Ship a simpler krb5.conf which logs to syslog(3) by default.

Remove useless README -- the info(1) and man(1) pages contains all the
required information.

ok dcoppa@ robert@ beck@

3 files changed, 18 insertions, 71 deletions

diff --git a/etc/Makefile b/etc/Makefile
index c897575bcfa..d2060550b22 100644
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.332 2013/06/01 14:06:20 naddy Exp $
+#	$OpenBSD: Makefile,v 1.333 2013/07/10 05:12:15 ajacoutot Exp $
 
 TZDIR=		/usr/share/zoneinfo
 LOCALTIME=	Canada/Mountain
@@ -167,8 +167,6 @@ distribution-etc-root-var: distrib-dirs
 		${INSTALL} -c -o root -g wheel -m 600 /dev/null \
 		    ${DESTDIR}/etc/skel/.ssh/authorized_keys
 	cd kerberosV; \
-		${INSTALL} -c -o root -g wheel -m 644 README \
-		    ${DESTDIR}/etc/kerberosV; \
 		${INSTALL} -c -o root -g wheel -m 644 krb5.conf.example \
 		    ${DESTDIR}/etc/kerberosV
 	cd amd; \
diff --git a/etc/kerberosV/README b/etc/kerberosV/README
deleted file mode 100644
index f944d7555dd..00000000000
--- a/etc/kerberosV/README
+++ /dev/null
@@ -1,19 +0,0 @@
-#	$OpenBSD: README,v 1.3 2003/08/01 08:42:37 hin Exp $
-
-Notes about the KerberosV support in OpenBSD:
-
-- Please check the heimdal info page (type "info heimdal") to get more
-  information. A number of manpages also exists, although the info-page
-  is currently the best installation instruction.
-
-- There are some very informational RFCs in the source directory.
-
-- Before you use KerberosV you should setup an /etc/kerberosV/krb5.conf
-  according to the instructions in the heimdal infopage.
-
-- The directory /var/heimdal contains logs, the database and acl files,
-  and must be created before the kdc, kadmind or kpasswdd can be used.
-  Disclosing the database would be a _really_ bad thing.
-
-- The file /etc/kerberosV/krb5.keytab contains the encryption keys and
-  its important that you keep this file secret.
diff --git a/etc/kerberosV/krb5.conf.example b/etc/kerberosV/krb5.conf.example
index 1f436c5f581..5b9b4b9c16d 100644
--- a/etc/kerberosV/krb5.conf.example
+++ b/etc/kerberosV/krb5.conf.example
@@ -1,59 +1,27 @@
-# $OpenBSD: krb5.conf.example,v 1.6 2005/02/07 06:08:10 david Exp $
+# $OpenBSD: krb5.conf.example,v 1.7 2013/07/10 05:12:15 ajacoutot Exp $
 #
-# Example Kerberos 5 configuration file. You may need to change the defaults
-# in this file to match your environment.
-#
-# See krb5.conf(5) and the heimdal infopage for more information.
-#
-# Normally, the realm should be your DNS domain name with uppercase
-# letters. In this example file, we've written the realm as MY.REALM
-# and the domain as my.domain to make it clear what we refer to.
-#
-# Normally, it is not necessary to do any changes on client-only
-# machines, as it's recommended that the information needed is put
-# in DNS.
-# On server machines, it is not strictly necessary, but it is recommended
-# to have local configuration.
-#
-[libdefaults]
-	# Set the realm of this host here
-	default_realm = MY.REALM
-
-	# Maximum allowed time difference between KDC and this host
-	clockskew = 300
+# Kerberos 5 minimal configuration example.
+# See krb5.conf(5) and the heimdal info(1) page for more information.
 
-	# Uncomment this if you run NAT on the client side of kauth.
-	# This may be considered a security issue though.
-	# no-addresses = yes
+[libdefaults]
+	# local realm(s)
+	default_realm = DOMAIN.TLD
 
 [realms]
-	MY.REALM = {
-		# Specify KDC here
-		kdc = kerberos.my.domain
-
-		# Administration server, used for creating users etc.
-		admin_server = kerberos.my.domain
-	}
+	DOMAIN.TLD = {
+		# list of KDC(s) for this realm
+		kdc = kerberos.domain.tld
 
-	# Example of a "foreign" realm
-	OTHER.REALM = {
-		kdc = kerberos.other.domain
-		default_domain = other.domain
-		v4_domains = other.domain
+		# admin server for this realm
+		admin_server = kerberos.domain.tld
 	}
 
-# This sections describes how to figure out a realm given a DNS name
-[domain_realm]
-	.my.domain = MY.REALM
-
-
 [kadmin]
-	# This is the trickiest part of a Kerberos installation. See the
-	# heimdal infopage for more information about encryption types.
-
-	# For a k5 only realm, this will be fine
-#	default_keys = v5
+	# default salt string
+	default_keys = v5
 
 [logging]
-	# The KDC logs by default, but it's nice to have a kadmind log as well.
-	kadmind = FILE:/var/heimdal/kadmind.log
+	# log to syslog(3)
+	kdc = SYSLOG:INFO:DAEMON
+	kpasswdd = SYSLOG:INFO:AUTH
+	default = SYSLOG:INFO:DAEMON