svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
warn.conf(5)
warn.conf(5) File Formats warn.conf(5)
NAME
warn.conf - Kerberos warning configuration file
SYNOPSIS
/etc/krb5/warn.conf
/var/user/$USER/krb-warn.conf
DESCRIPTION
The ktkt_warnd(8) configuration files contain configuration information
specifying how users will be warned by the ktkt_warnd daemon about
ticket expiration. In addition, these files can be used to auto-renew
the user's Ticket-Granting Ticket (TGT) instead of warning the user.
Credential expiration warnings and auto-renew results are sent, by
means of syslog, to auth.notice.
If the user's configuration file, /var/user/$USER/krb-warn.conf, does
not exist, /etc/krb5/warn.conf will be used.
If each user does not have a configuration file, each Kerberos client
host must have an /etc/krb5/warn.conf file in order for users on that
host to get Kerberos warnings from the client. Entries in the configu‐
ration files must have the following format:
principal|* [renew:opt1,...optN] syslog|terminal time
or:
principal|* [renew[:opt1,...optN]] mail time &|email address
principal
Specifies the principal name to be warned. The asterisk (*) wild‐
card can be used to specify groups of principals.
renew
Automatically renew the credentials (TGT) until renewable lifetime
expires. This is equivalent to the user running kinit -R.
The renew options include:
log-success
Log the result of the renew attempt on success using the speci‐
fied method (syslog|terminal|mail).
log-failure
Log the result of the renew attempt on failure using the speci‐
fied method (syslog|terminal|mail). Some renew failure condi‐
tions are: TGT renewable lifetime has expired, the KDCs are
unavailable, or the cred cache file has been removed.
log
Same as specifying both log-success and log-failure.
Note -
If no log options are given, no logging is done.
syslog
Sends the warnings to the system's syslog. Depending on the
/etc/syslog.conf file, syslog entries are written to the
/var/adm/messages file and/or displayed on the terminal.
terminal
Sends the warnings to display on the terminal.
mail
Sends the warnings as email to the address specified by
email_address.
time
Specifies how much time before the TGT expires when a warning
should be sent. The default time value is seconds, but you can
specify h (hours) and m (minutes) after the number to specify other
time values.
&
Map the principal name to the UNIX name and use that as a local
mail address to mail the message. The expected default mappings can
be changed by means of auth_to_local_names and auth_to_local in
krb5.conf.
email_address
Specifies the email address at which to send the warnings. This
field must be specified only with the mail field.
EXAMPLES
Example 1 Specifying Warnings
The following warn.conf entry
* syslog 5m
specifies that warnings will be sent to the syslog five minutes before
the expiration of the TGT for all principals. The form of the message
is:
jdb@EXAMPLE.COM: your kerberos credentials expire in 5 minutes
Example 2 Specifying Renewal
The following warn.conf entry specifies that renew results will be sent
to the user's terminal 30 minutes before the expiration of the TGT for
all principals:
* renew:log terminal 30m
The form of the message (on renew success) is:
myname@EXAMPLE.COM: your kerberos credentials have been renewed
Example 3 Emailing Each User
The following warn.conf entry specifies that users are emailed 30 min‐
utes before their credential expires.
* mail 30m &
FILES
/usr/lib/krb5/ktkt_warnd
Kerberos warning daemon
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Interface StabilityCommitted
SEE ALSO
kdestroy(1), kinit(1), syslog.conf(5), utmpx(5), attributes(7),
pam_krb5(7), gsscred(8), ktkt_warnd(8)
NOTES
The auto-renew of the TGT is attempted only if the user is logged-in,
as determined by examining utmpx(5).
Oracle Solaris 11.4 1 Jul 2021 warn.conf(5)