KDC_V4_DEFAULT_MODE

Derek T. Yarnell derek at cs.umd.edu
Thu May 13 10:16:39 EDT 2004


On Thu, May 13, 2004 at 06:21:55AM -0400, Sam Hartman wrote:
> >>>>> "Derek" == Derek T Yarnell <derek at cs.umd.edu> writes:
> 
>     Derek> With the new 1.3.x code, I get this even if I included
>     Derek> --with-krb4 when I compile. Now I think it has to do with
>     Derek> the, KDC_V4_DEFAULT_MODE. How can I change this? Runtime?
>     Derek> Compile time?
> 
>     Derek> Do I need to change the default in, kdc/kerberos_v4.c ? Or
>     Derek> can I do it more cleanly?
> 
> Look at the man page for krb5kdc--particularly the -4 option.

Also the man page for kdc.conf still says the following

kdc.conf man page:
     v4_mode
          This string specifies how the  KDC  should  respond  to
          Kerberos IV packets. If this relation is not specified,
          the compiled-in default of nopreauth is used.

While the krb5kdc says the following:

     The -4 option specifies how the KDC responds to kerberos  IV
     requests for tickets.  The command line option overrides the
     value in the KDC profile.  The  possible  values  are  none,
     disable,  full  or  nopreauth. These instruct the KDC to not
     respond to V4 packets, to respond with a version skew error,
     to  issue  tickets  for  all  database entries, and to issue
     tickets for  all  but  preauthentication  required  database
     entries  respectively.  The  default behaviour is as if none
     was specified.

So I think that the kdc.conf man page has just not been updated with the
new defaults.

-- 
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek at cs.umd.edu


More information about the Kerberos mailing list