diff options
| author | Greg Hudson <ghudson@mit.edu> | 2019-05-17 13:45:08 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2019-05-31 13:43:29 -0400 |
| commit | 0e68760cb8dce4ea25fd73d6eab95bce103b6443 (patch) | |
| tree | 689361f0f2e4c553f7b6f3f2b163b24e9fa73495 /src/man | |
| parent | e8a35f6962ce2d048616fb7457bff2d90398ca48 (diff) | |
| download | krb5-0e68760cb8dce4ea25fd73d6eab95bce103b6443.zip krb5-0e68760cb8dce4ea25fd73d6eab95bce103b6443.tar.gz krb5-0e68760cb8dce4ea25fd73d6eab95bce103b6443.tar.bz2 | |
Add KRB5RCACHENAME and default_rcache_name
In krb5_get_server_rcache(), stop constructing a residual value based
on piece and the euid, and instead resolve default replay cache
(previously an unused operation, as krb5_rc_default() was not part of
the API and was never used).
To determine the default replay cache name, try the KRB5RCACHENAME
environment variable first, and then try KRB5RCACHETYPE for
compatibility. If neither of those environment variables are set, try
the default_rcache_name profile relation in [libdefaults] before
falling back to "dfl:".
ticket: 8786
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/kerberos.man | 21 | ||||
| -rw-r--r-- | src/man/krb5.conf.man | 5 |
2 files changed, 20 insertions, 6 deletions
diff --git a/src/man/kerberos.man b/src/man/kerberos.man index 026f460..a109538 100644 --- a/src/man/kerberos.man +++ b/src/man/kerberos.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KERBEROS" "7" " " "1.17" "MIT Kerberos" +.TH "KERBEROS" "7" " " "1.18" "MIT Kerberos" .SH NAME kerberos \- Overview of using Kerberos . @@ -141,13 +141,22 @@ contains additional configuration directives for the Key Distribution Center daemon and associated programs. The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kdc.conf\fP\&. .TP +\fBKRB5RCACHENAME\fP +(New in release 1.18) Specifies the location of the default replay +cache, in the form \fItype\fP:\fIresidual\fP\&. The \fBfile2\fP type with a +pathname residual specifies a replay cache file in the version\-2 +format in the specified location. The \fBnone\fP type (residual is +ignored) disables the replay cache. The \fBdfl\fP type (residual is +ignored) indicates the default, which uses a file2 replay cache in +a temporary directory. The default is \fBdfl:\fP\&. +.TP \fBKRB5RCACHETYPE\fP -Specifies the default type of replay cache to use for servers. -Valid types include \fBdfl\fP for the normal file type and \fBnone\fP -for no replay cache. The default is \fBdfl\fP\&. +Specifies the type of the default replay cache, if +\fBKRB5RCACHENAME\fP is unspecified. No residual can be specified, +so \fBnone\fP and \fBdfl\fP are the only useful types. .TP \fBKRB5RCACHEDIR\fP -Specifies the default directory for replay caches used by servers. +Specifies the directory used by the \fBdfl\fP replay cache type. The default is the value of the \fBTMPDIR\fP environment variable, or \fB/var/tmp\fP if \fBTMPDIR\fP is not set. .TP @@ -197,6 +206,6 @@ Institute of Technology .SH AUTHOR MIT .SH COPYRIGHT -1985-2018, MIT +1985-2019, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man index d6ff91c..e0bee9c 100644 --- a/src/man/krb5.conf.man +++ b/src/man/krb5.conf.man @@ -242,6 +242,11 @@ This relation specifies the default keytab name to be used by application servers such as sshd. The default is \fB@KTNAME@\fP\&. This relation is subject to parameter expansion (see below). .TP +\fBdefault_rcache_name\fP +This relation specifies the name of the default replay cache. +The default is \fBdfl:\fP\&. This relation is subject to parameter +expansion (see below). New in release 1.18. +.TP \fBdefault_realm\fP Identifies the default Kerberos realm for the client. Set its value to your Kerberos realm. If this value is not set, then a |