#
# This patch modifies the path for the KDC specific files which are stored by
# default on Solaris /var/krb5.
#
# Note: It is not intended that these changes are to be contributed to MIT as
# MIT will be modifying the way the KDC path is handled here in a future
# update.
# Patch source: in-house
#
@@ -38,7 +38,7 @@ For operations that affect principals, the ACL file also controls
which principals can operate on which other principals.
.sp
The default location of the Kerberos ACL file is
-\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP unless this is overridden by the \fIacl_file\fP
+\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/kadm5.acl\fP unless this is overridden by the \fIacl_file\fP
variable in \fIkdc.conf(5)\fP\&.
.SH SYNTAX
.sp
@@ -67,7 +67,7 @@ settings.
kadmind\(aqs ACL (access control list) tells it which principals are
allowed to perform administration actions. The pathname to the
ACL file can be specified with the \fBacl_file\fP \fIkdc.conf(5)\fP
-variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&.
+variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/kadm5.acl\fP\&.
.UNINDENT
.sp
After the server begins running, it puts itself in the background and
@@ -325,7 +325,7 @@ to the LDAP server. Options:
.TP
.B \fB\-f\fP \fIfilename\fP
Specifies the complete path of the service password file. By
-default, \fB/usr/local/var/service_passwd\fP is used.
+default, \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/service_passwd\fP is used.
.TP
.B \fIname\fP
Specifies the name of the object whose password is to be stored.
single configuration profile.
.sp
Normally, the kdc.conf file is found in the KDC state directory,
-\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\&. You can override the default location by setting the
+\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\&. You can override the default location by setting the
environment variable \fBKRB5_KDC_PROFILE\fP\&.
.sp
Please note that you need to restart the KDC daemon for any configuration
@@ -139,7 +139,7 @@ The following tags may be specified in a [realms] subsection:
(String.) Location of the access control list file that
\fIkadmind(8)\fP uses to determine which principals are allowed
which permissions on the Kerberos database. The default value is
-\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. For more information on Kerberos ACL
+\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/kadm5.acl\fP\&. For more information on Kerberos ACL
file see \fIkadm5.acl(5)\fP\&.
.TP
.B \fBdatabase_module\fP
@@ -153,7 +153,7 @@ values will be used for all database parameters.
(String, deprecated.) This relation specifies the location of the
Kerberos database for this realm, if the DB2 module is being used
and the \fI\%[dbmodules]\fP configuration section does not specify a
-database name. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP\&.
+database name. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/principal\fP\&.
.TP
.B \fBdefault_principal_expiration\fP
(\fIabstime\fP string.) Specifies the default expiration date of
@@ -300,7 +300,7 @@ is 749, which is used by default.
.TP
.B \fBkey_stash_file\fP
(String.) Specifies the location where the master key has been
-stored (via kdb5_util stash). The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/.k5.REALM\fP, where \fIREALM\fP is the Kerberos realm.
+stored (via kdb5_util stash). The default is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/.k5.REALM\fP, where \fIREALM\fP is the Kerberos realm.
.TP
.B \fBkdc_max_tcp_connections\fP
This relation controls the maximum number of TCP connections the
@@ -454,7 +454,7 @@ The following tags may be specified in a [dbmodules] subsection:
.TP
.B \fBdatabase_name\fP
This DB2\-specific tag indicates the location of the database in
-the filesystem. The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP\&.
+the filesystem. The default is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/principal\fP\&.
.TP
.B \fBdb_library\fP
This tag indicates the name of the loadable database module. The
@@ -662,8 +662,8 @@ In the following example, the logging messages from the KDC will go to
the console and to the system log under the facility LOG_DAEMON with
default severity of LOG_INFO; and the logging messages from the
administrative server will be appended to the file
-\fB/var/adm/kadmin.log\fP and sent to the device \fB/dev/tty04\fP\&.
-\fB/var/adm/kadmin.log\fP is rotated between twenty-one log files with a
+\fB/var/krb5/kadmin.log\fP and sent to the device \fB/dev/tty04\fP\&.
+\fB/var/krb5/kadmin.log\fP is rotated between twenty-one log files with a
specified time interval of a day.
.INDENT 0.0
.INDENT 3.5
@@ -673,7 +673,7 @@ specified time interval of a day.
[logging]
kdc = CONSOLE
kdc = SYSLOG:INFO:DAEMON
- admin_server = FILE:/var/adm/kadmin.log
+ admin_server = FILE:/var/krb5/kadmin.log
admin_server = DEVICE=/dev/tty04
admin_server_rotate = {
period = 1d
@@ -696,10 +696,10 @@ For each token type, the following tags may be specified:
This is the server to send the RADIUS request to. It can be a
hostname with optional port, an ip address with optional port, or
a Unix domain socket address. The default is
-\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/<name>.socket\fP\&.
+\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/<name>.socket\fP\&.
.TP
.B \fBsecret\fP
-This tag indicates a filename (which may be relative to \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP)
+This tag indicates a filename (which may be relative to \fB@LOCALSTATEDIR@\fP\fB/krb5\fP)
containing the secret used to encrypt the RADIUS packets. The
secret should appear in the first line of the file by itself;
leading and trailing whitespace on the line will be removed. If
@@ -1119,8 +1119,8 @@ Here\(aqs an example of a kdc.conf file:
}
[logging]
- kdc = FILE:/usr/local/var/krb5kdc/kdc.log
- admin_server = FILE:/usr/local/var/krb5kdc/kadmin.log
+ kdc = FILE:/var/krb5/kdc.log
+ admin_server = FILE:/var/krb5/kadmin.log
[dbdefaults]
ldap_kerberos_container_dn = cn=krbcontainer,dc=mit,dc=edu
@@ -1145,7 +1145,7 @@ Here\(aqs an example of a kdc.conf file:
.UNINDENT
.SH FILES
.sp
-\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kdc.conf\fP
+\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/kdc.conf\fP
.SH SEE ALSO
.sp
\fIkrb5.conf(5)\fP, \fIkrb5kdc(8)\fP, \fIkadm5.acl(5)\fP
@@ -54,7 +54,7 @@ Specifies the realm of the master server.
.B \fB\-f\fP \fIfile\fP
Specifies the filename where the dumped principal database file is
to be found; by default the dumped database file is normally
-\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/slave_datatrans\fP\&.
+\fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/slave_datatrans\fP\&.
.TP
.B \fB\-P\fP \fIport\fP
Specifies the port to use to contact the \fIkpropd(8)\fP server
@@ -106,7 +106,7 @@ default, the master admin server is contacted.
.TP
.B \fB\-f\fP \fIfile\fP
Specifies the filename where the dumped principal database file is
-to be stored; by default the dumped database file is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/from_master\fP\&.
+to be stored; by default the dumped database file is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/from_master\fP\&.
.TP
.B \fB\-p\fP
Allows the user to specify the pathname to the \fIkdb5_util(8)\fP
@@ -130,7 +130,7 @@ is only useful in combination with the \fB\-S\fP option.
.TP
.B \fB\-a\fP \fIacl_file\fP
Allows the user to specify the path to the kpropd.acl file; by
-default the path used is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kpropd.acl\fP\&.
+default the path used is \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/kpropd.acl\fP\&.
.UNINDENT
.SH ENVIRONMENT
.sp