From 74aa0bc6779af38018a03fd2cf4419fe85917904 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 07:31:45 +0200 Subject: Adding upstream version 2.9.4. Signed-off-by: Daniel Baumann --- src/man/lv/include/krb5_options.xml | 153 ++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 src/man/lv/include/krb5_options.xml (limited to 'src/man/lv/include/krb5_options.xml') diff --git a/src/man/lv/include/krb5_options.xml b/src/man/lv/include/krb5_options.xml new file mode 100644 index 0000000..135f710 --- /dev/null +++ b/src/man/lv/include/krb5_options.xml @@ -0,0 +1,153 @@ + + + krb5_auth_timeout (integer) + + + Timeout in seconds after an online authentication request or change password +request is aborted. If possible, the authentication request is continued +offline. + + + Noklusējuma: 6 + + + + + + krb5_validate (boolean) + + + Verify with the help of krb5_keytab that the TGT obtained has not been +spoofed. The keytab is checked for entries sequentially, and the first entry +with a matching realm is used for validation. If no entry matches the realm, +the last entry in the keytab is used. This process can be used to validate +environments using cross-realm trust by placing the appropriate keytab entry +as the last entry or the only entry in the keytab file. + + + Default: false (IPA and AD provider: true) + + + Please note that the ticket validation is the first step when checking the +PAC (see 'pac_check' in the +sssd.conf 5 + manual page for details). If ticket validation is disabled +the PAC checks will be skipped as well. + + + + + + krb5_renewable_lifetime (string) + + + Request a renewable ticket with a total lifetime, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + Default: not set, i.e. the TGT is not renewable + + + + + + krb5_lifetime (string) + + + Request ticket with a lifetime, given as an integer immediately followed by +a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given s is assumed. + + + NOTE: It is not possible to mix units. To set the lifetime to one and a +half hours please use '90m' instead of '1h30m'. + + + Default: not set, i.e. the default ticket lifetime configured on the KDC. + + + + + + krb5_renew_interval (string) + + + The time in seconds between two checks if the TGT should be renewed. TGTs +are renewed if about half of their lifetime is exceeded, given as an integer +immediately followed by a time unit: + + + s for seconds + + + m for minutes + + + h for hours + + + d for days. + + + If there is no unit given, s is assumed. + + + NOTE: It is not possible to mix units. To set the renewable lifetime to one +and a half hours, use '90m' instead of '1h30m'. + + + If this option is not set or is 0 the automatic renewal is disabled. + + + Default: not set + + + + + + krb5_canonicalize (boolean) + + + Specifies if the host and user principal should be canonicalized. This +feature is available with MIT Kerberos 1.7 and later versions. + + + + Default: false + + + + -- cgit v1.2.3