1warn.conf(4)                     File Formats                     warn.conf(4)
2
3
4

NAME

6       warn.conf - Kerberos warning configuration file
7

SYNOPSIS

9       /etc/krb5/warn.conf
10
11

DESCRIPTION

13       The  warn.conf  file  contains configuration information specifying how
14       users will be warned by the ktkt_warnd daemon about ticket  expiration.
15       In  addition,  this  file  can be used to auto-renew the user's Ticket-
16       Granting Ticket (TGT) instead of warning the user.  Credential  expira‐
17       tion  warnings  and auto-renew results are sent, by means of syslog, to
18       auth.notice.
19
20
21       Each Kerberos client host must have a warn.conf file in order for users
22       on  that  host to get Kerberos warnings from the client. Entries in the
23       warn.conf file must have the following format:
24
25         principal [renew[:opt1,...optN]] syslog|terminal time
26
27
28
29       or:
30
31         principal [renew[:opt1,...optN]] mail time [email address]
32
33
34       principal        Specifies the principal name to be warned. The  aster‐
35                        isk  (*)  wildcard  can  be  used to specify groups of
36                        principals.
37
38
39       renew            Automatically renew the credentials (TGT) until renew‐
40                        able  lifetime expires. This is equivalent to the user
41                        running kinit -R.
42
43                        The renew options include:
44
45                        log-success    Log the result of the renew attempt  on
46                                       success   using  the  specified  method
47                                       (syslog|terminal|mail).
48
49
50                        log-failure    Log the result of the renew attempt  on
51                                       failure   using  the  specified  method
52                                       (syslog|terminal|mail).   Some    renew
53                                       failure  conditions  are: TGT renewable
54                                       lifetime  has  expired,  the  KDCs  are
55                                       unavailable, or the cred cache file has
56                                       been removed.
57
58
59                        log            Same as specifing both log-success  and
60                                       log-failure.
61
62
63                        Note -
64
65                          If no log options are given, no logging is done.
66
67
68       syslog           Sends  the  warnings to the system's syslog. Depending
69                        on the /etc/syslog.conf file, syslog entries are writ‐
70                        ten  to the /var/adm/messages file and/or displayed on
71                        the terminal.
72
73
74       terminal         Sends the warnings to display on the terminal.
75
76
77       mail             Sends the warnings as email to the  address  specified
78                        by email_address.
79
80
81       time             Specifies  how much time before the TGT expires when a
82                        warning should be sent. The default time value is sec‐
83                        onds,  but  you  can specify h (hours) and m (minutes)
84                        after the number to specify other time values.
85
86
87       email_address    Specifies the email address at which to send the warn‐
88                        ings.  This field must be specified only with the mail
89                        field.
90
91

EXAMPLES

93       Example 1 Specifying Warnings
94
95
96       The following warn.conf entry
97
98
99         * syslog 5m
100
101
102
103
104       specifies that warnings will be sent to the syslog five minutes  before
105       the  expiration  of the TGT for all principals. The form of the message
106       is:
107
108
109         jdb@ACME.COM: your kerberos credentials expire in 5 minutes
110
111
112
113       Example 2 Specifying Renewal
114
115
116       The following warn.conf entry:
117
118
119         * renew:log terminal 30m
120
121
122
123       ...specifies that renew results will be sent to the user's terminal  30
124       minutes  before  the expiration of the TGT for all principals. The form
125       of the message (on renew success) is:
126
127
128         myname@ACME.COM: your kerberos credentials have been renewed
129
130

FILES

132       /usr/lib/krb5/ktkt_warnd    Kerberos warning daemon
133
134

ATTRIBUTES

136       See attributes(5) for descriptions of the following attributes:
137
138
139
140
141       ┌─────────────────────────────┬─────────────────────────────┐
142       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
143       ├─────────────────────────────┼─────────────────────────────┤
144       │Interface Stability          │Evolving                     │
145       └─────────────────────────────┴─────────────────────────────┘
146

SEE ALSO

148       kinit(1),  kdestroy(1),   ktkt_warnd(1M),   syslog.conf(4),   utmpx(4),
149       attributes(5), kerberos(5), pam_krb5(5)
150

NOTES

152       The  auto-renew  of the TGT is attempted only if the user is logged-in,
153       as determined by examining utmpx(4).
154
155
156
157SunOS 5.11                        30 Mar 2005                     warn.conf(4)
Impressum