| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Remove KRB5_PADATA_OTP_CONFIRM pre-authentication data (padata) type
as it is marked as OBSOLETE in RFC 6560.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We at present only have long-form options for configure, the scope
of the change is somewhat limited. Our SmartyPants config for Sphinx
causes these options to appear as prefixed with an en dash, instead
of the two hyphens that demarcate the (GNU-style) long-form options.
Using a different type of markup for command options could work around
this, but that would be a much larger patch.
Instead, apply a workaround in the markup for display purposes, which
makes the source a bit more ugly but the output correct.
Man page output is unaffected.
This patch was automatically generated with:
git grep -- -- doc/rst_source | grep -v -- --- | cut -d ':' -f 1
| uniq | xargs sed -i '' -e 's/\*\*--\([a-zA-Z]\)/**-**\\ **-\1/g'
and manually reviewed for correctness.
ticket: 7187
|
|
|
|
|
|
|
|
| |
This page gets rendered for the web with Sphinx but is also turned
into the krb5_conf.5 manual page. We need to use three-hyphen
em dashes for the Sphynx config, but those are a bit long for
monospace terminal output. Since the dash here can easily be
changed to a comma, do so, and avoid the conflict of formatting.
|
|
|
|
|
|
|
|
|
| |
Our sphinx configuration uses SmartyPants, which produces smart
quotes and dashes in HTML output, using '--' for en dash and
'---' for em dash. (This is also the LaTeX convention.)
These points in the text are meant to be em dashes, so format them
as such. Also standardize on no spaces around the dash per
Chicago Manual of Style (and others).
|
|
|
|
|
| |
Also, move [logging] section documentation after [dbmodules]
documentation.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Change the default client keytab name, if not overridden at build
time, to FILE:$localstatedir/krb5/user/%{euid}/client.keytab.
Introduce a second file from the autoconf archives in order to
recursively expand $localstatedir within configure.in.
|
|
|
|
|
|
|
|
|
| |
Tie up some loose ends in substitution of the default ccache/keytab
names after 688a2702d2045abf5f99acfb59f3f372391e5be4:
* Fix the substhtml target in src/doc/Makefile.in
* Don't add FILE: when substituting the default keytab and client
keytab names, as the defaults already have it.
|
| |
|
|
|
|
|
| |
Do not leave anyone thinking that they might have to specify it
in the config file to get the standard behavior.
|
|
|
|
|
|
|
|
| |
For Unix-like platforms, add %{username} to the path expansion
facility, expanding to the result of getpwuid on the euid.
Also, for manual testing convenience, make t_expand_path print the
result if no second argument is given.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This simply adds KADM5_API_VERSION_4 and various fields to the
policy structures:
- attributes (policy-ish principal attributes)
- max_life (max ticket life)
- max_renewable_life (max ticket renewable life)
- allowed_keysalts (allowed key/salt types)
- TL data (future policy extensions)
Of these only allowed_keysalts is currently implemented.
Some refactoring of TL data handling is also done.
ticket: 7223 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add DEFCCNAME, DEFKTNAME, and DEFCKTNAME configure variables to
change the built-in ccache and keytab names.
* Add krb5-config options to display the built-in ccache and keytab
names.
* In the default build, use krb5-config to discover the system's
built-in ccache and keytab names and use them (if not overridden).
This can be controlled with the --with-krb5-config=PATH or
--without-krb5-config configure options.
* Make the built-in ccache name subject to parameter expansion.
ticket: 7221 (new)
|
|
|
|
|
|
|
| |
Like default_keytab_name and default_client_keytab_name,
default_ccache_name is subject to parameter expansion.
ticket: 7220 (new)
|
|
|
|
|
|
|
| |
Make the default_keytab_name and default_client_keytab_name variables
subject to parameter expansion.
ticket: 7219 (new)
|
|
|
|
|
| |
Before this fix the very long lines (110+ symbols) under the
preformatted text <pre> tag would be cut short in Sphinx HTML output.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
In combination with -k, -i will cause kinit or klist to use the
default client keytab instead of the default acceptor keytab. This
gives an easy way to figure out what default client keytab name is in
use and to get credentials using it.
ticket: 7216 (new)
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our only C++ code is under src/tests/misc/.
Infodir is only referenced in send-pr's makefile but not used
in any rules therein.
Docdir and its descendants ({html,dvi,pdf,ps}dir) are not used
in any install rules.
We do not have anything to install into libexecdir or sharedstatedir,
and oldincludedir simply has no effect.
|
|
|
|
| |
It seems to be "more correct".
|
|
|
|
|
|
|
| |
We should try to stay coupled with the actual configure options, as
documented by 'configure --help'.
Remove an option which is no longer present and add several that
were missing.
|
|
|
|
|
|
|
|
| |
If we list something as "commonly used", we seem to not also
list it with the rest of the options. This has the advantage
of not requiring us to remember to update two things for future
changes, but the disadvantage of requiring users to look in two
places for options. Stick with the prevailing form for now.
|
|
|
|
|
|
|
|
|
| |
Stick to the order of 'configure --help' for most sections, but
sort environment variables alphabetically (since, e.g.,
configure --help does not list CPPFLAGS and there is not a good
way to add that).
Note that this does not add or remove any content, even though
some options are missing/extra.
|
|
|
|
|
|
|
| |
DNS lookups for KDCs have been unconditionally enabled in
configure since 2003; configure options only affect whether
DNS lookups are used for realm names.
Change the RST documentation of configure options to catch up.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 20f85a81151f69689e3c060e89852687eb6c5a3c.
The ability of 'kinit -s' to accept an absolute time is
intentionally undocumented and remains only for backwards
compatibility.
Leave a comment in the source to this effect, for future generations.
|
|
|
|
|
|
|
|
|
|
|
| |
kinit's -s argument takes a parameter, which is first interpreted
as a time interval ("deltat"), in the same format used for
the -l and -r arguments. However, if that fails, the
time argument is interpreted as an absolute time, in one of
twelve different possible formats, some of which are subject to
localization via strptime(). Explicitly listing all twelve
possible interpretations is overkill, but give the user a hint that
absolute times are possible at all.
|