/etc/shishi/shishi.conf is in shishi-common 1.0.2-5.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 | # System configuration file for Shishi 1.0.2
# Copyright 2002-2013 Simon Josefsson
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
#
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Unless you you specify which system configuration file to use (with the
# commandline option "--system-configuration-file filename"), Shishi uses the
# file /etc/shishi.conf by default.
#
# An option file can contain all long options which are
# available in Shishi. If the first non white space character of
# a line is a '#', this line is ignored. Empty lines are also
# ignored.
#
# See the manual for a list of options.
# Read MIT or Heimdal configuration file for the following parameters:
# default-realm
# realm-kdc
# server-realm
# kdc-timeout
# kdc-retries
# You can override these values by specifying alternate values below.
# Not implemented yet.
#read-krb5conf=/etc/krb5.conf
# Specify the default realm, by default the hostname of the host is used.
#default-realm JOSEFSSON.ORG
# Specify the default principal, by default the login username is used.
#default-principal jas
# Specify which encryption types client asks server to respond in
# during AS/TGS exchanges. List valid encryption types, in preference
# order. Supported algorithms include aes256-cts-hmac-sha1-96,
# aes128-cts-hmac-sha1-96, des3-cbc-sha1-kd, des-cbc-md5, des-cbc-md4,
# des-cbc-crc and null. This option also indicates which encryption
# types are accepted by the client when receiving the response. Note
# that the preference order is not cryptographically protected, so a
# man in the middle can modify the order without being detected.
# Thus, only specify encryption types you trust completely here. The
# default only includes aes256-cts-hmac-sha1-96, as suggested by
# RFC1510bis.
#client-kdc-etypes=aes256-cts-hmac-sha1-96 des3-cbc-sha1-kd des-cbc-md5
# Enable verbose library messages.
#verbose
#verbose-asn1
#verbose-noise
#verbose-crypto
#verbose-crypto-noise
# Specify KDC addresses for realms.
# Value is REALM,KDCADDRESS[/TRANSPORT][,KDCADDRESS[/TRANSPORT]...]
# KDCADDRESS is the hostname or IP address of KDC.
# Optional TRANSPORT is "udp" for UDP, "tcp" for TCP, and "tls" for TLS
# connections. By default UDP is tried first, and TCP used as a
# fallback if the KRB_ERR_RESPONSE_TOO_BIG error is received. If not
# specified, Shishi tries to locate the KDC using SRV RRs, which is
# recommended. This option should normally only be used during
# experiments, to access badly maintained realms, or to make sure
# you are not vulnerable to DNS redirection attacks.
#realm-kdc=JOSEFSSON.ORG,ristretto.josefsson.org
# Specify realm for servers.
# Value is REALM,SERVERREGEXP[,SERVERREGEXP...]
# SERVERREGEXP is a pattern used to establish membership in the
# given realm. The pattern is either the exact name of a server,
# or a trailing domain part expected in a qualified server name,
# whenever the pattern commences with a period. The first match
# found will be used in library calls.
#server-realm=JOSEFSSON.ORG,.josefsson.org
# How long shishi waits for a response from a KDC before continuing
# to next KDC for realm. The default is 5 seconds.
#kdc-timeout=5
# How many times shishi sends a request to a KDC before giving up.
# The default is 3 times.
#kdc-retries=3
# How username and passwords entered from the terminal, or taken
# from the command line, are processed.
# "none": no processing is used.
# "stringprep": convert from locale charset to UTF-8 and process using
# experimental RFC 1510 stringprep profile.
# It can also be a string indicating a character set supported by
# iconv() via libstringprep, in which case data is converted from
# locale charset into the indicated character set. E.g., UTF-8,
# ISO-8859-1, KOI-8, EBCDIC-IS-FRISS are supported on GNU systems.
# On some systems you can use "locale -m" to list available character
# sets. By default, the "none" setting is used which is consistent
# with RFC 1510 that is silent on the issue. In practice, however,
# converting to UTF-8 improves interoperability.
stringprocess=UTF-8
# Specify default ticket life time.
# The string can be in almost any common format. It can contain month
# names, time zones, `am' and `pm', `yesterday', `ago', `next', etc.
# Refer to the "Date input formats" in the GNU CoreUtils package for
# entire story. As an extra feature, if the resulting string you
# specify has expired within the last 24 hours, an extra day is added
# to it. This allows you to specify "17:00" to always mean the next
# 17:00, even if your system clock happens to be 17:30.
# The default is 8 hours.
# Examples:
#ticket-life=8 hours
#ticket-life=1 day
#ticket-life=17:00
# Specify how long a renewable ticket should remain renewable.
# See ticket-life for the syntax. The extra feature that handles
# negative values within the last 2 hours is not active here.
# The default is 7 days.
# Examples:
#renew-life=1 week
#renew-life=friday 17:00
#renew-life=sunday
# Setup libgcrypt to use quicker entropy generation. If you want to
# use /dev/random instead of /dev/urandom, uncomment this.
quick-random
# System configuration file ends here
|