17c478bd9Sstevel@tonic-gate /* 2159d09a2SMark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate 77c478bd9Sstevel@tonic-gate /* 87c478bd9Sstevel@tonic-gate * include/krb5/stock/osconf.h 97c478bd9Sstevel@tonic-gate * 10159d09a2SMark Phalan * Copyright 1990,1991 by the Massachusetts Institute of Technology. 117c478bd9Sstevel@tonic-gate * All Rights Reserved. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 147c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 157c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 167c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 17*55fea89dSDan Cross * 187c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 197c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 207c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 217c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 227c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 237c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 247c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 25159d09a2SMark Phalan * permission. Furthermore if you modify this software you must label 26159d09a2SMark Phalan * your software as modified software and not distribute it in such a 27159d09a2SMark Phalan * fashion that it might be confused with the original M.I.T. software. 28159d09a2SMark Phalan * M.I.T. makes no representations about the suitability of 297c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 307c478bd9Sstevel@tonic-gate * or implied warranty. 31*55fea89dSDan Cross * 327c478bd9Sstevel@tonic-gate * 337c478bd9Sstevel@tonic-gate * Site- and OS- dependant configuration. 347c478bd9Sstevel@tonic-gate */ 357c478bd9Sstevel@tonic-gate 36159d09a2SMark Phalan #ifndef KRB5_OSCONF__ 37159d09a2SMark Phalan #define KRB5_OSCONF__ 387c478bd9Sstevel@tonic-gate 39159d09a2SMark Phalan #if !defined(_WIN32) 40159d09a2SMark Phalan /* Don't try to pull in autoconf.h for Windows, since it's not used */ 417c478bd9Sstevel@tonic-gate #ifndef KRB5_AUTOCONF__ 42159d09a2SMark Phalan #define KRB5_AUTOCONF__ 437c478bd9Sstevel@tonic-gate #include "autoconf.h" 447c478bd9Sstevel@tonic-gate #endif 45159d09a2SMark Phalan #endif 46159d09a2SMark Phalan 47159d09a2SMark Phalan #if defined(__MACH__) && defined(__APPLE__) 48159d09a2SMark Phalan # include <TargetConditionals.h> 49159d09a2SMark Phalan #endif 507c478bd9Sstevel@tonic-gate 51159d09a2SMark Phalan #if defined(_WIN32) 52159d09a2SMark Phalan #define DEFAULT_PROFILE_FILENAME "krb5.ini" 53159d09a2SMark Phalan #define DEFAULT_LNAME_FILENAME "/aname" 54159d09a2SMark Phalan #define DEFAULT_KEYTAB_NAME "FILE:%s\\krb5kt" 55159d09a2SMark Phalan #else /* !_WINDOWS */ 56159d09a2SMark Phalan #if TARGET_OS_MAC 57159d09a2SMark Phalan #define DEFAULT_SECURE_PROFILE_PATH "/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:@SYSCONFDIR/krb5.conf" 58159d09a2SMark Phalan #define DEFAULT_PROFILE_PATH ("~/Library/Preferences/edu.mit.Kerberos" ":" DEFAULT_SECURE_PROFILE_PATH) 59159d09a2SMark Phalan #define KRB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosFrameworkPlugins" 60159d09a2SMark Phalan #define KDB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosDatabasePlugins" 61159d09a2SMark Phalan #else 62159d09a2SMark Phalan /* Solaris Kerberos */ 63159d09a2SMark Phalan #define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5/krb5.conf" 64159d09a2SMark Phalan #define DEFAULT_PROFILE_PATH DEFAULT_SECURE_PROFILE_PATH 65159d09a2SMark Phalan #endif 66159d09a2SMark Phalan /* Solaris Kerberos */ 677c478bd9Sstevel@tonic-gate #define DEFAULT_KEYTAB_NAME "FILE:/etc/krb5/krb5.keytab" 68159d09a2SMark Phalan #endif /* _WINDOWS */ 697c478bd9Sstevel@tonic-gate 7054925bf6Swillf /* Solaris Kerberos: default for where ldap bind passwds stored */ 7154925bf6Swillf #define DEF_SERVICE_PASSWD_FILE "/var/krb5/service_passwd" 7254925bf6Swillf 73159d09a2SMark Phalan /* Solaris Kerberos */ 74159d09a2SMark Phalan #define DEFAULT_KDB_FILE "/var/krb5/principal" 757c478bd9Sstevel@tonic-gate #define DEFAULT_KEYFILE_STUB "/var/krb5/.k5." 76159d09a2SMark Phalan #define KRB5_DEFAULT_ADMIN_ACL "/etc/krb5/krb5_adm.acl" 77159d09a2SMark Phalan 78159d09a2SMark Phalan #define DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/kadm_old.acl" 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate /* Location of KDC profile */ 81159d09a2SMark Phalan /* Solaris Kerberos */ 827c478bd9Sstevel@tonic-gate #define DEFAULT_KDC_PROFILE "/etc/krb5/kdc.conf" 837c478bd9Sstevel@tonic-gate #define KDC_PROFILE_ENV "KRB5_KDC_PROFILE" 847c478bd9Sstevel@tonic-gate 85159d09a2SMark Phalan #if TARGET_OS_MAC 86159d09a2SMark Phalan #define DEFAULT_KDB_LIB_PATH { KDB5_PLUGIN_BUNDLE_DIR, "@MODULEDIR/kdb", NULL } 87159d09a2SMark Phalan #else 88159d09a2SMark Phalan /* Solaris Kerberos */ 8954925bf6Swillf #define DEFAULT_KDB_LIB_PATH { "/usr/lib/krb5", NULL } 90159d09a2SMark Phalan #endif 9154925bf6Swillf 92505d05c7Sgtb /* 93505d05c7Sgtb * SUNW14resync 94505d05c7Sgtb * MIT 1.4 has changed to ENCTYPE_DES3_CBC_SHA1 but we stick with the old one 95505d05c7Sgtb * for backward compat. 96505d05c7Sgtb */ 97505d05c7Sgtb #define DEFAULT_KDC_ENCTYPE ENCTYPE_DES_CBC_CRC 987c478bd9Sstevel@tonic-gate #define KDCRCACHE "dfl:krb5kdc_rcache" 997c478bd9Sstevel@tonic-gate 100159d09a2SMark Phalan #define KDC_PORTNAME "kerberos" /* for /etc/services or equiv. */ 101159d09a2SMark Phalan #define KDC_SECONDARY_PORTNAME "kerberos-sec" /* For backwards */ 1027c478bd9Sstevel@tonic-gate /* compatibility with */ 1037c478bd9Sstevel@tonic-gate /* port 750 clients */ 1047c478bd9Sstevel@tonic-gate 105159d09a2SMark Phalan #define KRB5_DEFAULT_PORT 88 106159d09a2SMark Phalan #define KRB5_DEFAULT_SEC_PORT 750 1077c478bd9Sstevel@tonic-gate 108159d09a2SMark Phalan #define DEFAULT_KPASSWD_PORT 464 109159d09a2SMark Phalan #define KPASSWD_PORTNAME "kpasswd" 1107c478bd9Sstevel@tonic-gate 111159d09a2SMark Phalan #define DEFAULT_KDC_UDP_PORTLIST "88,750" 1127c478bd9Sstevel@tonic-gate /* Solaris Kerberos: enabled TCP by default on port 88 */ 113159d09a2SMark Phalan #define DEFAULT_KDC_TCP_PORTLIST "88" 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate /* Solaris Kerberos: control # of kdc tcp connection */ 1167c478bd9Sstevel@tonic-gate #define DEFAULT_KDC_TCP_CONNECTIONS 30 1177c478bd9Sstevel@tonic-gate #define MIN_KDC_TCP_CONNECTIONS 10 1187c478bd9Sstevel@tonic-gate 1197c478bd9Sstevel@tonic-gate /* 1207c478bd9Sstevel@tonic-gate * Defaults for the KADM5 admin system. 1217c478bd9Sstevel@tonic-gate */ 122159d09a2SMark Phalan /* Solaris Kerberos */ 123159d09a2SMark Phalan #define DEFAULT_KADM5_KEYTAB "/etc/krb5/kadm5.keytab" 124159d09a2SMark Phalan #define DEFAULT_KADM5_ACL_FILE "/etc/krb5/kadm5.acl" 125159d09a2SMark Phalan #define DEFAULT_KADM5_PORT 749 /* assigned by IANA */ 1267c478bd9Sstevel@tonic-gate 127159d09a2SMark Phalan #define MAX_DGRAM_SIZE 4096 128159d09a2SMark Phalan #define MAX_SKDC_TIMEOUT 30 129159d09a2SMark Phalan #define SKDC_TIMEOUT_SHIFT 2 /* left shift of timeout for backoff */ 130159d09a2SMark Phalan #define SKDC_TIMEOUT_1 1 /* seconds for first timeout */ 1317c478bd9Sstevel@tonic-gate 132159d09a2SMark Phalan #define KRB5_ENV_CCNAME "KRB5CCNAME" 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate /* 1357c478bd9Sstevel@tonic-gate * krb5 slave support follows 1367c478bd9Sstevel@tonic-gate */ 1377c478bd9Sstevel@tonic-gate 138159d09a2SMark Phalan /* Solaris Kerberos */ 139159d09a2SMark Phalan #define KPROP_DEFAULT_FILE "/var/krb5/slave_datatrans" 140159d09a2SMark Phalan #define KPROPD_DEFAULT_FILE "/var/krb5/from_master" 141159d09a2SMark Phalan #define KPROPD_DEFAULT_KDB5_UTIL "/usr/sbin/kdb5_util" 142159d09a2SMark Phalan #define KPROPD_DEFAULT_KDB5_EDIT "/usr/sbin/kdb5_edit" 143159d09a2SMark Phalan #define KPROPD_DEFAULT_KRB_DB DEFAULT_KDB_FILE 144159d09a2SMark Phalan #define KPROPD_ACL_FILE "/etc/krb5/kpropd.acl" 1457c478bd9Sstevel@tonic-gate 146159d09a2SMark Phalan #endif /* KRB5_OSCONF__ */ 147