NAME

krb5_keytab.conf - configuration file for krb5_keytab(8)

SYNOPSIS

krb5_keytab.conf

DESCRIPTION

krb5_keytab.conf is the configuration file for krb5_keytab(8). The syntax is a Perl snippet which is evaluated and is expected to set the following variables:

@admin_users: is a list of users who are allowed to perform administrative functions. That is, they can operate on other user's keytabs and avoid the system encryption type policies.
@allowed_enctypes: is a list of acceptable encryption types that even administrative users cannot over-ride.
$default_krb5_lib: is the default Kerberos library version if it is not specified.
%krb5_libs: is a hash mapping Kerberos library versions to an array ref of supported encryption types.
%krb5_lib_quirks: is a hash mapping Kerberos library versions to an array ref of keytab management bugs (quirks) that must be considered when constructing or testing a keytab.
$use_fetch: is a boolean value which tells krb5_keytab(8) whether it should attempt to fetch keys from the KDC. By default the KDC will refuse these requests, so only enable this option if you have configured the KDC allow the fetching of keys. See $allow_fetch in krb5_admind.conf(5). This value defaults to 0.
%user2service: is a hash mapping users to an array ref containing additional service principals that the user may request to be placed in its keytab. This mechanism will eventually be replaced with a more general mechanism which allows for hostbased specification of this concept.
%user_libs: is a hash mapping users to an array ref containing a list of acceptable Kerberos libraries which the user may use. Administrative users may not over-ride this restriction.

Syntax errors will terminate parsing causing all subsequent configuration to be ignored and so it is critical that they not be present.

AUTHORS

krb5_keytab.conf was written by Roland C. Dowdeswell.

Open Source Kerberos Tooling

Overview Source KNC Kharon krb5_admin krb5_keytab k5ping lnetd prefork	NAME krb5_keytab.conf - configuration file for krb5_keytab(8) SYNOPSIS krb5_keytab.conf DESCRIPTION krb5_keytab.conf is the configuration file for krb5_keytab(8). The syntax is a Perl snippet which is evaluated and is expected to set the following variables: @admin_users is a list of users who are allowed to perform administrative functions. That is, they can operate on other user's keytabs and avoid the system encryption type policies. @allowed_enctypes is a list of acceptable encryption types that even administrative users cannot over-ride. $default_krb5_lib is the default Kerberos library version if it is not specified. %krb5_libs is a hash mapping Kerberos library versions to an array ref of supported encryption types. %krb5_lib_quirks is a hash mapping Kerberos library versions to an array ref of keytab management bugs (quirks) that must be considered when constructing or testing a keytab. $use_fetch is a boolean value which tells krb5_keytab(8) whether it should attempt to fetch keys from the KDC. By default the KDC will refuse these requests, so only enable this option if you have configured the KDC allow the fetching of keys. See $allow_fetch in krb5_admind.conf(5). This value defaults to 0. %user2service is a hash mapping users to an array ref containing additional service principals that the user may request to be placed in its keytab. This mechanism will eventually be replaced with a more general mechanism which allows for hostbased specification of this concept. %user_libs is a hash mapping users to an array ref containing a list of acceptable Kerberos libraries which the user may use. Administrative users may not over-ride this restriction. Syntax errors will terminate parsing causing all subsequent configuration to be ignored and so it is critical that they not be present. SEE ALSO krb5_keytab(8). AUTHORS krb5_keytab.conf was written by Roland C. Dowdeswell. Last updated 2019-02-01 19:58:40 GMT

NAME

SYNOPSIS

DESCRIPTION

SEE ALSO

AUTHORS