Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # -*- text -*- |
| 2 | # |
| 3 | # $Id: d17b8b8fb8b442869e4aff143d345168875c55c8 $ |
| 4 | |
| 5 | # |
| 6 | # Kerberos. See doc/rlm_krb5 for minimal docs. |
| 7 | # |
| 8 | krb5 { |
| 9 | keytab = /path/to/keytab |
| 10 | service_principal = name_of_principle |
| 11 | |
| 12 | # Pool of krb5 contexts, this allows us to make the module multithreaded |
| 13 | # and to avoid expensive operations like resolving and opening keytabs |
| 14 | # on every request. It may also allow TCP connections to the KDC to be |
| 15 | # cached if that is supported by the version of libkrb5 used. |
| 16 | # |
| 17 | # The context pool is only used if the underlying libkrb5 reported |
| 18 | # that it was thread safe at compile time. |
| 19 | pool { |
| 20 | # Number of contexts to create |
| 21 | start = 10 |
| 22 | |
| 23 | # Minimum number of contexts to keep available |
| 24 | min = 4 |
| 25 | |
| 26 | # Maximum number of contexts |
| 27 | # |
| 28 | # If these contexts are all in use and a new one |
| 29 | # is requested, the request will NOT get a connection. |
| 30 | max = 10 |
| 31 | |
| 32 | # Spare contexts to be left idle |
| 33 | # |
| 34 | # NOTE: Idle contexts WILL be closed if "idle_timeout" |
| 35 | # is set. |
| 36 | spare = 3 |
| 37 | |
| 38 | # Number of uses before the context is freed |
| 39 | # 0 means "infinite" |
| 40 | uses = 0 |
| 41 | |
| 42 | # The lifetime (in seconds) of the context |
| 43 | lifetime = 0 |
| 44 | |
| 45 | # idle timeout (in seconds). A context which is |
| 46 | # unused for this length of time will be freed. |
| 47 | idle_timeout = 60 |
| 48 | |
| 49 | # NOTE: All configuration settings are enforced. If a |
| 50 | # context is closed because of "idle_timeout", |
| 51 | # "uses", or "lifetime", then the total number of |
| 52 | # contexts MAY fall below "min". When that |
| 53 | # happens, it will create a new context. It will |
| 54 | # also log a WARNING message. |
| 55 | # |
| 56 | # The solution is to either lower the "min" contexts, |
| 57 | # or increase lifetime/idle_timeout. |
| 58 | } |
| 59 | } |