File: shishi.conf.in

package info (click to toggle)
shishi 1.0.0-1
  • links: PTS, VCS
  • area: main
  • in suites: squeeze
  • size: 22,144 kB
  • ctags: 7,865
  • sloc: ansic: 61,153; sh: 12,212; yacc: 1,219; makefile: 1,164; perl: 624; sed: 16
file content (127 lines) | stat: -rw-r--r-- 5,318 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# System configuration file for Shishi @VERSION@
# Copyright 2002, 2003, 2004, 2006, 2010  Simon Josefsson
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
#
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Unless you you specify which system configuration file to use (with the
# commandline option "--system-configuration-file filename"), Shishi uses the
# file @sysconfdir@/shishi.conf by default.
#
# An option file can contain all long options which are
# available in Shishi. If the first non white space character of
# a line is a '#', this line is ignored.  Empty lines are also
# ignored.
#
# See the manual for a list of options.

# Read MIT or Heimdal configuration file for the following parameters:
#   default-realm
#   realm-kdc
#   server-realm
#   kdc-timeout
#   kdc-retries
# You can override these values by specifying alternate values below.
# Not implemented yet.
#read-krb5conf=/etc/krb5.conf

# Specify the default realm, by default the hostname of the host is used.
#default-realm JOSEFSSON.ORG

# Specify the default principal, by default the login username is used.
#default-principal jas

# Specify which encryption types client asks server to respond in
# during AS/TGS exchanges. List valid encryption types, in preference
# order.  Supported algorithms include aes256-cts-hmac-sha1-96,
# aes128-cts-hmac-sha1-96, des3-cbc-sha1-kd, des-cbc-md5, des-cbc-md4,
# des-cbc-crc and null.  This option also indicates which encryption
# types are accepted by the client when receiving the response.  Note
# that the preference order is not cryptographically protected, so a
# man in the middle can modify the order without being detected.
# Thus, only specify encryption types you trust completely here. The
# default only includes aes256-cts-hmac-sha1-96, as suggested by
# RFC1510bis.
#client-kdc-etypes=aes256-cts-hmac-sha1-96 des3-cbc-sha1-kd des-cbc-md5

# Enable verbose library messages.
#verbose
#verbose-asn1
#verbose-noise
#verbose-crypto
#verbose-crypto-noise

# Specify KDC addresses for realms.
# Value is REALM,KDCADDRESS[/TRANSPORT][,KDCADDRESS[/TRANSPORT]...]
# KDCADDRESS is the hostname or IP address of KDC.
# Optional TRANSPORT is "udp" for UDP, "tcp" for TCP, and "tls" for TLS
# connections.  By default UDP is tried first, and TCP used as a
# fallback if the KRB_ERR_RESPONSE_TOO_BIG error is received.  If not
# specified, Shishi tries to locate the KDC using SRV RRs, which is
# recommended.  This option should normally only be used during
# experiments, to access badly maintained realms, or to make sure
# you are not vulnerable to DNS redirection attacks.
#realm-kdc=JOSEFSSON.ORG,ristretto.josefsson.org

# Specify realm for servers.
# Value is REALM,SERVERREGEXP[,SERVERREGEXP...]
# SERVERREGEXP is a regular expression matching servers in the realm.
# The first match is used.
#server-realm=JOSEFSSON.ORG,.josefsson.org

# How long shishi waits for a response from a KDC before continuing
# to next KDC for realm.  The default is 5 seconds.
#kdc-timeout=5

# How many times shishi sends a request to a KDC before giving up.
# The default is 3 times.
#kdc-retries=3

# How username and passwords entered from the terminal, or taken
# from the command line, are processed.
# "none": no processing is used.
# "stringprep": convert from locale charset to UTF-8 and process using
#               experimental RFC 1510 stringprep profile.
# It can also be a string indicating a character set supported by
# iconv() via libstringprep, in which case data is converted from
# locale charset into the indicated character set. E.g., UTF-8,
# ISO-8859-1, KOI-8, EBCDIC-IS-FRISS are supported on GNU systems.
# On some systems you can use "locale -m" to list available character
# sets.  By default, the "none" setting is used which is consistent
# with RFC 1510 that is silent on the issue.  In practice, however,
# converting to UTF-8 improves interoperability.
stringprocess=UTF-8

# Specify default ticket life time.
# The string can be in almost any common format.  It can contain month
# names, time zones, `am' and `pm', `yesterday', `ago', `next', etc.
# Refer to the "Date input formats" in the GNU CoreUtils package for
# entire story.  As an extra feature, if the resulting string you
# specify has expired within the last 24 hours, an extra day is added
# to it.  This allows you to specify "17:00" to always mean the next
# 17:00, even if your system clock happens to be 17:30.
# The default is 8 hours.
# Examples:
#ticket-life=8 hours
#ticket-life=1 day
#ticket-life=17:00

# Specify how long a renewable ticket should remain renewable.
# See ticket-life for the syntax.  The extra feature that handles
# negative values within the last 2 hours is not active here.
# The default is 7 days.
# Examples:
#renew-life=1 week
#renew-life=friday 17:00
#renew-life=sunday

# Setup libgcrypt to use quicker entropy generation.  If you want to
# use /dev/random instead of /dev/urandom, uncomment this.
quick-random

# System configuration file ends here