From 2f7e6de6c489a49f7a7be473e5752ef49472bbcc Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Thu, 28 Aug 2014 19:11:42 -0400 Subject: Fixed problems with CLI authentication parameters. Previously specifying a security database password in the CLI would require a certificate nickname to be specified as well. While this is correct for client certificate authentication, it caused a problem for operations that do not authenticate against the server such as client-init. The CLI has been modified to require a security database password only if the nickname is specified for client certificate authentication. Similar changes have been made to require user password only if the username is specified for basic authentication. The CLI also has been modified to store all specified parameters in the config object regardless of parameter validation. The manual page has been modified accordingly. Ticket #1125 --- base/java-tools/man/man1/pki.1 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'base/java-tools/man') diff --git a/base/java-tools/man/man1/pki.1 b/base/java-tools/man/man1/pki.1 index b5a35f1f6..4e77bd6eb 100644 --- a/base/java-tools/man/man1/pki.1 +++ b/base/java-tools/man/man1/pki.1 @@ -28,10 +28,10 @@ These services include certificates, groups, keys, security domains, and users. .SH CLI OPTIONS .TP .B -c -Specifies the client security database password (mutually exclusive to the '-C' option; requires the '-n' client authentication option). +Specifies the client security database password (mutually exclusive to the '-C' option). .TP .B -C -Specifies the file which contains the client security database password (mutually exclusive to the '-c' option; requires the '-n' client authentication option). +Specifies the file which contains the client security database password (mutually exclusive to the '-c' option). .TP .B -d Specifies the client security database location (default: \fI~/.dogtag/nssdb\fP). @@ -49,7 +49,7 @@ Comma-separated list of ignored certificate validity statuses. Message format: xml (default), json. .TP .B -n -Specifies the nickname of the client certificate (signifies client authentication which is mutually exclusive to the '-u' basic authentication option). +Specifies the nickname for client certificate authentication (mutually exclusive to the '-u' option). This authentication requires a security database password. .TP .B --output Folder to store HTTP messages. @@ -68,7 +68,7 @@ PKI subsystem type - [CA, KRA, OCSP, TKS, or TPS] (non-case-sensitive). Specifies the server URI. .TP .B -u -Specifies the username (signifies basic authentication which is mutually exclusive to the '-n' client authentication option). +Specifies the username for basic authentication (mutually exclusive to the '-n' option). This authentication requires a user password. .TP .B -v Displays verbose information. @@ -77,10 +77,10 @@ Displays verbose information. Displays CLI version information. .TP .B -w -Specifies the user password (mutually exclusive to the '-W' option; requires the '-u' basic authentication option). +Specifies the user password (mutually exclusive to the '-W' option). .TP .B -W -Specifies the file which contains the user password (mutually exclusive to the '-w' option; requires the '-u' basic authentication option). +Specifies the file which contains the user password (mutually exclusive to the '-w' option). .SH OPERATIONS To view available commands and options, simply type \fBpki\fP. Some commands have sub-commands. -- cgit