Sample Realm Configuration File
{
----------------------
Example "Purdue" realm
----------------------
}
REALM
NAME Purdue { human-friendly realm name }
ID 1 { numeric realm ID }
SADMIN 0 { PUID of realm super-administrator }
ETYPE ldes { long-DES encryption used for passwords }
ACL
{
-----------------------------------
Realm sub-administrators are created
by listing them in ACL entries. The
ACL entry permission letters mean:
'r', read
'w', write
'j', join and unjoin
'm', modify user's ACLs
'a', shorthand for all permissions
-----------------------------------
}
ACL_ENTRY
00000123 { joe }
a { permission mask }
0 { puid of creator - arbitrary }
2.4.2000.00.00.00 { time stamp, acl entry creation }
ACL_ENTRY
00000124 { mary }
rw { read/write permission mask }
10254533 { puid of creator }
12.14.2000.00.00.00 {time stamp, acl entry creation }
ACL_END
{
------------------------------------------------------------
What to do about bad authentication attempts and how to slow
down dictionary attacks.
1) BADAUTH_MAX: after ten consecutive bad authentication
attempts, take BADAUTH_ACTION.
2) BADAUTH_ACTION: log apparent dictionary attack attemtps
3) AUTH_THROTTLE: Add a 1/2 second delay after each
authentication attempt from a specific netd connection.
This has the effect of throttling dictionary attacks to
no more than 2 attempts per second per netd connection.
N.B.: the attacker can connect to an arbitrary number
of netds, so the cumulative rate could be much higher.
------------------------------------------------------------
}
AUTH_THROTTLE 500 { 0.5 sec delay on auth. attempts }
BADAUTH_MAX 10 { 10 bad attempts triggers freeze }
BADAUTH_ACTION freeze
{
------------------------------------------------------------
realms whose authentication credentials we trust
------------------------------------------------------------
}
TRUSTED
boiler
TRUSTED_END
REALM_END
