diff options
| author | Julien Rische <jrische@redhat.com> | 2022-04-22 14:12:37 +0200 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2022-04-29 17:44:16 -0400 |
| commit | 855c715e90f4f115e77136f42b4570c03d325cae (patch) | |
| tree | 1c67ee2b6e3340a40a08069ec5900b94678bd075 /doc | |
| parent | 649e3372d2505027dafd27b0fe9db573c21c735a (diff) | |
| download | krb5-855c715e90f4f115e77136f42b4570c03d325cae.zip krb5-855c715e90f4f115e77136f42b4570c03d325cae.tar.gz krb5-855c715e90f4f115e77136f42b4570c03d325cae.tar.bz2 | |
Add configure variable for default PKCS#11 module
[ghudson@mit.edu: added documentation of configure variable and doc
substitution; shortened commit message]
ticket: 9058 (new)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/admin/conf_files/krb5_conf.rst | 2 | ||||
| -rw-r--r-- | doc/build/options2configure.rst | 3 | ||||
| -rw-r--r-- | doc/conf.py | 3 | ||||
| -rw-r--r-- | doc/mitK5defaults.rst | 25 |
4 files changed, 20 insertions, 13 deletions
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst index d5d6e06..f22d5db 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -1011,7 +1011,7 @@ information for PKINIT is as follows: All keyword/values are optional. *modname* specifies the location of a library implementing PKCS #11. If a value is encountered with no keyword, it is assumed to be the *modname*. If no - module-name is specified, the default is ``opensc-pkcs11.so``. + module-name is specified, the default is |pkcs11_modname|. ``slotid=`` and/or ``token=`` may be specified to force the use of a particular smard card reader or token if there is more than one available. ``certid=`` and/or ``certlabel=`` may be specified to diff --git a/doc/build/options2configure.rst b/doc/build/options2configure.rst index 9e355dc..e879b18 100644 --- a/doc/build/options2configure.rst +++ b/doc/build/options2configure.rst @@ -137,6 +137,9 @@ Environment variables This option allows one to specify libraries to be passed to the linker (e.g., ``-l<library>``) +**PKCS11_MODNAME=**\ *library* + Override the built-in default PKCS11 library name. + **SS_LIB=**\ *libs*... If ``-lss`` is not the correct way to link in your installed ss library, for example if additional support libraries are needed, diff --git a/doc/conf.py b/doc/conf.py index fa0eb80..9d7f81a 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -242,6 +242,7 @@ if 'mansubs' in tags: ccache = '``@CCNAME@``' keytab = '``@KTNAME@``' ckeytab = '``@CKTNAME@``' + pkcs11_modname = '``@PKCS11MOD@``' elif 'pathsubs' in tags: # Read configured paths from a file produced by the build system. exec(open("paths.py").read()) @@ -255,6 +256,7 @@ else: ccache = ':ref:`DEFCCNAME <paths>`' keytab = ':ref:`DEFKTNAME <paths>`' ckeytab = ':ref:`DEFCKTNAME <paths>`' + pkcs11_modname = ':ref:`PKCS11_MODNAME <paths>`' rst_epilog = '\n' @@ -275,6 +277,7 @@ else: rst_epilog += '.. |ccache| replace:: %s\n' % ccache rst_epilog += '.. |keytab| replace:: %s\n' % keytab rst_epilog += '.. |ckeytab| replace:: %s\n' % ckeytab + rst_epilog += '.. |pkcs11_modname| replace:: %s\n' % pkcs11_modname rst_epilog += ''' .. |krb5conf| replace:: ``/etc/krb5.conf`` .. |defkeysalts| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal`` diff --git a/doc/mitK5defaults.rst b/doc/mitK5defaults.rst index 74e69f4..aea7af3 100644 --- a/doc/mitK5defaults.rst +++ b/doc/mitK5defaults.rst @@ -59,18 +59,19 @@ subdirectories of ``/usr/local``. When MIT krb5 is integrated into an operating system, the paths are generally chosen to match the operating system's filesystem layout. -========================== ============= =========================== =========================== -Description Symbolic name Custom build path Typical OS path -========================== ============= =========================== =========================== -User programs BINDIR ``/usr/local/bin`` ``/usr/bin`` -Libraries and plugins LIBDIR ``/usr/local/lib`` ``/usr/lib`` -Parent of KDC state dir LOCALSTATEDIR ``/usr/local/var`` ``/var`` -Parent of KDC runtime dir RUNSTATEDIR ``/usr/local/var/run`` ``/run`` -Administrative programs SBINDIR ``/usr/local/sbin`` ``/usr/sbin`` -Alternate krb5.conf dir SYSCONFDIR ``/usr/local/etc`` ``/etc`` -Default ccache name DEFCCNAME ``FILE:/tmp/krb5cc_%{uid}`` ``FILE:/tmp/krb5cc_%{uid}`` -Default keytab name DEFKTNAME ``FILE:/etc/krb5.keytab`` ``FILE:/etc/krb5.keytab`` -========================== ============= =========================== =========================== +========================== ============== =========================== =========================== +Description Symbolic name Custom build path Typical OS path +========================== ============== =========================== =========================== +User programs BINDIR ``/usr/local/bin`` ``/usr/bin`` +Libraries and plugins LIBDIR ``/usr/local/lib`` ``/usr/lib`` +Parent of KDC state dir LOCALSTATEDIR ``/usr/local/var`` ``/var`` +Parent of KDC runtime dir RUNSTATEDIR ``/usr/local/var/run`` ``/run`` +Administrative programs SBINDIR ``/usr/local/sbin`` ``/usr/sbin`` +Alternate krb5.conf dir SYSCONFDIR ``/usr/local/etc`` ``/etc`` +Default ccache name DEFCCNAME ``FILE:/tmp/krb5cc_%{uid}`` ``FILE:/tmp/krb5cc_%{uid}`` +Default keytab name DEFKTNAME ``FILE:/etc/krb5.keytab`` ``FILE:/etc/krb5.keytab`` +Default PKCS11 module PKCS11_MODNAME ``opensc-pkcs11.so`` ``opensc-pkcs11.so`` +========================== ============== =========================== =========================== The default client keytab name (DEFCKTNAME) typically defaults to ``FILE:/usr/local/var/krb5/user/%{euid}/client.keytab`` for a custom |