summaryrefslogtreecommitdiffstats
path: root/doc/rst_source
Commit message (Collapse)AuthorAgeFilesLines
* Massive reST content renameBen Kaduk2012-10-1594-13753/+0
| | | | | | | | | | | All of rst_source/ is now just in doc/. The krb_ prefix is stripped from the document sub-directories. rst_tools are now just tools. The section headers of kadmind, krb5kdc, and sserver match as conflict markers. bigredbutton: whitespace ticket: 7409
* Whitespace cleanupBen Kaduk2012-10-154-5/+5
| | | | Prior to a mass rename of the RST sources and utilities.
* Make rules for building NOTICE from RSTBen Kaduk2012-10-151-0/+88
| | | | | | | | | | | | | | | | | | | | Sphinx-build wants to scan over all the sources in the source dir, and its text output engine does not handle the spanning row cells used in some of our fancy tables, so it will crash if we attempt to generate text output from our full suite of documents. We could work around this by attempting to just compile the one source file as an additional argument to sphinx-build, but this seems to insist on producing an index.txt as well as a notice.txt. Furthermore, we cannot use the same conf.py as in rst_composite because the paths substitutions are not available with just the minimal contents of rst_notice. Make a copy and remove the irrelevant parts, for now, changing only the master_doc field as appropriate. For the HTML build, we use the standard |copy| macro from isonum.txt to get the unicode copyright symbol glyph, but for ASCII output we prefer to just use the literal "(C)". ticket: 7407
* Add notice.rstBen Kaduk2012-10-152-2/+1125
| | | | | | | | | | To replace the texinfo sources previously used to generate NOTICE. When compiled to HTML, compares well against the original NOTICE; use notice.rst in mitK5license.rst instead of using a literal include of the old NOTICE file. ticket: 7407
* Add a -C flag to klist to also show config entriesNalin Dahyabhai2012-10-151-0/+6
|
* Add responder support to preauth_otpNathaniel McCallum2012-10-151-0/+3
|
* Improve the ktadd and ktremove synopsesBen Kaduk2012-10-111-3/+4
| | | | | | | Mention the options on the synopsis line, and do not imply that the principal argument(s) for ktadd are optional. reST line blocks are needed to keep the two forms of ktadd on separate lines.
* Fix ordered list styleBen Kaduk2012-10-111-0/+22
| | | | | | | Sphynx outputs class information that corresponds to its generated basic.css, which we do not include. This results in all lists, even nested lists, using arabic numerals. Import the class properties into kerb.css for now.
* Fix copy/paste errors in dbadminBen Kaduk2012-10-111-4/+4
| | | | | | We should include the stashsrvpw content in that section, not the list content. Likewise, the list_policy content instead of the destroy_policy content.
* Update kdb5_util example outputBen Kaduk2012-10-111-2/+4
| | | | | | This text has not caught up with changes to the utility itself. As a side effect, our output text box is narrower and does not have to scroll on as many browser windows.
* Wordsmith kdb5_util stash -fBen Kaduk2012-10-111-1/+2
| | | | | | | The keyfile worth overriding is the one in kdc.conf. Though using stash -f would override kdb5_util's -sf argument, there is no reason to pass both flags to the same invocation. In any case, the "at startup" language is not really correct.
* Remove pronoun referent ambiguityBen Kaduk2012-10-111-2/+2
| | | | The policy must be unused, not the delete_policy command.
* Move cross-realm info to the cross-realm sectionBen Kaduk2012-10-111-16/+10
| | | | | | | | It's really not appropriate for the "examples" subsection of "Adding, modifying and deleting principals". While here, update the enctype recommendation for cross-realm principals to something that does not include weak crypto.
* Normalize format of kadmin option descriptionsBen Kaduk2012-10-101-27/+28
| | | | | Start with a capital letter and end with a full stop, making the description a sentence (or at least close to one).
* Correct kadm5.acl synopsisBen Kaduk2012-10-101-1/+1
| | | | | | The target principal and restrictions arguments are not orthogonal; a target principal argument must be given in order for a restriction list to be supplied.
* Make the kadm5.acl example saneBen Kaduk2012-10-101-9/+10
| | | | | | | | | It is an eggregious security violation to give all admin principals admin rights and then give all null instances permission to change the password of the associated admin instance. While here, don't assume that admin and root are the only non-null instances, and correct the formatting of an entry with restrictions.
* kadm5.acl line order is importantBen Kaduk2012-10-101-2/+2
| | | | Make it a special note in the documentation to help it stand out.
* Wordsmith in kadm5_acl.rstBen Kaduk2012-10-101-2/+2
| | | | Grammar fixup and avoid jargon.
* Wordsmith SRV records for KDCsBen Kaduk2012-10-101-5/+6
| | | | | Tweak the wording a bit to be more clear and avoid using multiple words deriving from the stem "use" in close succession.
* Document TXT records for realm lookupBen Kaduk2012-10-101-1/+22
| | | | | | | | | Even though they are subject to vulnerabilities via DNS spoofing and we accordingly don't recommend their use, we do have the code to use them. Just as we document dns_lookup_realm in krb5.conf(5), document them here. ticket: 7407
* Add section on updating from single-DESBen Kaduk2012-10-093-1/+132
| | | | | | | | | | | | | There are, unfortunately, still some single-DES deployments out there. Try to help them along by documenting a procedure for migrating to stronger crypto. The texinfo install guide had a section on "upgrading", but it was not really suitable for direct import into a RST document. For one, it gave a high profile to the on-disk incompatibilities in upgrades to 1.1 and 1.2. It also was driven at upgrading *to* triple-des (or RC4), which are something of a dead-end. This new text attempts to be more general and applicable to today's environment.
* Add a kdb5_util examples for old KDC upgradesBen Kaduk2012-10-091-0/+20
| | | | | | | | | | | | It's a slightly less-contrived use case of the utility than the other example, which reads more like a usage statement. Give a motivating sentence before each example, and note that this new example is not needed in the general upgrade case. The need to dump/load for upgrades prior to 1.2 was documented in the texinfo install guide, but not in any RST sources until now. ticket: 7407
* Document DejaGnu dependency and manual testsBen Kaduk2012-10-081-0/+11
| | | | | | | | | The Texinfo install guide had a separate subsection about the DejaGnu tests which did not get converted to the RST source. In the testing section, also link to the wiki page on manual testing. ticket: 7407
* Add -R option to kproplog to force full resyncsNicolas Williams2012-10-052-0/+9
| | | | ticket: 7375
* Deprecate kpropd -S optionNicolas Williams2012-10-051-5/+5
| | | | ticket: 7376
* Correct docs re: kpropd usage w/ ipropNicolas Williams2012-10-052-7/+8
| | | | ticket: 7379
* Add -p, -F, -K options to kadmindNicolas Williams2012-10-051-0/+15
| | | | | | | | | | | | New options: -p path-to-kdb5_util -K path-to-kprop -F dump-file These are needed for testing without first having to install. ticket: 7372
* Improve kpropd behavior in iprop modeNicolas Williams2012-10-052-0/+7
| | | | | | | | | | | | | | | | | | | | | | - Make kpropd in iprop mode fork a child to listen for kprops from the master. The child writes progress and outcome reports to the parent for each kprop. This fixes a race between asking for a full resync and setting up a listener socket for it. - Add runonce (-t) for kpropd do_standalone() too. - Add a new iprop parameter: iprop_resync_timeout. kpropd will keep asking for incremental updates while waiting for a full resync to finish, and will re-request a full resync if kadmind continues to indicate that one is needed after this timeout passes since the previous full resync was requested. - Allow polling intervals less than 10 seconds. [ghudson@mit.edu: split out debug output changes; note polling interval change in commit message] ticket: 7373
* Add new api to Sphinx doc; doc introduced versionZhanna Tsitkov2012-09-111-0/+4
|
* Introduce gss_export_cred and gss_import_credGreg Hudson2012-09-111-0/+48
| | | | | | | | Add gss_export_cred and gss_import_cred mechglue functions to serialize and unserialize GSSAPI credential handles. Mechanism implementations and tests will follow. ticket: 7354 (new)
* Doc newly introduced padata types for OTP supportZhanna Tsitkov2012-08-231-0/+4
| | | | | Remove KRB5_PADATA_OTP_CONFIRM pre-authentication data (padata) type as it is marked as OBSOLETE in RFC 6560.
* Document preference order of enctypes in krb5.confZhanna Tsitkov2012-08-221-3/+5
|
* Updated Supported Versions documentZhanna Tsitkov2012-08-211-2/+2
|
* Cross-reference documents in mitK5defaults.rstZhanna Tsitkov2012-08-151-21/+21
|
* Edit rcache_def.rst for spelling and grammarGreg Hudson2012-08-151-10/+10
|
* New Replay Cache rst documentationZhanna Tsitkov2012-08-152-3/+101
|
* Rename Kerberos Concepts section in Sphinx docZhanna Tsitkov2012-08-091-2/+2
|
* Minor Sphinx html style modificationZhanna Tsitkov2012-08-071-1/+1
|
* Fix HTML rendering of long-form optionsBenjamin Kaduk2012-08-062-69/+69
| | | | | | | | | | | | | | | | | | | We at present only have long-form options for configure, the scope of the change is somewhat limited. Our SmartyPants config for Sphinx causes these options to appear as prefixed with an en dash, instead of the two hyphens that demarcate the (GNU-style) long-form options. Using a different type of markup for command options could work around this, but that would be a much larger patch. Instead, apply a workaround in the markup for display purposes, which makes the source a bit more ugly but the output correct. Man page output is unaffected. This patch was automatically generated with: git grep -- -- doc/rst_source | grep -v -- --- | cut -d ':' -f 1 | uniq | xargs sed -i '' -e 's/\*\*--\([a-zA-Z]\)/**-**\\ **-\1/g' and manually reviewed for correctness. ticket: 7187
* Remove dash from man page rst sourceBen Kaduk2012-08-061-1/+1
| | | | | | | | This page gets rendered for the web with Sphinx but is also turned into the krb5_conf.5 manual page. We need to use three-hyphen em dashes for the Sphynx config, but those are a bit long for monospace terminal output. Since the dash here can easily be changed to a comma, do so, and avoid the conflict of formatting.
* Use '---' for em dashes in rst sourceBen Kaduk2012-08-063-4/+4
| | | | | | | | | Our sphinx configuration uses SmartyPants, which produces smart quotes and dashes in HTML output, using '--' for en dash and '---' for em dash. (This is also the LaTeX convention.) These points in the text are meant to be em dashes, so format them as such. Also standardize on no spaces around the dash per Chicago Manual of Style (and others).
* Doc "version introduced" for some kdc.conf tagsZhanna Tsitkov2012-08-061-76/+79
| | | | | Also, move [logging] section documentation after [dbmodules] documentation.
* Clarify example in kadm5.acl documentZhanna Tsitkov2012-08-061-4/+4
|
* Add "feedback" button to the header in Sphinx HTMLZhanna Tsitkov2012-08-031-1/+2
|
* Remove "Synopsis" from .k5login .k5identity docsZhanna Tsitkov2012-08-032-10/+0
|
* Produce man page for kadm5.aclZhanna Tsitkov2012-08-031-0/+1
|
* Cross-reference to kadm5.acl in documentationZhanna Tsitkov2012-08-035-269/+13
|
* New documention for kadm5.aclZhanna Tsitkov2012-08-032-3/+139
|
* Fix malformed Parameter Expansion table in docsZhanna Tsitkov2012-08-021-2/+1
|
* Minor correction of [realms] text of kdc.confZhanna Tsitkov2012-08-021-6/+5
|
generated by cgit (git 2.34.1) at 2025-10-06 01:38:33 +0000