Unix/Linux Go Back    

OpenSolaris 2009.06 - man page for warn.conf (opensolaris section 4)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

warn.conf(4)				   File Formats 			     warn.conf(4)

       warn.conf - Kerberos warning configuration file


       The  warn.conf file contains configuration information specifying how users will be warned
       by the ktkt_warnd daemon about ticket expiration. In addition, this file can  be  used  to
       auto-renew the user's Ticket-Granting Ticket (TGT) instead of warning the user. Credential
       expiration warnings and auto-renew results are sent, by means of syslog, to auth.notice.

       Each Kerberos client host must have a warn.conf file in order for users on  that  host  to
       get Kerberos warnings from the client. Entries in the warn.conf file must have the follow-
       ing format:

	 principal [renew[:opt1,...optN]] syslog|terminal time


	 principal [renew[:opt1,...optN]] mail time [email address]

       principal	Specifies the principal name to be warned. The asterisk (*) wildcard  can
			be used to specify groups of principals.

       renew		Automatically  renew  the  credentials	(TGT)  until  renewable  lifetime
			expires. This is equivalent to the user running kinit -R.

			The renew options include:

			log-success    Log the result of the renew attempt on success  using  the
				       specified method (syslog|terminal|mail).

			log-failure    Log  the  result of the renew attempt on failure using the
				       specified method (syslog|terminal|mail). Some renew  fail-
				       ure  conditions	are:  TGT renewable lifetime has expired,
				       the KDCs are unavailable, or the cred cache file has  been

			log	       Same as specifing both log-success and log-failure.

			Note -

			  If no log options are given, no logging is done.

       syslog		Sends  the  warnings  to  the system's syslog. Depending on the /etc/sys-
			log.conf file, syslog entries are written to the  /var/adm/messages  file
			and/or displayed on the terminal.

       terminal 	Sends the warnings to display on the terminal.

       mail		Sends the warnings as email to the address specified by email_address.

       time		Specifies  how	much time before the TGT expires when a warning should be
			sent. The default time value is seconds, but you can  specify  h  (hours)
			and m (minutes) after the number to specify other time values.

       email_address	Specifies  the	email  address	at which to send the warnings. This field
			must be specified only with the mail field.

       Example 1 Specifying Warnings

       The following warn.conf entry

	 * syslog 5m

       specifies that warnings will be sent to the syslog five minutes before the  expiration  of
       the TGT for all principals. The form of the message is:

	 jdb@ACME.COM: your kerberos credentials expire in 5 minutes

       Example 2 Specifying Renewal

       The following warn.conf entry:

	 * renew:log terminal 30m

       ...specifies  that renew results will be sent to the user's terminal 30 minutes before the
       expiration of the TGT for all principals. The form of the message (on renew success) is:

	 myname@ACME.COM: your kerberos credentials have been renewed

       /usr/lib/krb5/ktkt_warnd    Kerberos warning daemon

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Interface Stability	     |Evolving			   |

       kinit(1),  kdestroy(1),	ktkt_warnd(1M),  syslog.conf(4),  utmpx(4),  attributes(5),  ker-
       beros(5), pam_krb5(5)

       The  auto-renew	of  the  TGT is attempted only if the user is logged-in, as determined by
       examining utmpx(4).

SunOS 5.11				   30 Mar 2005				     warn.conf(4)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 12:32 AM.