Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / 2b93d6a7a2f956629cf4225457d023afff8d780d / . / src / test / setup / radius-config / freeradius / mods-available / krb5
blob: eaadd9f984249a7212659e0313bcf130abb7eb43 [file] [log] [blame]
Chetan Gaonker7f4bf742016-05-04 15:56:08 -0700[diff] [blame]1# -*- text -*-
2#
3# $Id: d17b8b8fb8b442869e4aff143d345168875c55c8 $
4
5#
6# Kerberos. See doc/rlm_krb5 for minimal docs.
7#
8krb5 {
9 keytab = /path/to/keytab
10 service_principal = name_of_principle
11
12 # Pool of krb5 contexts, this allows us to make the module multithreaded
13 # and to avoid expensive operations like resolving and opening keytabs
14 # on every request. It may also allow TCP connections to the KDC to be
15 # cached if that is supported by the version of libkrb5 used.
16 #
17 # The context pool is only used if the underlying libkrb5 reported
18 # that it was thread safe at compile time.
19 pool {
20 # Number of contexts to create
21 start = 10
22
23 # Minimum number of contexts to keep available
24 min = 4
25
26 # Maximum number of contexts
27 #
28 # If these contexts are all in use and a new one
29 # is requested, the request will NOT get a connection.
30 max = 10
31
32 # Spare contexts to be left idle
33 #
34 # NOTE: Idle contexts WILL be closed if "idle_timeout"
35 # is set.
36 spare = 3
37
38 # Number of uses before the context is freed
39 # 0 means "infinite"
40 uses = 0
41
42 # The lifetime (in seconds) of the context
43 lifetime = 0
44
45 # idle timeout (in seconds). A context which is
46 # unused for this length of time will be freed.
47 idle_timeout = 60
48
49 # NOTE: All configuration settings are enforced. If a
50 # context is closed because of "idle_timeout",
51 # "uses", or "lifetime", then the total number of
52 # contexts MAY fall below "min". When that
53 # happens, it will create a new context. It will
54 # also log a WARNING message.
55 #
56 # The solution is to either lower the "min" contexts,
57 # or increase lifetime/idle_timeout.
58 }
59}