summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
authorAntoine Jacoutot <ajacoutot@cvs.openbsd.org>2013-07-10 05:12:16 +0000
committerAntoine Jacoutot <ajacoutot@cvs.openbsd.org>2013-07-10 05:12:16 +0000
commitd57397436e11ac2bf58b7301207ded889649475b (patch)
treefa7589ad6c4afea71b0a94fe88e9f49ac6f82f27 /etc
parentae818b3718de5d27a14ee2802491a87e6393afbd (diff)
Ship a simpler krb5.conf which logs to syslog(3) by default.
Remove useless README -- the info(1) and man(1) pages contains all the required information. ok dcoppa@ robert@ beck@
Diffstat (limited to 'etc')
-rw-r--r--etc/Makefile4
-rw-r--r--etc/kerberosV/README19
-rw-r--r--etc/kerberosV/krb5.conf.example66
3 files changed, 18 insertions, 71 deletions
diff --git a/etc/Makefile b/etc/Makefile
index c897575bcfa..d2060550b22 100644
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.332 2013/06/01 14:06:20 naddy Exp $
+# $OpenBSD: Makefile,v 1.333 2013/07/10 05:12:15 ajacoutot Exp $
TZDIR= /usr/share/zoneinfo
LOCALTIME= Canada/Mountain
@@ -167,8 +167,6 @@ distribution-etc-root-var: distrib-dirs
${INSTALL} -c -o root -g wheel -m 600 /dev/null \
${DESTDIR}/etc/skel/.ssh/authorized_keys
cd kerberosV; \
- ${INSTALL} -c -o root -g wheel -m 644 README \
- ${DESTDIR}/etc/kerberosV; \
${INSTALL} -c -o root -g wheel -m 644 krb5.conf.example \
${DESTDIR}/etc/kerberosV
cd amd; \
diff --git a/etc/kerberosV/README b/etc/kerberosV/README
deleted file mode 100644
index f944d7555dd..00000000000
--- a/etc/kerberosV/README
+++ /dev/null
@@ -1,19 +0,0 @@
-# $OpenBSD: README,v 1.3 2003/08/01 08:42:37 hin Exp $
-
-Notes about the KerberosV support in OpenBSD:
-
-- Please check the heimdal info page (type "info heimdal") to get more
- information. A number of manpages also exists, although the info-page
- is currently the best installation instruction.
-
-- There are some very informational RFCs in the source directory.
-
-- Before you use KerberosV you should setup an /etc/kerberosV/krb5.conf
- according to the instructions in the heimdal infopage.
-
-- The directory /var/heimdal contains logs, the database and acl files,
- and must be created before the kdc, kadmind or kpasswdd can be used.
- Disclosing the database would be a _really_ bad thing.
-
-- The file /etc/kerberosV/krb5.keytab contains the encryption keys and
- its important that you keep this file secret.
diff --git a/etc/kerberosV/krb5.conf.example b/etc/kerberosV/krb5.conf.example
index 1f436c5f581..5b9b4b9c16d 100644
--- a/etc/kerberosV/krb5.conf.example
+++ b/etc/kerberosV/krb5.conf.example
@@ -1,59 +1,27 @@
-# $OpenBSD: krb5.conf.example,v 1.6 2005/02/07 06:08:10 david Exp $
+# $OpenBSD: krb5.conf.example,v 1.7 2013/07/10 05:12:15 ajacoutot Exp $
#
-# Example Kerberos 5 configuration file. You may need to change the defaults
-# in this file to match your environment.
-#
-# See krb5.conf(5) and the heimdal infopage for more information.
-#
-# Normally, the realm should be your DNS domain name with uppercase
-# letters. In this example file, we've written the realm as MY.REALM
-# and the domain as my.domain to make it clear what we refer to.
-#
-# Normally, it is not necessary to do any changes on client-only
-# machines, as it's recommended that the information needed is put
-# in DNS.
-# On server machines, it is not strictly necessary, but it is recommended
-# to have local configuration.
-#
-[libdefaults]
- # Set the realm of this host here
- default_realm = MY.REALM
-
- # Maximum allowed time difference between KDC and this host
- clockskew = 300
+# Kerberos 5 minimal configuration example.
+# See krb5.conf(5) and the heimdal info(1) page for more information.
- # Uncomment this if you run NAT on the client side of kauth.
- # This may be considered a security issue though.
- # no-addresses = yes
+[libdefaults]
+ # local realm(s)
+ default_realm = DOMAIN.TLD
[realms]
- MY.REALM = {
- # Specify KDC here
- kdc = kerberos.my.domain
-
- # Administration server, used for creating users etc.
- admin_server = kerberos.my.domain
- }
+ DOMAIN.TLD = {
+ # list of KDC(s) for this realm
+ kdc = kerberos.domain.tld
- # Example of a "foreign" realm
- OTHER.REALM = {
- kdc = kerberos.other.domain
- default_domain = other.domain
- v4_domains = other.domain
+ # admin server for this realm
+ admin_server = kerberos.domain.tld
}
-# This sections describes how to figure out a realm given a DNS name
-[domain_realm]
- .my.domain = MY.REALM
-
-
[kadmin]
- # This is the trickiest part of a Kerberos installation. See the
- # heimdal infopage for more information about encryption types.
-
- # For a k5 only realm, this will be fine
-# default_keys = v5
+ # default salt string
+ default_keys = v5
[logging]
- # The KDC logs by default, but it's nice to have a kadmind log as well.
- kadmind = FILE:/var/heimdal/kadmind.log
+ # log to syslog(3)
+ kdc = SYSLOG:INFO:DAEMON
+ kpasswdd = SYSLOG:INFO:AUTH
+ default = SYSLOG:INFO:DAEMON