| # -*- text -*- |
| # |
| # $Id: d17b8b8fb8b442869e4aff143d345168875c55c8 $ |
| |
| # |
| # Kerberos. See doc/rlm_krb5 for minimal docs. |
| # |
| krb5 { |
| keytab = /path/to/keytab |
| service_principal = name_of_principle |
| |
| # Pool of krb5 contexts, this allows us to make the module multithreaded |
| # and to avoid expensive operations like resolving and opening keytabs |
| # on every request. It may also allow TCP connections to the KDC to be |
| # cached if that is supported by the version of libkrb5 used. |
| # |
| # The context pool is only used if the underlying libkrb5 reported |
| # that it was thread safe at compile time. |
| pool { |
| # Number of contexts to create |
| start = 10 |
| |
| # Minimum number of contexts to keep available |
| min = 4 |
| |
| # Maximum number of contexts |
| # |
| # If these contexts are all in use and a new one |
| # is requested, the request will NOT get a connection. |
| max = 10 |
| |
| # Spare contexts to be left idle |
| # |
| # NOTE: Idle contexts WILL be closed if "idle_timeout" |
| # is set. |
| spare = 3 |
| |
| # Number of uses before the context is freed |
| # 0 means "infinite" |
| uses = 0 |
| |
| # The lifetime (in seconds) of the context |
| lifetime = 0 |
| |
| # idle timeout (in seconds). A context which is |
| # unused for this length of time will be freed. |
| idle_timeout = 60 |
| |
| # NOTE: All configuration settings are enforced. If a |
| # context is closed because of "idle_timeout", |
| # "uses", or "lifetime", then the total number of |
| # contexts MAY fall below "min". When that |
| # happens, it will create a new context. It will |
| # also log a WARNING message. |
| # |
| # The solution is to either lower the "min" contexts, |
| # or increase lifetime/idle_timeout. |
| } |
| } |