1 # System configuration file for Shishi @VERSION@
2 # Copyright 2002, 2003 Simon Josefsson
4 # This file is free software; as a special exception the author gives
5 # unlimited permission to copy and/or distribute it, with or without
6 # modifications, as long as this notice is preserved.
8 # This file is distributed in the hope that it will be useful, but
9 # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
10 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
12 # Unless you you specify which system configuration file to use (with the
13 # commandline option "--system-configuration-file filename"), Shishi uses the
14 # file @sysconfdir@/shishi.conf by default.
16 # An option file can contain all long options which are
17 # available in Shishi. If the first non white space character of
18 # a line is a '#', this line is ignored. Empty lines are also
21 # See the manual for a list of options.
23 # Read MIT or Heimdal configuration file for the following parameters:
29 # You can override these values by specifying alternate values below.
30 # Not implemented yet.
31 #read-krb5conf=/etc/krb5.conf
33 # Specify the default realm, by default the hostname of the host is used.
34 #default-realm JOSEFSSON.ORG
36 # Specify the default principal, by default the login username is used.
37 #default-principal jas
39 # Specify which encryption types client asks server to respond in
40 # during AS/TGS exchanges. List valid encryption types, in preference
41 # order. Supported algorithms include aes256-cts-hmac-sha1-96,
42 # aes128-cts-hmac-sha1-96, des3-cbc-sha1-kd, des-cbc-md5, des-cbc-md4,
43 # des-cbc-crc and null. This option also indicates which encryption
44 # types are accepted by the client when receiving the response. Note
45 # that the preference order is not cryptographically protected, so a
46 # man in the middle can modify the order without being detected.
47 # Thus, only specify encryption types you trust completely here. The
48 # default only includes aes256-cts-hmac-sha1-96, as suggested by
50 #client-kdc-etypes=aes256-cts-hmac-sha1-96 des3-cbc-sha1-kd des-cbc-md5
52 # Enable verbose library messages.
58 # Specify KDC addresses for realms.
59 # Value is REALM,KDCADDRESS[,KDCADDRESS...]
60 # KDCADDRESS is the hostname or IP address of KDC.
61 # If not specified, Shishi tries to locate the KDC using SRV RRs.
62 #realm-kdc=JOSEFSSON.ORG,ristretto.josefsson.org
64 # Specify realm for servers.
65 # Value is REALM,SERVERREGEXP[,SERVERREGEXP...]
66 # SERVERREGEXP is a regular expression matching servers in the realm.
67 # The first match is used.
68 #server-realm=JOSEFSSON.ORG,.josefsson.org
70 # How long shishi waits for a response from a KDC before continuing
71 # to next KDC for realm. The default is 5 seconds.
74 # How many times shishi sends a request to a KDC before giving up.
75 # The default is 3 times.
78 # How username and passwords entered from the terminal, or taken
79 # from the command line, are processed.
80 # "none": no processing is used.
81 # "stringprep": convert from locale charset to UTF-8 and process using
82 # experimental RFC 1510 stringprep profile.
83 # It can also be a string indicating a character set supported by
84 # iconv() via libstringprep, in which case data is converted from
85 # locale charset into the indicated character set. E.g., UTF-8,
86 # ISO-8859-1, KOI-8, EBCDIC-IS-FRISS are supported on GNU systems.
87 # On some systems you can use "locale -m" to list available character
88 # sets. By default, the "none" setting is used which is consistent
89 # with RFC 1510 that is silent on the issue. In practice, however,
90 # converting to UTF-8 improves interoperability.
93 # System configuration file ends here