0x1998 - MANAGER

Edit File: shishi.conf

# System configuration file for Shishi 1.0.2
# Copyright 2002-2013 Simon Josefsson
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
#
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Unless you you specify which system configuration file to use (with the
# commandline option "--system-configuration-file filename"), Shishi uses the
# file /etc/shishi.conf by default.
#
# An option file can contain all long options which are
# available in Shishi. If the first non white space character of
# a line is a '#', this line is ignored.  Empty lines are also
# ignored.
#
# See the manual for a list of options.

# Read MIT or Heimdal configuration file for the following parameters:
#   default-realm
#   realm-kdc
#   server-realm
#   kdc-timeout
#   kdc-retries
# You can override these values by specifying alternate values below.
# Not implemented yet.
#read-krb5conf=/etc/krb5.conf

# Specify the default realm, by default the hostname of the host is used.
#default-realm JOSEFSSON.ORG

# Specify the default principal, by default the login username is used.
#default-principal jas

# Specify which encryption types client asks server to respond in
# during AS/TGS exchanges. List valid encryption types, in preference
# order.  Supported algorithms include aes256-cts-hmac-sha1-96,
# aes128-cts-hmac-sha1-96, des3-cbc-sha1-kd, des-cbc-md5, des-cbc-md4,
# des-cbc-crc and null.  This option also indicates which encryption
# types are accepted by the client when receiving the response.  Note
# that the preference order is not cryptographically protected, so a
# man in the middle can modify the order without being detected.
# Thus, only specify encryption types you trust completely here. The
# default only includes aes256-cts-hmac-sha1-96, as suggested by
# RFC1510bis.
#client-kdc-etypes=aes256-cts-hmac-sha1-96 des3-cbc-sha1-kd des-cbc-md5

# Enable verbose library messages.
#verbose
#verbose-asn1
#verbose-noise
#verbose-crypto
#verbose-crypto-noise

# Specify KDC addresses for realms.
# Value is REALM,KDCADDRESS[/TRANSPORT][,KDCADDRESS[/TRANSPORT]...]
# KDCADDRESS is the hostname or IP address of KDC.
# Optional TRANSPORT is "udp" for UDP, "tcp" for TCP, and "tls" for TLS
# connections.  By default UDP is tried first, and TCP used as a
# fallback if the KRB_ERR_RESPONSE_TOO_BIG error is received.  If not
# specified, Shishi tries to locate the KDC using SRV RRs, which is
# recommended.  This option should normally only be used during
# experiments, to access badly maintained realms, or to make sure
# you are not vulnerable to DNS redirection attacks.
#realm-kdc=JOSEFSSON.ORG,ristretto.josefsson.org

# Specify realm for servers.
# Value is REALM,SERVERREGEXP[,SERVERREGEXP...]
# SERVERREGEXP is a pattern used to establish membership in the
# given realm.  The pattern is either the exact name of a server,
# or a trailing domain part expected in a qualified server name,
# whenever the pattern commences with a period.  The first match
# found will be used in library calls.
#server-realm=JOSEFSSON.ORG,.josefsson.org

# How long shishi waits for a response from a KDC before continuing
# to next KDC for realm.  The default is 5 seconds.
#kdc-timeout=5

# How many times shishi sends a request to a KDC before giving up.
# The default is 3 times.
#kdc-retries=3

# How username and passwords entered from the terminal, or taken
# from the command line, are processed.
# "none": no processing is used.
# "stringprep": convert from locale charset to UTF-8 and process using
#               experimental RFC 1510 stringprep profile.
# It can also be a string indicating a character set supported by
# iconv() via libstringprep, in which case data is converted from
# locale charset into the indicated character set. E.g., UTF-8,
# ISO-8859-1, KOI-8, EBCDIC-IS-FRISS are supported on GNU systems.
# On some systems you can use "locale -m" to list available character
# sets.  By default, the "none" setting is used which is consistent
# with RFC 1510 that is silent on the issue.  In practice, however,
# converting to UTF-8 improves interoperability.
stringprocess=UTF-8

# Specify default ticket life time.
# The string can be in almost any common format.  It can contain month
# names, time zones, `am' and `pm', `yesterday', `ago', `next', etc.
# Refer to the "Date input formats" in the GNU CoreUtils package for
# entire story.  As an extra feature, if the resulting string you
# specify has expired within the last 24 hours, an extra day is added
# to it.  This allows you to specify "17:00" to always mean the next
# 17:00, even if your system clock happens to be 17:30.
# The default is 8 hours.
# Examples:
#ticket-life=8 hours
#ticket-life=1 day
#ticket-life=17:00

# Specify how long a renewable ticket should remain renewable.
# See ticket-life for the syntax.  The extra feature that handles
# negative values within the last 2 hours is not active here.
# The default is 7 days.
# Examples:
#renew-life=1 week
#renew-life=friday 17:00
#renew-life=sunday

# Setup libgcrypt to use quicker entropy generation.  If you want to
# use /dev/random instead of /dev/urandom, uncomment this.
quick-random

# System configuration file ends here