KDC_V4_DEFAULT_MODE
Derek T. Yarnell
derek at cs.umd.edu
Thu May 13 10:16:39 EDT 2004
On Thu, May 13, 2004 at 06:21:55AM -0400, Sam Hartman wrote:
> >>>>> "Derek" == Derek T Yarnell <derek at cs.umd.edu> writes:
>
> Derek> With the new 1.3.x code, I get this even if I included
> Derek> --with-krb4 when I compile. Now I think it has to do with
> Derek> the, KDC_V4_DEFAULT_MODE. How can I change this? Runtime?
> Derek> Compile time?
>
> Derek> Do I need to change the default in, kdc/kerberos_v4.c ? Or
> Derek> can I do it more cleanly?
>
> Look at the man page for krb5kdc--particularly the -4 option.
Also the man page for kdc.conf still says the following
kdc.conf man page:
v4_mode
This string specifies how the KDC should respond to
Kerberos IV packets. If this relation is not specified,
the compiled-in default of nopreauth is used.
While the krb5kdc says the following:
The -4 option specifies how the KDC responds to kerberos IV
requests for tickets. The command line option overrides the
value in the KDC profile. The possible values are none,
disable, full or nopreauth. These instruct the KDC to not
respond to V4 packets, to respond with a version skew error,
to issue tickets for all database entries, and to issue
tickets for all but preauthentication required database
entries respectively. The default behaviour is as if none
was specified.
So I think that the kdc.conf man page has just not been updated with the
new defaults.
--
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek at cs.umd.edu
More information about the Kerberos
mailing list