version 1.2, 1999/09/26 22:30:06 |
version 1.3, 1999/09/29 18:16:21 |
|
|
The following keywords are possible. |
The following keywords are possible. |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Cm AFSTokenPassing |
.It Cm AFSTokenPassing |
Specifies whether to accept AFS tokens passed from the client. Default |
Specifies whether an AFS token may be forwarded to the server. Default is |
is |
|
.Dq yes . |
.Dq yes . |
|
.Pp |
.It Cm AllowHosts |
.It Cm AllowHosts |
This keyword can be followed by any number of host name patterns, |
This keyword can be followed by any number of host name patterns, |
separated by spaces. If specified, login is allowed only from hosts |
separated by spaces. If specified, login is allowed only from hosts |
|
|
Specifies whether Kerberos authentication is allowed. This can |
Specifies whether Kerberos authentication is allowed. This can |
be in the form of a Kerberos ticket, or if PasswordAuthentication |
be in the form of a Kerberos ticket, or if PasswordAuthentication |
is yes, the password provided by the user will be validated through |
is yes, the password provided by the user will be validated through |
the Kerberos KDC / AFS kaserver / DCE Security Server. Default is yes. |
the Kerberos KDC. Default is |
|
.Dq yes . |
.It Cm KerberosOrLocalPasswd |
.It Cm KerberosOrLocalPasswd |
If set then if password authentication through Kerberos fails then |
If set then if password authentication through Kerberos fails then |
the password will be validated via any additional local mechanism |
the password will be validated via any additional local mechanism |
|
|
.Dq no . |
.Dq no . |
.It Cm KerberosTgtPassing |
.It Cm KerberosTgtPassing |
Specifies whether a Kerberos TGT may be forwarded to the server. |
Specifies whether a Kerberos TGT may be forwarded to the server. |
Default is no, TGT forwarding does only work with the AFS kaserver. |
Default is |
|
.Dq no , |
|
as this only works when the Kerberos KDC is actually an AFS kaserver. |
.It Cm KerberosTicketCleanup |
.It Cm KerberosTicketCleanup |
Specifies whether to automatically destroy the user's |
Specifies whether to automatically destroy the user's |
ticket cache file on logout. Default is yes. |
ticket cache file on logout. Default is |
|
.Dq yes . |
.It Cm KeyRegenerationInterval |
.It Cm KeyRegenerationInterval |
The server key is automatically regenerated after this many seconds |
The server key is automatically regenerated after this many seconds |
(if it has been used). The purpose of regeneration is to prevent |
(if it has been used). The purpose of regeneration is to prevent |