diff options
| author | Jonathan Kamens <jik@mit.edu> | 1994-08-18 18:30:07 +0000 |
|---|---|---|
| committer | Jonathan Kamens <jik@mit.edu> | 1994-08-18 18:30:07 +0000 |
| commit | ee5da7e74fcd9535ac6450eaac25defe6fd520c0 (patch) | |
| tree | 2f8fb22657c2c76945a94f75dc97f67dcea7c77b | |
| parent | a622d7d648c12d2db69170f962ea5b846b401e86 (diff) | |
| download | krb5-ee5da7e74fcd9535ac6450eaac25defe6fd520c0.tar.gz krb5-ee5da7e74fcd9535ac6450eaac25defe6fd520c0.tar.xz krb5-ee5da7e74fcd9535ac6450eaac25defe6fd520c0.zip | |
Minor updates
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4182 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | doc/kadm5/api-server-design.tex | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/doc/kadm5/api-server-design.tex b/doc/kadm5/api-server-design.tex index b330e9ce09..ecc64bac07 100644 --- a/doc/kadm5/api-server-design.tex +++ b/doc/kadm5/api-server-design.tex @@ -1,6 +1,13 @@ -\documentstyle[12pt,fullpage,changebar]{article} +\documentstyle[12pt,fullpage,changebar,rcsid]{article} -% $Id$ +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% Make _ actually generate an _, and allow line-breaking after it. +\let\underscore=\_ +\catcode`_=13 +\def_{\underscore\penalty75\relax} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +\rcs$Id$ \setlength{\parskip}{.7\baselineskip} \setlength{\parindent}{0pt} @@ -9,19 +16,12 @@ \def\v#1{\verb+#1+} \def\k#1{K$_#1$} -\title{OV*Secure Admin Server \\ Implementation Design} +\title{OV*Secure Admin Server \\ Implementation Design\thanks{\rcsId}} \author{Barry Jaspan} -\date{DRAFT --- \today} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% Make _ actually generate an _, and allow line-breaking after it. -\let\underscore=\_ -\catcode`_=13 -\def_{\underscore\penalty75\relax} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{document} +\sloppy \maketitle {\setlength{\parskip}{0pt}\tableofcontents} @@ -39,7 +39,6 @@ wire. The RPC mechanism does, however, allow the server to access the underlying authentication credentials for authorization purposes. The admin server accesses a total of three databases. - \begin{itemize} \item The master Kerberos database is used to store all the information that the Kerberos server understands, thus allowing the @@ -54,12 +53,14 @@ information. The per-principal information stored in the admin principal database consists of the principal's policy name and an array of the principal's previous keys. The old keys are stored encrypted in the -key of the special principal ``kadmin/history'' that is created by -ovsec_kadm_create. Since a change in kadmin/history's key renders +key of the special principal ``ovsec_adm/history'' that is created by +ovsec_adm_create. Since a change in ovsec_adm/history's key renders every principal's key history array useless, it can only be changed -using the ovsec_kadm_edit utility; that program will reencrypt every -principal's key history in the new key. The admin server refuses all -requests to change kdamin/history's key. +using the ovsec_adm_edit utility; that program will reencrypt every +principal's key history in the new key.\footnote{ovsec_adm_edit has +not yet been implemented, and there are currently no plans to +implement it.} The admin server refuses all requests to change +ovsec_adm/history's key. \section{Main} |