <span class="pre">camellia256-cts-cmac</span> <span class="pre">camellia128-cts-cmac</span></code></td>
  135 <td>&#160;</td>
  136 </tr>
  137 <tr class="row-even"><td>KDC default port</td>
  138 <td>88</td>
  139 <td>&#160;</td>
  140 </tr>
  141 <tr class="row-odd"><td>Admin server port</td>
  142 <td>749</td>
  143 <td>&#160;</td>
  144 </tr>
  145 <tr class="row-even"><td>Password change port</td>
  146 <td>464</td>
  147 <td>&#160;</td>
  148 </tr>
  149 </tbody>
  150 </table>
  151 </div>
  152 <div class="section" id="replica-kdc-propagation-defaults">
  153 <h2>Replica KDC propagation defaults<a class="headerlink" href="#replica-kdc-propagation-defaults" title="Permalink to this headline"></a></h2>
  154 <p>This table shows defaults used by the <a class="reference internal" href="admin/admin_commands/kprop.html#kprop-8"><span class="std std-ref">kprop</span></a> and
  155 <a class="reference internal" href="admin/admin_commands/kpropd.html#kpropd-8"><span class="std std-ref">kpropd</span></a> programs.</p>
  156 <table border="1" class="docutils">
  157 <colgroup>
  158 <col width="38%" />
  159 <col width="46%" />
  160 <col width="16%" />
  161 </colgroup>
  162 <thead valign="bottom">
  163 <tr class="row-odd"><th class="head">Description</th>
  164 <th class="head">Default</th>
  165 <th class="head">Environment</th>
  166 </tr>
  167 </thead>
  168 <tbody valign="top">
  169 <tr class="row-even"><td>kprop database dump file</td>
  170 <td><a class="reference internal" href="#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/replica_datatrans</span></code></td>
  171 <td>&#160;</td>
  172 </tr>
  173 <tr class="row-odd"><td>kpropd temporary dump file</td>
  174 <td><a class="reference internal" href="#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/from_master</span></code></td>
  175 <td>&#160;</td>
  176 </tr>
  177 <tr class="row-even"><td>kdb5_util location</td>
  178 <td><a class="reference internal" href="#paths"><span class="std std-ref">SBINDIR</span></a><code class="docutils literal"><span class="pre">/kdb5_util</span></code></td>
  179 <td>&#160;</td>
  180 </tr>
  181 <tr class="row-odd"><td>kprop location</td>
  182 <td><a class="reference internal" href="#paths"><span class="std std-ref">SBINDIR</span></a><code class="docutils literal"><span class="pre">/kprop</span></code></td>
  183 <td>&#160;</td>
  184 </tr>
  185 <tr class="row-even"><td>kpropd ACL file</td>
  186 <td><a class="reference internal" href="#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/kpropd.acl</span></code></td>
  187 <td>&#160;</td>
  188 </tr>
  189 <tr class="row-odd"><td>kprop port</td>
  190 <td>754</td>
  191 <td>KPROP_PORT</td>
  192 </tr>
  193 </tbody>
  194 </table>
  195 </div>
  196 <div class="section" id="default-paths-for-unix-like-systems">
  197 <span id="paths"></span><h2>Default paths for Unix-like systems<a class="headerlink" href="#default-paths-for-unix-like-systems" title="Permalink to this headline"></a></h2>
  198 <p>On Unix-like systems, some paths used by MIT krb5 depend on parameters
  199 chosen at build time.  For a custom build, these paths default to
  200 subdirectories of <code class="docutils literal"><span class="pre">/usr/local</span></code>.  When MIT krb5 is integrated into an
  201 operating system, the paths are generally chosen to match the
  202 operating system’s filesystem layout.</p>
  203 <table border="1" class="docutils">
  204 <colgroup>
  205 <col width="28%" />
  206 <col width="14%" />
  207 <col width="29%" />
  208 <col width="29%" />
  209 </colgroup>
  210 <thead valign="bottom">
  211 <tr class="row-odd"><th class="head">Description</th>
  212 <th class="head">Symbolic name</th>
  213 <th class="head">Custom build path</th>
  214 <th class="head">Typical OS path</th>
  215 </tr>
  216 </thead>
  217 <tbody valign="top">
  218 <tr class="row-even"><td>User programs</td>
  219 <td>BINDIR</td>
  220 <td><code class="docutils literal"><span class="pre">/usr/local/bin</span></code></td>
  221 <td><code class="docutils literal"><span class="pre">/usr/bin</span></code></td>
  222 </tr>
  223 <tr class="row-odd"><td>Libraries and plugins</td>
  224 <td>LIBDIR</td>
  225 <td><code class="docutils literal"><span class="pre">/usr/local/lib</span></code></td>
  226 <td><code class="docutils literal"><span class="pre">/usr/lib</span></code></td>
  227 </tr>
  228 <tr class="row-even"><td>Parent of KDC state dir</td>
  229 <td>LOCALSTATEDIR</td>
  230 <td><code class="docutils literal"><span class="pre">/usr/local/var</span></code></td>
  231 <td><code class="docutils literal"><span class="pre">/var</span></code></td>
  232 </tr>
  233 <tr class="row-odd"><td>Parent of KDC runtime dir</td>
  234 <td>RUNSTATEDIR</td>
  235 <td><code class="docutils literal"><span class="pre">/usr/local/var/run</span></code></td>
  236 <td><code class="docutils literal"><span class="pre">/run</span></code></td>
  237 </tr>
  238 <tr class="row-even"><td>Administrative programs</td>
  239 <td>SBINDIR</td>
  240 <td><code class="docutils literal"><span class="pre">/usr/local/sbin</span></code></td>
  241 <td><code class="docutils literal"><span class="pre">/usr/sbin</span></code></td>
  242 </tr>
  243 <tr class="row-odd"><td>Alternate krb5.conf dir</td>
  244 <td>SYSCONFDIR</td>
  245 <td><code class="docutils literal"><span class="pre">/usr/local/etc</span></code></td>
  246 <td><code class="docutils literal"><span class="pre">/etc</span></code></td>
  247 </tr>
  248 <tr class="row-even"><td>Default ccache name</td>
  249 <td>DEFCCNAME</td>
  250 <td><code class="docutils literal"><span class="pre">FILE:/tmp/krb5cc_%{uid}</span></code></td>
  251 <td><code class="docutils literal"><span class="pre">FILE:/tmp/krb5cc_%{uid}</span></code></td>
  252 </tr>
  253 <tr class="row-odd"><td>Default keytab name</td>
  254 <td>DEFKTNAME</td>
  255 <td><code class="docutils literal"><span class="pre">FILE:/etc/krb5.keytab</span></code></td>
  256 <td><code class="docutils literal"><span class="pre">FILE:/etc/krb5.keytab</span></code></td>
  257 </tr>
  258 </tbody>
  259 </table>
  260 <p>The default client keytab name (DEFCKTNAME) typically defaults to
  261 <code class="docutils literal"><span class="pre">FILE:/usr/local/var/krb5/user/%{euid}/client.keytab</span></code> for a custom
  262 build.  A native build will typically use a path which will vary
  263 according to the operating system’s layout of <code class="docutils literal"><span class="pre">/var</span></code>.</p>
  264 </div>
  265 </div>
  266 
  267 
  268           </div>
  269         </div>
  270       </div>
  271         </div>
  272         <div class="sidebar">
  273     <h2>On this page</h2>
  274     <ul>
  275 <li><a class="reference internal" href="#">MIT Kerberos defaults</a><ul>
  276 <li><a class="reference internal" href="#general-defaults">General defaults</a></li>
  277 <li><a class="reference internal" href="#replica-kdc-propagation-defaults">Replica KDC propagation defaults</a></li>
  278 <li><a class="reference internal" href="#default-paths-for-unix-like-systems">Default paths for Unix-like systems</a></li>
  279 </ul>
  280 </li>
  281 </ul>
  282 
  283     <br/>
  284     <h2>Table of contents</h2>
  285     <ul class="current">
  286 <li class="toctree-l1"><a class="reference internal" href="user/index.html">For users</a></li>
  287 <li class="toctree-l1 current"><a class="reference internal" href="admin/index.html">For administrators</a><ul class="current">
  288 <li class="toctree-l2"><a class="reference internal" href="admin/install.html">Installation guide</a></li>
  289 <li class="toctree-l2"><a class="reference internal" href="admin/conf_files/index.html">Configuration Files</a></li>
  290 <li class="toctree-l2"><a class="reference internal" href="admin/realm_config.html">Realm configuration decisions</a></li>
  291 <li class="toctree-l2"><a class="reference internal" href="admin/database.html">Database administration</a></li>
  292 <li class="toctree-l2"><a class="reference internal" href="admin/dbtypes.html">Database types</a></li>
  293 <li class="toctree-l2"><a class="reference internal" href="admin/lockout.html">Account lockout</a></li>
  294 <li class="toctree-l2"><a class="reference internal" href="admin/conf_ldap.html">Configuring Kerberos with OpenLDAP back-end</a></li>
  295 <li class="toctree-l2"><a class="reference internal" href="admin/appl_servers.html">Application servers</a></li>
  296 <li class="toctree-l2"><a class="reference internal" href="admin/host_config.html">Host configuration</a></li>
  297 <li class="toctree-l2"><a class="reference internal" href="admin/backup_host.html">Backups of secure hosts</a></li>
  298 <li class="toctree-l2"><a class="reference internal" href="admin/pkinit.html">PKINIT configuration</a></li>
  299 <li class="toctree-l2"><a class="reference internal" href="admin/otp.html">OTP Preauthentication</a></li>
  300 <li class="toctree-l2"><a class="reference internal" href="admin/spake.html">SPAKE Preauthentication</a></li>
  301 <li class="toctree-l2"><a class="reference internal" href="admin/dictionary.html">Addressing dictionary attack risks</a></li>
  302 <li class="toctree-l2"><a class="reference internal" href="admin/princ_dns.html">Principal names and DNS</a></li>
  303 <li class="toctree-l2"><a class="reference internal" href="admin/enctypes.html">Encryption types</a></li>
  304 <li class="toctree-l2"><a class="reference internal" href="admin/https.html">HTTPS proxy configuration</a></li>
  305 <li class="toctree-l2"><a class="reference internal" href="admin/auth_indicator.html">Authentication indicators</a></li>
  306 <li class="toctree-l2"><a class="reference internal" href="admin/admin_commands/index.html">Administration  programs</a></li>
  307 <li class="toctree-l2 current"><a class="current reference internal" href="#">MIT Kerberos defaults</a></li>
  308 <li class="toctree-l2"><a class="reference internal" href="admin/env_variables.html">Environment variables</a></li>
  309 <li class="toctree-l2"><a class="reference internal" href="admin/troubleshoot.html">Troubleshooting</a></li>
  310 <li class="toctree-l2"><a class="reference internal" href="admin/advanced/index.html">Advanced topics</a></li>
  311 <li class="toctree-l2"><a class="reference internal" href="admin/various_envs.html">Various links</a></li>
  312 </ul>
  313 </li>
  314 <li class="toctree-l1"><a class="reference internal" href="appdev/index.html">For application developers</a></li>
  315 <li class="toctree-l1"><a class="reference internal" href="plugindev/index.html">For plugin module developers</a></li>
  316 <li class="toctree-l1"><a class="reference internal" href="build/index.html">Building Kerberos V5</a></li>
  317 <li class="toctree-l1"><a class="reference internal" href="basic/index.html">Kerberos V5 concepts</a></li>
  318 <li class="toctree-l1"><a class="reference internal" href="formats/index.html">Protocols and file formats</a></li>
  319 <li class="toctree-l1"><a class="reference internal" href="mitK5features.html">MIT Kerberos features</a></li>
  320 <li class="toctree-l1"><a class="reference internal" href="build_this.html">How to build this documentation from the source</a></li>
  321 <li class="toctree-l1"><a class="reference internal" href="about.html">Contributing to the MIT Kerberos Documentation</a></li>
  322 <li class="toctree-l1"><a class="reference internal" href="resources.html">Resources</a></li>
  323 </ul>
  324 
  325     <br/>
  326     <h4><a href="index.html">Full Table of Contents</a></h4>
  327     <h4>Search</h4>
  328     <form class="search" action="search.html" method="get">
  329       <input type="text" name="q" size="18" />
  330       <input type="submit" value="Go" />
  331       <input type="hidden" name="check_keywords" value="yes" />
  332       <input type="hidden" name="area" value="default" />
  333     </form>
  334         </div>
  335         <div class="clearer"></div>
  336       </div>
  337     </div>
  338 
  339     <div class="footer-wrapper">
  340         <div class="footer" >
  341             <div class="right" ><i>Release: 1.18</i><br />
  342                 &copy; <a href="copyright.html">Copyright</a> 1985-2019, MIT.
  343             </div>
  344             <div class="left">
  345                 
  346         <a href="index.html" title="Full Table of Contents"
  347             >Contents</a> |
  348         <a href="admin/admin_commands/sserver.html" title="sserver"
  349             >previous</a> |
  350         <a href="admin/env_variables.html" title="Environment variables"
  351             >next</a> |
  352         <a href="genindex.html" title="General Index"
  353             >index</a> |
  354         <a href="search.html" title="Enter search criteria"
  355             >Search</a> |
  356     <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__MIT Kerberos defaults">feedback</a>
  357             </div>
  358         </div>
  359     </div>
  360 
  361   </body>
  362 </html>