usr/src/lib/gss_mechs/mech_krb5/include/osconf.h

   1 /*
   2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5
   6
   7 /*
   8  * include/krb5/stock/osconf.h
   9  *
  10  * Copyright 1990,1991 by the Massachusetts Institute of Technology.
  11  * All Rights Reserved.
  12  *
  13  * Export of this software from the United States of America may
  14  *   require a specific license from the United States Government.
  15  *   It is the responsibility of any person or organization contemplating
  16  *   export to obtain such a license before exporting.
  17  *
  18  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  19  * distribute this software and its documentation for any purpose and
  20  * without fee is hereby granted, provided that the above copyright
  21  * notice appear in all copies and that both that copyright notice and
  22  * this permission notice appear in supporting documentation, and that
  23  * the name of M.I.T. not be used in advertising or publicity pertaining
  24  * to distribution of the software without specific, written prior
  25  * permission.  Furthermore if you modify this software you must label
  26  * your software as modified software and not distribute it in such a
  27  * fashion that it might be confused with the original M.I.T. software.
  28  * M.I.T. makes no representations about the suitability of
  29  * this software for any purpose.  It is provided "as is" without express
  30  * or implied warranty.
  31  *
  32  *
  33  * Site- and OS- dependant configuration.
  34  */
  35
  36 #ifndef KRB5_OSCONF__
  37 #define KRB5_OSCONF__
  38
  39 #if !defined(_WIN32)
  40     /* Don't try to pull in autoconf.h for Windows, since it's not used */
  41 #ifndef KRB5_AUTOCONF__
  42 #define KRB5_AUTOCONF__
  43 #include "autoconf.h"
  44 #endif
  45 #endif
  46
  47 #if defined(__MACH__) && defined(__APPLE__)
  48 # include <TargetConditionals.h>
  49 #endif
  50
  51 #if defined(_WIN32)
  52 #define DEFAULT_PROFILE_FILENAME "krb5.ini"
  53 #define DEFAULT_LNAME_FILENAME  "/aname"
  54 #define DEFAULT_KEYTAB_NAME     "FILE:%s\\krb5kt"
  55 #else /* !_WINDOWS */
  56 #if TARGET_OS_MAC
  57 #define DEFAULT_SECURE_PROFILE_PATH "/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:@SYSCONFDIR/krb5.conf"
  58 #define DEFAULT_PROFILE_PATH        ("~/Library/Preferences/edu.mit.Kerberos" ":" DEFAULT_SECURE_PROFILE_PATH)
  59 #define KRB5_PLUGIN_BUNDLE_DIR       "/System/Library/KerberosPlugins/KerberosFrameworkPlugins"
  60 #define KDB5_PLUGIN_BUNDLE_DIR       "/System/Library/KerberosPlugins/KerberosDatabasePlugins"
  61 #else
  62 /* Solaris Kerberos */
  63 #define DEFAULT_SECURE_PROFILE_PATH     "/etc/krb5/krb5.conf"
  64 #define DEFAULT_PROFILE_PATH        DEFAULT_SECURE_PROFILE_PATH
  65 #endif
  66 /* Solaris Kerberos */
  67 #define DEFAULT_KEYTAB_NAME     "FILE:/etc/krb5/krb5.keytab"
  68 #endif /* _WINDOWS  */
  69
  70 /* Solaris Kerberos: default for where ldap bind passwds stored */
  71 #define DEF_SERVICE_PASSWD_FILE "/var/krb5/service_passwd"
  72
  73 /* Solaris Kerberos */
  74 #define DEFAULT_KDB_FILE    "/var/krb5/principal"
  75 #define DEFAULT_KEYFILE_STUB    "/var/krb5/.k5."
  76 #define KRB5_DEFAULT_ADMIN_ACL  "/etc/krb5/krb5_adm.acl"
  77
  78 #define DEFAULT_ADMIN_ACL       "@LOCALSTATEDIR/krb5kdc/kadm_old.acl"
  79
  80 /* Location of KDC profile */
  81 /* Solaris Kerberos */
  82 #define DEFAULT_KDC_PROFILE     "/etc/krb5/kdc.conf"
  83 #define KDC_PROFILE_ENV         "KRB5_KDC_PROFILE"
  84
  85 #if TARGET_OS_MAC
  86 #define DEFAULT_KDB_LIB_PATH    { KDB5_PLUGIN_BUNDLE_DIR, "@MODULEDIR/kdb", NULL }
  87 #else
  88 /* Solaris Kerberos */
  89 #define DEFAULT_KDB_LIB_PATH    { "/usr/lib/krb5", NULL }
  90 #endif
  91
  92 /*
  93  * SUNW14resync
  94  * MIT 1.4 has changed to ENCTYPE_DES3_CBC_SHA1 but we stick with the old one
  95  * for backward compat.
  96  */
  97 #define DEFAULT_KDC_ENCTYPE     ENCTYPE_DES_CBC_CRC
  98 #define KDCRCACHE               "dfl:krb5kdc_rcache"
  99
 100 #define KDC_PORTNAME            "kerberos" /* for /etc/services or equiv. */
 101 #define KDC_SECONDARY_PORTNAME  "kerberos-sec" /* For backwards */
 102                                             /* compatibility with */
 103                                             /* port 750 clients */
 104
 105 #define KRB5_DEFAULT_PORT       88
 106 #define KRB5_DEFAULT_SEC_PORT   750
 107
 108 #define DEFAULT_KPASSWD_PORT    464
 109 #define KPASSWD_PORTNAME "kpasswd"
 110
 111 #define DEFAULT_KDC_UDP_PORTLIST "88,750"
 112 /* Solaris Kerberos: enabled TCP by default on port 88 */
 113 #define DEFAULT_KDC_TCP_PORTLIST        "88"
 114
 115 /* Solaris Kerberos: control # of kdc tcp connection */
 116 #define DEFAULT_KDC_TCP_CONNECTIONS     30
 117 #define MIN_KDC_TCP_CONNECTIONS 10
 118
 119 /*
 120  * Defaults for the KADM5 admin system.
 121  */
 122 /* Solaris Kerberos */
 123 #define DEFAULT_KADM5_KEYTAB    "/etc/krb5/kadm5.keytab"
 124 #define DEFAULT_KADM5_ACL_FILE  "/etc/krb5/kadm5.acl"
 125 #define DEFAULT_KADM5_PORT      749 /* assigned by IANA */
 126
 127 #define MAX_DGRAM_SIZE  4096
 128 #define MAX_SKDC_TIMEOUT 30
 129 #define SKDC_TIMEOUT_SHIFT 2            /* left shift of timeout for backoff */
 130 #define SKDC_TIMEOUT_1 1                /* seconds for first timeout */
 131
 132 #define KRB5_ENV_CCNAME "KRB5CCNAME"
 133
 134 /*
 135  * krb5 slave support follows
 136  */
 137
 138 /* Solaris Kerberos */
 139 #define KPROP_DEFAULT_FILE "/var/krb5/slave_datatrans"
 140 #define KPROPD_DEFAULT_FILE "/var/krb5/from_master"
 141 #define KPROPD_DEFAULT_KDB5_UTIL "/usr/sbin/kdb5_util"
 142 #define KPROPD_DEFAULT_KDB5_EDIT "/usr/sbin/kdb5_edit"
 143 #define KPROPD_DEFAULT_KRB_DB DEFAULT_KDB_FILE
 144 #define KPROPD_ACL_FILE "/etc/krb5/kpropd.acl"
 145
 146 #endif /* KRB5_OSCONF__ */