kdc.conf.man - OpenGrok cross reference for /freebsd/crypto/krb5/src/man/kdc.conf.man

Lines Matching +full:dc +full:- +full:stream +full:- +full:id
5 .nr rst2man-indent-level 0
8 \\$1 \\n[an-margin]
9 level \\n[rst2man-indent-level]
10 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
11 -
12 \\n[rst2man-indent0]
13 \\n[rst2man-indent1]
14 \\n[rst2man-indent2]
19 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
20 . nr rst2man-indent-level +1
25 .\" indent \\n[an-margin]
26 .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
27 .nr rst2man-indent-level -1
28 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
33 kdc.conf \- Kerberos V5 KDC configuration file
68 Realm\-specific database configuration and settings
80 Per\-database settings
113 The following [kdcdefaults] variables have no per\-realm equivalent:
162 section under \fI\%[dbmodules]\fP for database\-specific parameters
181 comma\-separated list of flags, with \(aq+\(aq before each flag that
182 should be enabled and \(aq\-\(aq before each flag that should be
183 disabled.  The \fBpostdateable\fP, \fBforwardable\fP, \fBtgt\-based\fP,
184 \fBrenewable\fP, \fBproxiable\fP, \fBdup\-skey\fP, \fBallow\-tickets\fP, and
190 \fBallow\-tickets\fP
195 \fBdup\-skey\fP
196 Enabling this flag allows the KDC to issue user\-to\-user
208 \fBno\-auth\-data\-required\fP
209 Enabling this flag prevents PAC or AD\-SIGNEDPATH data from
212 \fBok\-as\-delegate\fP
217 \fBok\-to\-auth\-as\-delegate\fP
254 for this principal.  In release 1.17 and later, user\-to\-user
255 service tickets are still allowed if the \fBdup\-skey\fP flag is
258 \fBtgt\-based\fP
260 on a ticket\-granting\-ticket, rather than repeating the
280 pre\-authentication.  New in 1.16.
283 (Whitespace\- or comma\-separated list.)  Lists services which will
284 get host\-based referral processing even if the server principal is
285 not marked as host\-based by the client.
312 (Whitespace\- or comma\-separated list.)  Specifies the iprop RPC
345 [dbmodules] section, then the hard\-coded default for
350 (Whitespace\- or comma\-separated list.)  Specifies the kadmin RPC
374 (Whitespace\- or comma\-separated list.)  Specifies the listening
388 (Whitespace\- or comma\-separated list, deprecated.)  Prior to
395 (Whitespace\- or comma\-separated list.)  Specifies the TCP
403 (Whitespace\- or comma\-separated list, deprecated.)  Prior to
410 (Comma\-separated list.)  Specifies the kpasswd listening
436 default value for this is \fBaes256\-cts\-hmac\-sha1\-96\fP\&.  For a list of all possible
450 (Whitespace\- or comma\-separated list.)  Lists services to block
451 from getting host\-based referral processing, even if the client
452 marks the server principal as host\-based or the service is also
458 transited realms for cross\-realm tickets against the transit path
467 If the disable\-transited\-check flag is set in the incoming
480 than the realm\(aqs ticket\-granting service.  This option allows
487 KDC asserts into tickets obtained using SPAKE pre\-authentication.
495 default value for this tag is \fBaes256\-cts\-hmac\-sha1\-96:normal aes128\-cts\-hmac\-sha1\-96:nor…
555 This DB2\-specific tag indicates the location of the database in
579 This LDAP\-specific tag indicates the number of connections to be
583 These LDAP\-specific tags indicate the default DN for binding to
595 These LDAP\-specific tags specify the SASL mechanism (such as
600 These LDAP\-specific tags specify the SASL authentication identity
603 requires a secret (such as the password for \fBDIGEST\-MD5\fP), these
609 These LDAP\-specific tags specify the SASL authorization identity
614 These LDAP\-specific tags specify the SASL realm to use when
619 This LDAP\-specific tag indicates the DN of the container object
623 This LDAP\-specific tag indicates the list of LDAP servers that the
625 whitespace\-separated.  The LDAP server is specified by a LDAP URI.
630 This LDAP\-specific tag indicates the file containing the stashed
637 This LMDB\-specific tag indicates the maximum size of the two
643 This LMDB\-specific tag indicates the maximum number of concurrent
648 This LMDB\-specific tag can be set to improve the throughput of
655 If set to \fBtrue\fP, this DB2\-specific tag causes iteration
705 standard error stream.
813 the per\-principal configuration does not specify a token type.  Its
832 The following are pkinit\-specific options.  These values may
834 a realm\-specific subsection of [realms].  Also note that a
835 realm\-specific value over\-rides, does not add to, a generic
841 realm\-specific subsection of [realms]:
878 Specifies the minimum strength of Diffie\-Hellman group the KDC is
880 increasing strength are 1024, 2048, P\-256, 4096, P\-384, and P\-521.
881 The default is 2048.  (P\-256, P\-384, and P\-521 are new in release
892 the id\-pkinit\-san as defined in \fI\%RFC 4556\fP\&.  There is currently
903 certificates must have the id\-pkinit\-KPClientAuth EKU as
908 Microsoft Smart Card Login EKU (id\-ms\-kp\-sc\-logon) will be
951 policy is such that up\-to\-date CRLs must be present for every CA.
969 des3\-cbc\-raw
975 des3\-cbc\-sha1 des3\-hmac\-sha1 des3\-cbc\-sha1\-kd
981 aes256\-cts\-hmac\-sha1\-96 aes256\-cts aes256\-sha1
983 AES\-256 CTS mode with 96\-bit SHA\-1 HMAC
987 aes128\-cts\-hmac\-sha1\-96 aes128\-cts aes128\-sha1
989 AES\-128 CTS mode with 96\-bit SHA\-1 HMAC
993 aes256\-cts\-hmac\-sha384\-192 aes256\-sha2
995 AES\-256 CTS mode with 192\-bit SHA\-384 HMAC
999 aes128\-cts\-hmac\-sha256\-128 aes128\-sha2
1001 AES\-128 CTS mode with 128\-bit SHA\-256 HMAC
1005 arcfour\-hmac rc4\-hmac arcfour\-hmac\-md5
1011 arcfour\-hmac\-exp rc4\-hmac\-exp arcfour\-hmac\-md5\-exp
1017 camellia256\-cts\-cmac camellia256\-cts
1019 Camellia\-256 CTS mode with CMAC
1023 camellia128\-cts\-cmac camellia128\-cts
1025 Camellia\-128 CTS mode with CMAC
1031 The triple DES family: des3\-cbc\-sha1
1037 …AES family: aes256\-cts\-hmac\-sha1\-96, aes128\-cts\-hmac\-sha1\-96, aes256\-cts\-hmac\-sha384\-1…
1043 The RC4 family: arcfour\-hmac
1049 The Camellia family: camellia256\-cts\-cmac and camellia128\-cts\-cmac
1056 from the current list by prefixing them with a minus sign (\(dq\-\(dq).
1059 example, \(dq\fBDEFAULT \-rc4\fP\(dq would be the default set of encryption
1064 While \fBaes128\-cts\fP and \fBaes256\-cts\fP are supported for all Kerberos
1066 implementation (krb5\-1.3.1 and earlier).  Services running versions of
1070 The \fBaes128\-sha2\fP and \fBaes256\-sha2\fP encryption types are new in
1078 take lists of enctype\-salttype (\(dqkeysalt\(dq) pairs, known as \fIkeysalt
1086 kadmin \-e aes256\-cts:normal,aes128\-cts:normal
1092 password\-derived keys for the \fBaes256\-cts\fP and \fBaes128\-cts\fP
1143         master_key_type = aes256\-cts\-hmac\-sha1\-96
1144         supported_enctypes = aes256\-cts\-hmac\-sha1\-96:normal aes128\-cts\-hmac\-sha1\-96:normal
1153     ldap_kerberos_container_dn = cn=krbcontainer,dc=mit,dc=edu
1159         ldap_kdc_dn = \(dqcn=krbadmin,dc=mit,dc=edu\(dq
1162         ldap_kadmind_dn = \(dqcn=krbadmin,dc=mit,dc=edu\(dq
1181 1985-2025, MIT