|
1 # |
|
2 # This patch modifies the path for the KDC specific files which are stored by |
|
3 # default on Solaris /var/krb5. |
|
4 # |
|
5 # Note: It is not intended that these changes are to be contributed to MIT as |
|
6 # MIT will be modifying the way the KDC path is handled here in a future |
|
7 # update. |
|
8 # Patch source: in-house |
|
9 # |
|
10 diff -ur krb5-1.13.2/src/man/kadm5.acl.man krb5-1.13.2-man-update/src/man/kadm5.acl.man |
|
11 --- krb5-1.13.2/src/man/kadm5.acl.man |
|
12 +++ krb5-1.13.2-man-update/src/man/kadm5.acl.man |
|
13 @@ -38,7 +38,7 @@ |
|
14 which principals can operate on which other principals. |
|
15 .sp |
|
16 The default location of the Kerberos ACL file is |
|
17 -\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP unless this is overridden by the \fIacl_file\fP |
|
18 +\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/kadm5.acl\fP unless this is overridden by the \fIacl_file\fP |
|
19 variable in \fIkdc.conf(5)\fP\&. |
|
20 .SH SYNTAX |
|
21 .sp |
|
22 diff -ur krb5-1.13.2/src/man/kadmind.man krb5-1.13.2-man-update/src/man/kadmind.man |
|
23 --- krb5-1.13.2/src/man/kadmind.man |
|
24 +++ krb5-1.13.2-man-update/src/man/kadmind.man |
|
25 @@ -67,7 +67,7 @@ |
|
26 kadmind\(aqs ACL (access control list) tells it which principals are |
|
27 allowed to perform administration actions. The pathname to the |
|
28 ACL file can be specified with the \fBacl_file\fP \fIkdc.conf(5)\fP |
|
29 -variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. |
|
30 +variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/kadm5.acl\fP\&. |
|
31 .UNINDENT |
|
32 .sp |
|
33 After the server begins running, it puts itself in the background and |
|
34 diff -ur krb5-1.13.2/src/man/kdb5_ldap_util.man krb5-1.13.2-man-update/src/man/kdb5_ldap_util.man |
|
35 --- krb5-1.13.2/src/man/kdb5_ldap_util.man |
|
36 +++ krb5-1.13.2-man-update/src/man/kdb5_ldap_util.man |
|
37 @@ -325,7 +325,7 @@ |
|
38 .TP |
|
39 .B \fB\-f\fP \fIfilename\fP |
|
40 Specifies the complete path of the service password file. By |
|
41 -default, \fB/usr/local/var/service_passwd\fP is used. |
|
42 +default, \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/service_passwd\fP is used. |
|
43 .TP |
|
44 .B \fIname\fP |
|
45 Specifies the name of the object whose password is to be stored. |
|
46 diff -ur krb5-1.13.2/src/man/kdc.conf.man krb5-1.13.2-man-update/src/man/kdc.conf.man |
|
47 --- krb5-1.13.2/src/man/kdc.conf.man |
|
48 +++ krb5-1.13.2-man-update/src/man/kdc.conf.man |
|
49 @@ -39,7 +39,7 @@ |
|
50 single configuration profile. |
|
51 .sp |
|
52 Normally, the kdc.conf file is found in the KDC state directory, |
|
53 -\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\&. You can override the default location by setting the |
|
54 +\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\&. You can override the default location by setting the |
|
55 environment variable \fBKRB5_KDC_PROFILE\fP\&. |
|
56 .sp |
|
57 Please note that you need to restart the KDC daemon for any configuration |
|
58 @@ -139,7 +139,7 @@ |
|
59 (String.) Location of the access control list file that |
|
60 \fIkadmind(8)\fP uses to determine which principals are allowed |
|
61 which permissions on the Kerberos database. The default value is |
|
62 -\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. For more information on Kerberos ACL |
|
63 +\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/kadm5.acl\fP\&. For more information on Kerberos ACL |
|
64 file see \fIkadm5.acl(5)\fP\&. |
|
65 .TP |
|
66 .B \fBdatabase_module\fP |
|
67 @@ -153,7 +153,7 @@ |
|
68 (String, deprecated.) This relation specifies the location of the |
|
69 Kerberos database for this realm, if the DB2 module is being used |
|
70 and the \fI\%[dbmodules]\fP configuration section does not specify a |
|
71 -database name. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP\&. |
|
72 +database name. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/principal\fP\&. |
|
73 .TP |
|
74 .B \fBdefault_principal_expiration\fP |
|
75 (\fIabstime\fP string.) Specifies the default expiration date of |
|
76 @@ -300,7 +300,7 @@ |
|
77 .TP |
|
78 .B \fBkey_stash_file\fP |
|
79 (String.) Specifies the location where the master key has been |
|
80 -stored (via kdb5_util stash). The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/.k5.REALM\fP, where \fIREALM\fP is the Kerberos realm. |
|
81 +stored (via kdb5_util stash). The default is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/.k5.REALM\fP, where \fIREALM\fP is the Kerberos realm. |
|
82 .TP |
|
83 .B \fBkdc_max_tcp_connections\fP |
|
84 This relation controls the maximum number of TCP connections the |
|
85 @@ -454,7 +454,7 @@ |
|
86 .TP |
|
87 .B \fBdatabase_name\fP |
|
88 This DB2\-specific tag indicates the location of the database in |
|
89 -the filesystem. The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP\&. |
|
90 +the filesystem. The default is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/principal\fP\&. |
|
91 .TP |
|
92 .B \fBdb_library\fP |
|
93 This tag indicates the name of the loadable database module. The |
|
94 @@ -662,8 +662,8 @@ |
|
95 the console and to the system log under the facility LOG_DAEMON with |
|
96 default severity of LOG_INFO; and the logging messages from the |
|
97 administrative server will be appended to the file |
|
98 -\fB/var/adm/kadmin.log\fP and sent to the device \fB/dev/tty04\fP\&. |
|
99 -\fB/var/adm/kadmin.log\fP is rotated between twenty-one log files with a |
|
100 +\fB/var/krb5/kadmin.log\fP and sent to the device \fB/dev/tty04\fP\&. |
|
101 +\fB/var/krb5/kadmin.log\fP is rotated between twenty-one log files with a |
|
102 specified time interval of a day. |
|
103 .INDENT 0.0 |
|
104 .INDENT 3.5 |
|
105 @@ -673,7 +673,7 @@ |
|
106 [logging] |
|
107 kdc = CONSOLE |
|
108 kdc = SYSLOG:INFO:DAEMON |
|
109 - admin_server = FILE:/var/adm/kadmin.log |
|
110 + admin_server = FILE:/var/krb5/kadmin.log |
|
111 admin_server = DEVICE=/dev/tty04 |
|
112 admin_server_rotate = { |
|
113 period = 1d |
|
114 @@ -696,10 +696,10 @@ |
|
115 This is the server to send the RADIUS request to. It can be a |
|
116 hostname with optional port, an ip address with optional port, or |
|
117 a Unix domain socket address. The default is |
|
118 -\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/<name>.socket\fP\&. |
|
119 +\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/<name>.socket\fP\&. |
|
120 .TP |
|
121 .B \fBsecret\fP |
|
122 -This tag indicates a filename (which may be relative to \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP) |
|
123 +This tag indicates a filename (which may be relative to \fB@LOCALSTATEDIR@\fP\fB/krb5\fP) |
|
124 containing the secret used to encrypt the RADIUS packets. The |
|
125 secret should appear in the first line of the file by itself; |
|
126 leading and trailing whitespace on the line will be removed. If |
|
127 @@ -1109,8 +1109,8 @@ |
|
128 } |
|
129 |
|
130 [logging] |
|
131 - kdc = FILE:/usr/local/var/krb5kdc/kdc.log |
|
132 - admin_server = FILE:/usr/local/var/krb5kdc/kadmin.log |
|
133 + kdc = FILE:/var/krb5/kdc.log |
|
134 + admin_server = FILE:/var/krb5/kadmin.log |
|
135 |
|
136 [dbdefaults] |
|
137 ldap_kerberos_container_dn = cn=krbcontainer,dc=mit,dc=edu |
|
138 @@ -1135,7 +1135,7 @@ |
|
139 .UNINDENT |
|
140 .SH FILES |
|
141 .sp |
|
142 -\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kdc.conf\fP |
|
143 +\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/kdc.conf\fP |
|
144 .SH SEE ALSO |
|
145 .sp |
|
146 \fIkrb5.conf(5)\fP, \fIkrb5kdc(8)\fP, \fIkadm5.acl(5)\fP |
|
147 diff -ur krb5-1.13.2/src/man/kprop.man krb5-1.13.2-man-update/src/man/kprop.man |
|
148 --- krb5-1.13.2/src/man/kprop.man |
|
149 +++ krb5-1.13.2-man-update/src/man/kprop.man |
|
150 @@ -54,7 +54,7 @@ |
|
151 .B \fB\-f\fP \fIfile\fP |
|
152 Specifies the filename where the dumped principal database file is |
|
153 to be found; by default the dumped database file is normally |
|
154 -\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/slave_datatrans\fP\&. |
|
155 +\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/slave_datatrans\fP\&. |
|
156 .TP |
|
157 .B \fB\-P\fP \fIport\fP |
|
158 Specifies the port to use to contact the \fIkpropd(8)\fP server |
|
159 diff -ur krb5-1.13.2/src/man/kpropd.man krb5-1.13.2-man-update/src/man/kpropd.man |
|
160 --- krb5-1.13.2/src/man/kpropd.man |
|
161 +++ krb5-1.13.2-man-update/src/man/kpropd.man |
|
162 @@ -105,7 +105,7 @@ |
|
163 .TP |
|
164 .B \fB\-f\fP \fIfile\fP |
|
165 Specifies the filename where the dumped principal database file is |
|
166 -to be stored; by default the dumped database file is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/from_master\fP\&. |
|
167 +to be stored; by default the dumped database file is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/from_master\fP\&. |
|
168 .TP |
|
169 .B \fB\-p\fP |
|
170 Allows the user to specify the pathname to the \fIkdb5_util(8)\fP |
|
171 @@ -123,7 +123,7 @@ |
|
172 .TP |
|
173 .B \fB\-a\fP \fIacl_file\fP |
|
174 Allows the user to specify the path to the kpropd.acl file; by |
|
175 -default the path used is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kpropd.acl\fP\&. |
|
176 +default the path used is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/kpropd.acl\fP\&. |
|
177 .UNINDENT |
|
178 .SH ENVIRONMENT |
|
179 .sp |