Lines Matching +full:quality +full:- +full:of +full:- +full:service

1 .\" Copyright (c) 1999 - 2005 Kungliga Tekniska Högskolan
2 .\" (Royal Institute of Technology, Stockholm, Sweden).
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\"    notice, this list of conditions and the following disclaimer.
13 .\"    notice, this list of conditions and the following disclaimer in the
16 .\" 3. Neither the name of the Institute nor the names of its contributors
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48 The file consists of one or more sections, containing a number of
50 The value of each binding can be either a string or a list of other
53 .Bd -literal -offset indent
81 consists of one or more non-whitespace characters.
83 STRINGs that are specified later in this man-page uses the following
85 .Bl -tag -width "xxx" -offset indent
89 values can be a list of year, month, day, hour, min, second.
93 valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-md5,
94 des3-cbc-sha1, arcfour-hmac-md5, aes128-cts-hmac-sha1-96, and
95 aes256-cts-hmac-sha1-96 .
101 .Bl -tag -width "xxx" -offset indent
104 You can specify defaults per application, realm, or a combination of
107 .Bl -enum -compact
119 .Bl -tag -width "xxx" -offset indent
124 .It Li no-addresses = Va boolean
125 When obtaining initial credentials, request them for an empty set of
140 .Bl -tag -width "xxx" -offset indent
144 The default is the result of
161 .Bl -tag -width "xxx" -offset indent
162 .It Va destination-realm Li = Va next-hop-realm
180 A list of default encryption types to use. (Default: all enctypes if
183 A list of default encryption types to use in AS requests.  (Default: the
184 value of default_etypes.)
186 A list of default encryption types to use in TGS requests.  (Default:
187 the value of default_etypes.)
189 A list of default encryption types to use when requesting a DES credential.
198 Try to keep track of the time differential between the local machine
201 The max number of times to try to contact each KDC.
218 The application has to be able to read the corresponding service key
226 .It Li http_proxy = Va proxy-spec
227 A HTTP-proxy to use when talking to the KDC via HTTP.
228 .It Li dns_proxy = Va proxy-spec
231 A list of addresses to get tickets for along with all local addresses.
239 Write log-entries using UTC instead of your local time zone.
251 .It Li fcc-mit-ticketflags = Va boolean
258 .It Li check-rd-req-server
261 this is very useful when the GSS-API server input the
265 This is a list of mappings from DNS domain to Kerberos realm.
270 The domain can be either a full name of a host or a trailing
271 component, in the latter case the domain-string should start with a
281 realm will be determined using DNS (independently of the setting
284 .Bl -tag -width "xxx" -offset indent
286 .Bl -tag -width "xxx" -offset indent
287 .It Li kdc = Va [service/]host[:port]
288 Specifies a list of kdcs for this realm.
297 port (depending on service) will be used.
301 .Va service
311 Default service is
337 .Bl -tag -width "xxx" -offset indent
338 .It Va client-realm Li = {
339 .Bl -tag -width "xxx" -offset indent
340 .It Va server-realm Li = Va hop-realm ...
342 .Va hop-realm
344 obtain credentials for a service in the
345 .Va server-realm .
347 allowed in a multi-hop traversal from
348 .Va client-realm
350 .Va server-realm .
351 Except for the client case, the order of the realms are not important.
356 .Bl -tag -width "xxx" -offset indent
365 manual page for a list of defined destinations.
368 .Bl -tag -width "xxx" -offset indent
370 .Bl -tag -width "xxx" -offset indent
381 Use this keytab file for the master key of this database.
386 Use this file for the ACL list of this database.
388 Use this file as the log of changes performed to the database.
390 .Nm ipropd-master
394 .It Li max-request = Va SIZE
395 Maximum size of a kdc request.
396 .It Li require-preauth = Va BOOL
397 If set pre-authentication is required.
398 Since krb4 requests are not pre-authenticated they will be rejected.
399 .It Li ports = Va "list of ports"
400 List of ports the kdc should listen to.
401 .It Li addresses = Va "list of interfaces"
402 List of addresses the kdc should bind to.
403 .It Li enable-kerberos4 = Va BOOL
405 .It Li v4-realm = Va REALM
407 .It Li enable-524 = Va BOOL
410 .Va enable-kerberos4 .
411 .It Li enable-http = Va BOOL
412 Should the kdc answer kdc-requests over http.
413 .It Li enable-kaserver = Va BOOL
415 .It Li tgt-use-strongest-session-key = Va BOOL
417 client's AS-REQ or TGS-REQ enctype list for the ticket session key that
420 the client's AS-REQ enctype list that is also supported by the KDC and
422 .It Li svc-use-strongest-session-key = Va BOOL
423 Like tgt-use-strongest-session-key, but applies to the session key
424 enctype of tickets for services other than krbtgt principals. Defaults
426 .It Li preauth-use-strongest-session-key = Va BOOL
428 AS-REQ for PA-ETYPE-INFO2 (i.e., for password-based pre-authentication).
429 Else pick the first supported enctype from the client's AS-REQ. Defaults
431 .It Li use-strongest-server-key = Va BOOL
433 first supported enctype from the target service principal's hdb entry's
435 target service principal's hdb entry's current keyset. Defaults to TRUE.
436 .It Li check-ticket-addresses = Va BOOL
439 .It Li allow-null-ticket-addresses = Va BOOL
440 Allow address-less tickets.
442 .It Li allow-anonymous = Va BOOL
445 Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
451 What type of logging the kdc should use, see also [logging]/kdc.
453 .Bl -tag -width "xxx" -offset indent
460 .It Li hdb-ldap-structural-object Va structural object
465 .It Li hdb-ldap-create-base Va creation dn
468 .It Li enable-digest = Va BOOL
470 .It Li digests_allowed = Va list of digests
472 .Li ntlm-v2 .
475 .Bl -tag -width "xxx" -offset indent
476 .It Li require-preauth = Va BOOL
477 If pre-authentication is required to talk to the kadmin server.
484 try to parse it as a sequence of
486 syntax of this if something like:
488 [(des|des3|etype):](pw-salt|afs3-salt)[:string]
494 Additional special values of keytypes are:
495 .Bl -tag -width "xxx" -offset indent
498 .Va pw-salt
501 .Va des:pw-salt:
506 .Va default_keys = Va des3:pw-salt Va v4
511 Check the Password quality assurance in the info documentation for
513 .Bl -tag -width "xxx" -offset indent
514 .It Li check_library = Va library-name
516 .It Li check_function = Va function-name
519 List of libraries that can do password policy checks
521 List of policy names to apply to the password. Builtin policies are
522 among other minimum-length, character-class, external-check.
529 .Bl -tag -width "/etc/krb5.conf"
534 .Bd -literal -offset indent
559 is read and parsed by the krb5 library, there is not a lot of
567 Note that this program does not have any way of knowing what options