JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
man pages section 4: File Formats     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

Introduction

File Formats

addresses(4)

admin(4)

alias(4)

aliases(4)

a.out(4)

au(4)

audit_class(4)

audit_event(4)

audit.log(4)

auth_attr(4)

autofs(4)

bart_manifest(4)

bart_rules(4)

bootparams(4)

cardbus(4)

cdtoc(4)

clustertoc(4)

compver(4)

contents(4)

contract(4)

copyright(4)

core(4)

crypt.conf(4)

crypto_certs(4)

dacf.conf(4)

dat.conf(4)

defaultdomain(4)

default_fs(4)

defaultrouter(4)

depend(4)

device_allocate(4)

device_contract(4)

device_maps(4)

devices(4)

devid_cache(4)

devname_cache(4)

dfstab(4)

dhcp_inittab(4)

dhcp_network(4)

dhcpsvc.conf(4)

dhcptab(4)

dialups(4)

dir(4)

dir_ufs(4)

d_passwd(4)

driver.conf(4)

ds.log(4)

dumpdates(4)

ethers(4)

exec_attr(4)

fbtab(4)

fd(4)

fdi(4)

flash_archive(4)

format.dat(4)

forward(4)

fs(4)

fspec(4)

fstypes(4)

ftp(4)

ftpaccess(4)

ftpconversions(4)

ftpgroups(4)

ftphosts(4)

ftpservers(4)

ftpusers(4)

fx_dptbl(4)

gateways(4)

geniconvtbl(4)

group(4)

gsscred.conf(4)

hba.conf(4)

holidays(4)

hosts(4)

hosts.equiv(4)

ib(4)

idnkit.pc(4)

ike.config(4)

ike.preshared(4)

inetd.conf(4)

inet_type(4)

infiniband_hca_persistent_cache(4)

init.d(4)

inittab(4)

ipaddrsel.conf(4)

ipf(4)

ipf.conf(4)

ipnat(4)

ipnat.conf(4)

ipnodes(4)

ippool(4)

ippool.conf(4)

isa(4)

issue(4)

kadm5.acl(4)

kdc.conf(4)

keytables(4)

krb5.conf(4)

label_encodings(4)

ldapfilter.conf(4)

ldapsearchprefs.conf(4)

ldaptemplates.conf(4)

llc2(4)

logadm.conf(4)

logindevperm(4)

loginlog(4)

lutab(4)

magic(4)

md.cf(4)

mddb.cf(4)

mdi_ib_cache(4)

mdi_scsi_vhci_cache(4)

md.tab(4)

mech(4)

meddb(4)

mnttab(4)

mod_ipp(4)

mpapi.conf(4)

named.conf(4)

ncad_addr(4)

nca.if(4)

ncakmod.conf(4)

ncalogd.conf(4)

ncaport.conf(4)

ndmp(4)

ndpd.conf(4)

netconfig(4)

netgroup(4)

netid(4)

netmasks(4)

netrc(4)

networks(4)

nfs(4)

nfslog.conf(4)

nfssec.conf(4)

NISLDAPmapping(4)

nodename(4)

nologin(4)

note(4)

notrouter(4)

nscd.conf(4)

nsmbrc(4)

nss(4)

nsswitch.conf(4)

order(4)

packagetoc(4)

packingrules(4)

pam.conf(4)

passwd(4)

path_to_inst(4)

pci(4)

pcie(4)

pci_unitaddr_persistent(4)

phones(4)

pkginfo(4)

pkgmap(4)

platform(4)

plot(4B)

policy.conf(4)

power.conf(4)

printers(4)

printers.conf(4)

priv_names(4)

proc(4)

process(4)

prof_attr(4)

profile(4)

project(4)

protocols(4)

prototype(4)

pseudo(4)

publickey(4)

qop(4)

queuedefs(4)

rcmscript(4)

rdc.cf(4)

registration_profile(4)

remote(4)

resolv.conf(4)

rhosts(4)

rmtab(4)

rndc.conf(4)

rpc(4)

rt_dptbl(4)

sasl_appname.conf(4)

sbus(4)

sccsfile(4)

scsi(4)

securenets(4)

sel_config(4)

sendmail(4)

sendmail.cf(4)

service_bundle(4)

service_provider.conf(4)

services(4)

shadow(4)

sharetab(4)

shells(4)

slp.conf(4)

slpd.reg(4)

smb(4)

smbautohome(4)

smhba.conf(4)

snapshot_cache(4)

sndr(4)

sock2path.d(4)

space(4)

ssh_config(4)

sshd_config(4)

submit.cf(4)

sulog(4)

synclist(4)

sysbus(4)

sysidcfg(4)

syslog.conf(4)

system(4)

telnetrc(4)

term(4)

terminfo(4)

TIMEZONE(4)

timezone(4)

tnf_kernel_probes(4)

TrustedExtensionsPolicy(4)

ts_dptbl(4)

ttydefs(4)

ttysrch(4)

ufsdump(4)

updaters(4)

user_attr(4)

utmp(4)

utmpx(4)

vfstab(4)

volume-config(4)

volume-defaults(4)

volume-request(4)

wanboot.conf(4)

warn.conf(4)

wtmp(4)

wtmpx(4)

xferlog(4)

ypfiles(4)

yppasswdd(4)

ypserv(4)

zoneinfo(4)

warn.conf

- Kerberos warning configuration file

Synopsis

/etc/krb5/warn.conf 

Description

The warn.conf file contains configuration information specifying how users will be warned by the ktkt_warnd daemon about ticket expiration. In addition, this file can be used to auto-renew the user's Ticket-Granting Ticket (TGT) instead of warning the user. Credential expiration warnings and auto-renew results are sent, by means of syslog, to auth.notice.

Each Kerberos client host must have a warn.conf file in order for users on that host to get Kerberos warnings from the client. Entries in the warn.conf file must have the following format:

principal [renew[:opt1,...optN]] syslog|terminal time

or:

principal [renew[:opt1,...optN]] mail time [email address]
principal

Specifies the principal name to be warned. The asterisk (*) wildcard can be used to specify groups of principals.

renew

Automatically renew the credentials (TGT) until renewable lifetime expires. This is equivalent to the user running kinit -R.

The renew options include:

log-success

Log the result of the renew attempt on success using the specified method (syslog|terminal|mail).

log-failure

Log the result of the renew attempt on failure using the specified method (syslog|terminal|mail). Some renew failure conditions are: TGT renewable lifetime has expired, the KDCs are unavailable, or the cred cache file has been removed.

log

Same as specifing both log-success and log-failure.


Note - If no log options are given, no logging is done.


syslog

Sends the warnings to the system's syslog. Depending on the /etc/syslog.conf file, syslog entries are written to the /var/adm/messages file and/or displayed on the terminal.

terminal

Sends the warnings to display on the terminal.

mail

Sends the warnings as email to the address specified by email_address.

time

Specifies how much time before the TGT expires when a warning should be sent. The default time value is seconds, but you can specify h (hours) and m (minutes) after the number to specify other time values.

email_address

Specifies the email address at which to send the warnings. This field must be specified only with the mail field.

Examples

Example 1 Specifying Warnings

The following warn.conf entry

* syslog 5m 

specifies that warnings will be sent to the syslog five minutes before the expiration of the TGT for all principals. The form of the message is:

jdb@ACME.COM: your kerberos credentials expire in 5 minutes

Example 2 Specifying Renewal

The following warn.conf entry:

* renew:log terminal 30m

...specifies that renew results will be sent to the user's terminal 30 minutes before the expiration of the TGT for all principals. The form of the message (on renew success) is:

myname@ACME.COM: your kerberos credentials have been renewed

Files

/usr/lib/krb5/ktkt_warnd

Kerberos warning daemon

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Interface Stability
Committed

See Also

kinit(1), kdestroy(1), ktkt_warnd(1M), syslog.conf(4), utmpx(4), attributes(5), kerberos(5), pam_krb5(5)

Notes

The auto-renew of the TGT is attempted only if the user is logged-in, as determined by examining utmpx(4).