Doc "version introduced" for some kdc.conf tags

Also, move [logging] section documentation after [dbmodules]
documentation.

1 files changed, 79 insertions, 76 deletions

diff --git a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst
index 212742c887..54b0e410f0 100644
--- a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst
+++ b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst
@@ -30,9 +30,9 @@ The kdc.conf file may contain the following sections:
 ==================== =================================================
 :ref:`kdcdefaults`   Default values for KDC behavior
 :ref:`kdc_realms`    Realm-specific database configuration and settings
-:ref:`logging`       Controls how Kerberos daemons perform logging
 :ref:`dbdefaults`    Default database settings
 :ref:`dbmodules`     Per-database settings
+:ref:`logging`       Controls how Kerberos daemons perform logging
 ==================== =================================================
 
 
@@ -315,77 +315,6 @@ For each realm, the following tags may be specified:
     possible values, see :ref:`Encryption_and_salt_types`.
 
 
-.. _logging:
-
-[logging]
-~~~~~~~~~
-
-The [logging] section indicates how :ref:`krb5kdc(8)` and
-:ref:`kadmind(8)` perform logging.  The keys in this section are
-daemon names, which may be one of:
-
-**admin_server**
-    Specifies how :ref:`kadmind(8)` performs logging.
-
-**kdc**
-    Specifies how :ref:`krb5kdc(8)` performs logging.
-
-**default**
-    Specifies how either daemon performs logging in the absence of
-    relations specific to the daemon.
-
-Values are of the following forms:
-
-**FILE=**\ *filename* or **FILE:**\ *filename*
-    This value causes the daemon's logging messages to go to the
-    *filename*.  If the ``=`` form is used, the file is overwritten.
-    If the ``:`` form is used, the file is appended to.
-
-**STDERR**
-    This value causes the daemon's logging messages to go to its
-    standard error stream.
-
-**CONSOLE**
-    This value causes the daemon's logging messages to go to the
-    console, if the system supports it.
-
-**DEVICE=**\ *<devicename>*
-    This causes the daemon's logging messages to go to the specified
-    device.
-
-**SYSLOG**\ [\ **:**\ *severity*\ [\ **:**\ *facility*\ ]]
-    This causes the daemon's logging messages to go to the system log.
-
-    The severity argument specifies the default severity of system log
-    messages.  This may be any of the following severities supported
-    by the syslog(3) call, minus the ``LOG_`` prefix: **EMERG**,
-    **ALERT**, **CRIT**, **ERR**, **WARNING**, **NOTICE**, **INFO**,
-    and **DEBUG**.
-
-    The facility argument specifies the facility under which the
-    messages are logged.  This may be any of the following facilities
-    supported by the syslog(3) call minus the LOG\_ prefix: **KERN**,
-    **USER**, **MAIL**, **DAEMON**, **AUTH**, **LPR**, **NEWS**,
-    **UUCP**, **CRON**, and **LOCAL0** through **LOCAL7**.
-
-    If no severity is specified, the default is **ERR**.  If no
-    facility is specified, the default is **AUTH**.
-
-In the following example, the logging messages from the KDC will go to
-the console and to the system log under the facility LOG_DAEMON with
-default severity of LOG_INFO; and the logging messages from the
-administrative server will be appended to the file
-``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``.
-
- ::
-
-    [logging]
-        kdc = CONSOLE
-        kdc = SYSLOG:INFO:DAEMON
-        admin_server = FILE:/var/adm/kadmin.log
-        admin_server = DEVICE=/dev/tty04
-
-
 .. _dbdefaults:
 
 [dbdefaults]
@@ -410,8 +339,9 @@ definitions of these relations.
 ~~~~~~~~~~~
 
 The [dbmodules] section contains parameters used by the KDC database
-library and database modules.  The following tag may be specified
-in the [dbmodules] section:
+library and database modules.
+
+The following tag may be specified in the [dbmodules] section:
 
 **db_module_dir**
     This tag controls where the plugin system looks for modules.  The
@@ -436,13 +366,15 @@ the subsection:
     authentication" field of principal entries requiring
     preauthentication.  Setting this flag may improve performance.
     (Principal entries which do not require preauthentication never
-    update the "Last successful authentication" field.).
+    update the "Last successful authentication" field.).  First
+    introduced in version 1.9.
 
 **disable_lockout**
     If set to ``true``, suppresses KDC updates to the "Last failed
     authentication" and "Failed password attempts" fields of principal
     entries requiring preauthentication.  Setting this flag may
-    improve performance, but also disables account lockout.
+    improve performance, but also disables account lockout.  First
+    introduced in version 1.9.
 
 **ldap_conns_per_server**
     This LDAP-specific tag indicates the number of connections to be
@@ -479,6 +411,77 @@ the subsection:
     be kept secure.
 
 
+.. _logging:
+
+[logging]
+~~~~~~~~~
+
+The [logging] section indicates how :ref:`krb5kdc(8)` and
+:ref:`kadmind(8)` perform logging.  The keys in this section are
+daemon names, which may be one of:
+
+**admin_server**
+    Specifies how :ref:`kadmind(8)` performs logging.
+
+**kdc**
+    Specifies how :ref:`krb5kdc(8)` performs logging.
+
+**default**
+    Specifies how either daemon performs logging in the absence of
+    relations specific to the daemon.
+
+Values are of the following forms:
+
+**FILE=**\ *filename* or **FILE:**\ *filename*
+    This value causes the daemon's logging messages to go to the
+    *filename*.  If the ``=`` form is used, the file is overwritten.
+    If the ``:`` form is used, the file is appended to.
+
+**STDERR**
+    This value causes the daemon's logging messages to go to its
+    standard error stream.
+
+**CONSOLE**
+    This value causes the daemon's logging messages to go to the
+    console, if the system supports it.
+
+**DEVICE=**\ *<devicename>*
+    This causes the daemon's logging messages to go to the specified
+    device.
+
+**SYSLOG**\ [\ **:**\ *severity*\ [\ **:**\ *facility*\ ]]
+    This causes the daemon's logging messages to go to the system log.
+
+    The severity argument specifies the default severity of system log
+    messages.  This may be any of the following severities supported
+    by the syslog(3) call, minus the ``LOG_`` prefix: **EMERG**,
+    **ALERT**, **CRIT**, **ERR**, **WARNING**, **NOTICE**, **INFO**,
+    and **DEBUG**.
+
+    The facility argument specifies the facility under which the
+    messages are logged.  This may be any of the following facilities
+    supported by the syslog(3) call minus the LOG\_ prefix: **KERN**,
+    **USER**, **MAIL**, **DAEMON**, **AUTH**, **LPR**, **NEWS**,
+    **UUCP**, **CRON**, and **LOCAL0** through **LOCAL7**.
+
+    If no severity is specified, the default is **ERR**.  If no
+    facility is specified, the default is **AUTH**.
+
+In the following example, the logging messages from the KDC will go to
+the console and to the system log under the facility LOG_DAEMON with
+default severity of LOG_INFO; and the logging messages from the
+administrative server will be appended to the file
+``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``.
+
+ ::
+
+    [logging]
+        kdc = CONSOLE
+        kdc = SYSLOG:INFO:DAEMON
+        admin_server = FILE:/var/adm/kadmin.log
+        admin_server = DEVICE=/dev/tty04
+
+
 PKINIT options
 --------------