Next: Principal keys
Up: Data Structures
Previous: Policies, kadm5_policy_ent_t
Contents
Configuration parameters
The KADM5 API acquires configuration information from the Kerberos
configuration file ($KRB5_CONFIG or DEFAULT_PROFILE_PATH) and from
the KDC configuration file ($KRB5_KDC_CONFIG or DEFAULT_KDC_PROFILE).
In KADM5_API_VERSION_2, some of the configuration parameters used by
the KADM5 API can be controlled by the caller by providing a
kadm5_config_params structure to kadm5_init:
typedef struct _kadm5_config_params {
u_int32 mask;
/* Client and server fields */
char *realm;
char *profile;
int kadmind_port;
/* client fields */
char *admin_server;
/* server fields */
char *dbname;
char *admin_dbname;
char *admin_lockfile;
char *acl_file;
char *dict_file;
char *admin_keytab;
/* server library (database) fields */
int mkey_from_kbd;
char *stash_file;
char *mkey_name;
krb5_enctype enctype;
krb5_deltat max_life;
krb5_deltat max_rlife;
krb5_timestamp expiration;
krb5_flags flags;
krb5_key_salt_tuple *keysalts;
krb5_int32 num_keysalts;
} kadm5_config_params;
The following list describes each of the fields of the structure,
along with the profile relation it overrides, its mask value, its
default value, and whether it is valid on the client, server, or both,
or neither.
- mask
- No variable. No mask value. A bitfield specifying which
fields of the structure contain valid information. A caller sets this
mask before calling kadm5_init_*, indicating which parameters are
specified. The mask values are defined in
kadm5/admin.h
and are
all prefixed with KADM5_CONFIG_; the prefix is not included in the
descriptions below.
- realm
- No variable. REALM. Client and server. The realm to
which these parameters apply, and the realm for which additional
parameters are to be acquired, if any. If this field is not specified
in the mask, the default local realm is used.
- profile
- Variable: profile (server only). PROFILE. Client and
server. The Kerberos profile to use. On the client, the default is
the value of the KRB5_CONFIG environment variable, or
DEFAULT_PROFILE_PATH if that is not set. On the server, the value of
the ``profile'' variable of the KDC configuration file will be used as
the first default if it exists; otherwise, the default is the value of
the KRB5_KDC_PROFILE environment variable or DEFAULT_KDC_PROFILE.
- kadmind_port
- Variable: kadmind_port. KADMIND_PORT. Client and
server. The port number the kadmind server listens on. The client
uses this field to determine where to connect, and the server to
determine where to listen. The default is 749, which has been
assigned by IANA.
- admin_server
- Variable: admin_server. ADMIN_SERVER. Client.
The host name of the admin server to which to connect. There is no
default. If the value of this field contains a colon (:), the text
following the colon is treated as an integer and assigned to the
kadmind_port field, overriding any value of the kadmind_port variable.
- dbname
- Variable: dbname. DBNAME. Server. The Kerberos
database name to use; the Kerberos database stores principal
information. The default is DEFAULT_KDB_FILE.
- admin_dbname
- Variable: admin_database_name. ADBNAME.
Neither. If the dbname field is set, this field is set to the value
of dbname followed by ``.kadm5''.
- admin_lockfile
- Variable: admin_database_lockfile.
ADB_LOCKFILE. Neither. If the admin_dbname field is set, this field
is set to the value of admin_dbname followed by ``.lock''.
- acl_file
- Variable: acl_file. ACL_FILE. Server. The admin
server's ACL file. The default is DEFAULT_KADM5_ACL_FILE.
- dict_file
- Variable: admin_dict_file. DICT_FILE. Server. The
admin server's dictionary file of passwords to disallow. No default.
- admin_keytab
- Variable: admin_keytab. ADMIN_KEYTAB. Server.
The keytab file containing the kadmin/admin and kadmin/changepw
entries for the server to use. The default is the value of the
KRB5_KTNAME environment variable, if defined, else
DEFAULT_KADM5_KEYTAB.
- mkey_from_keyboard
- No variable. MKEY_FROM_KEYBOARD. Server.
If non-zero, prompt for the master password via the tty instead of
using the stash file. If this mask bit is not set, or is set and the
value is zero, the stash file is used.
- stash_file
- Variable: key_stash_file. STASH_FILE. Server. The
file name containing the master key stash file. No default; libkdb
will work with a NULL value.
- mkey_name
- Variable: master_key_name. MKEY_NAME. Server. The
name of the master principal for the realm. No default; lbkdb will
work with a NULL value.
- enctype
- Variable: master_key_type. ENCTYPE. Server. The
encryption type of the master principal. The default is
DEFAULT_KDC_ENCTYPE.
- max_life
- Variable: max_life. MAX_LIFE. Maximum lifetime for
all tickets issued to the principal. The default is 28800, which is 8
hours.
- max_rlife, expiration, flags
- Variables: max_renewable_life,
default_principal_expiration, default_principal_flags. MAX_LIFE,
MAX_RLIFE, EXPIRATION, FLAGS. Server. Default values for new
principals. All default to 0.
- keysalts, num_keysalts
- Variable: supported_enctypes. ENCTYPES.
Server. The list of supported encryption type/salt type tuples; both
fields must be assigned if ENCTYPES is set. The default is a list
containing one enctype, DES-CBC-CRC with normal salt.
Next: Principal keys
Up: Data Structures
Previous: Policies, kadm5_policy_ent_t
Contents
Autobuild
2006-06-16