svn rev #24078: trunk/ doc/ src/config-files/

ghudson@MIT.EDU ghudson at MIT.EDU
Thu May 20 23:08:18 EDT 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=24078
Commit By: ghudson
Log Message:
ticket: 6719

Document the disable_last_success and disable_lockout variables in
krb5.conf.M.  Also document database_name in krb5.conf.M and slightly
adjust the wording in admin.texinfo.



Changed Files:
U   trunk/doc/admin.texinfo
U   trunk/src/config-files/krb5.conf.M
Modified: trunk/doc/admin.texinfo
===================================================================
--- trunk/doc/admin.texinfo	2010-05-20 22:57:53 UTC (rev 24077)
+++ trunk/doc/admin.texinfo	2010-05-21 03:08:18 UTC (rev 24078)
@@ -1054,8 +1054,8 @@
 This tag indicates the name of the loadable database library. The value should be @samp{db2} for DB2 database and @samp{kldap} for LDAP database.
 
 @itemx database_name
-This DB2-specific tag indicates the location of the database.  The
-default is @* @code{@value{DefaultDatabaseName}}.
+This DB2-specific tag indicates the location of the database in the
+filesystem.  The default is @* @code{@value{DefaultDatabaseName}}.
 
 @itemx disable_last_success
 If set to @code{true}, suppresses KDC updates to the ``Last successful

Modified: trunk/src/config-files/krb5.conf.M
===================================================================
--- trunk/src/config-files/krb5.conf.M	2010-05-20 22:57:53 UTC (rev 24077)
+++ trunk/src/config-files/krb5.conf.M	2010-05-21 03:08:18 UTC (rev 24078)
@@ -585,6 +585,23 @@
 This relation indicates the name of the configuration section under dbmodules
 for database specific parameters used by the loadable database library.
 
+.IP database_name
+This DB2-specific tag indicates the location of the database in the
+filesystem.
+
+.IP disable_last_success
+If set to true, suppresses KDC updates to the "Last successful
+authentication" field of principal entries requiring
+preauthentication.  Setting this flag may improve performance.
+(Principal entries which do not require preauthentication never update
+the "Last successful authentication" field.)
+
+.IP disable_lockout
+If set to true, suppresses KDC updates to the "Last failed
+authentication" and "Failed password attempts" fields of principal
+entries requiring preauthentication.  Setting this flag may improve
+performance, but also disables account lockout.
+
 .IP ldap_kerberos_container_dn 
 This LDAP specific tag indicates the DN of the container object where the realm
 objects will be located. This value is used if no object DN is mentioned in the

More information about the cvs-krb5 mailing list