krb5.git/doc, branch keyring MIT Kerberos patches Clarify realm and dbmodules configuration docs 2013-11-06T19:58:03+00:00 Greg Hudson ghudson@mit.edu 2013-11-06T18:33:04+00:00 689d769c10c53bd4fa40e82421c89b96cc86cbae In kdc_conf.rst, add examples showing how to configure a realm parameter and a database parameter. Document that the default DB configuration section is the realm name, and use that in the example. Move the db_module_dir description to the end of the [dbmodules] documentation since it is rarely used and could confuse a reader about the usual structure of the section. ticket: 7759 (new) target_version: 1.12 tags: pullup 
In kdc_conf.rst, add examples showing how to configure a realm
parameter and a database parameter.  Document that the default DB
configuration section is the realm name, and use that in the example.
Move the db_module_dir description to the end of the [dbmodules]
documentation since it is rarely used and could confuse a reader about
the usual structure of the section.

ticket: 7759 (new)
target_version: 1.12
tags: pullup
Clarify kpropd standalone mode documentation 2013-11-01T14:55:39+00:00 Greg Hudson ghudson@mit.edu 2013-10-30T22:22:00+00:00 bfec0671ca6df811453d46a2f47afc7168b980fc The kpropd -S option is no longer needed to run kpropd in standalone mode, but its functionality is not deprecated; standalone mode is automatically activated when appropriate. Clarify the kpropd documentation on standalone mode to avoid giving the impression that the mode is deprecated. ticket: 7751 (new) target_version: 1.12 tags: pullup 
The kpropd -S option is no longer needed to run kpropd in standalone
mode, but its functionality is not deprecated; standalone mode is
automatically activated when appropriate.  Clarify the kpropd
documentation on standalone mode to avoid giving the impression that
the mode is deprecated.

ticket: 7751 (new)
target_version: 1.12
tags: pullup
Document master key rollover 2013-10-30T16:58:23+00:00 Greg Hudson ghudson@mit.edu 2013-10-25T16:30:48+00:00 e4b5d426a1e1e00367cc44a9619535ab71b20393 Add a new section to database.rst documenting the procedure for rolling the master key. ticket: 7732 (new) target_version: 1.12 tags: pullup 
Add a new section to database.rst documenting the procedure for
rolling the master key.

ticket: 7732 (new)
target_version: 1.12
tags: pullup
Use active master key in update_princ_encryption 2013-10-25T15:36:11+00:00 Greg Hudson ghudson@mit.edu 2013-10-23T15:55:19+00:00 4ccc18bc3ddc49d0fd0d2de00ec91c0fa44c53a8 kdb5_util update_princ_encryption should update to the active master key version, not the most recent. ticket: 6507 target_version: 1.12 tags: pullup 
kdb5_util update_princ_encryption should update to the active master
key version, not the most recent.

ticket: 6507
target_version: 1.12
tags: pullup
Discuss cert expiry, no-key princs in PKINIT docs 2013-10-17T18:13:03+00:00 Greg Hudson ghudson@mit.edu 2013-10-14T22:14:00+00:00 f3977b6883f0172a2af9006522a1b35546f86749 In pkinit.rst, add "-days" options to the example commands for creating certificate and briefly discuss the issue of expiration dates so that the administrator thinks about it. In troubleshoot.rst, add an entry for the "certificate has expired" error which results from PKINIT (when linked with OpenSSL) when a certificate has expired. ticket: 7719 (new) target_version: 1.12 tags: pullup 
In pkinit.rst, add "-days" options to the example commands for
creating certificate and briefly discuss the issue of expiration dates
so that the administrator thinks about it.  In troubleshoot.rst, add
an entry for the "certificate has expired" error which results from
PKINIT (when linked with OpenSSL) when a certificate has expired.

ticket: 7719 (new)
target_version: 1.12
tags: pullup
Fix literal blocks in gssapi.rst 2013-09-20T19:33:02+00:00 Tom Yu tlyu@mit.edu 2013-09-20T19:20:01+00:00 66b141745fc56bbdb7b738582ba7e1cce1e503c8 Some literal blocks in the new AEAD and IOV documentation in gssapi.rst started with ":" instead of "::", causing documentation build errors. 
Some literal blocks in the new AEAD and IOV documentation in
gssapi.rst started with ":" instead of "::", causing documentation
build errors.
Release krb5-1.9 is not supported anymore 2013-09-19T13:20:07+00:00 Zhanna Tsitkov tsitkova@mit.edu 2013-09-19T13:20:07+00:00 3d359e42de2975eddcece76fb0381000c23daba5 Release 1.9.5 was the last planned release for the krb5-1.9 series. 
Release 1.9.5 was the last planned release for the krb5-1.9 series.
Document AEAD and IOV GSSAPI extensions 2013-09-18T22:22:17+00:00 Greg Hudson ghudson@mit.edu 2013-09-16T17:04:27+00:00 42614eb0354afa08c4e2f03be561017b773a80ae 






Add a flag to prevent all host canonicalization
2013-09-06T05:02:28+00:00

Greg Hudson
ghudson@mit.edu

2013-09-05T22:30:02+00:00

60edb321af64081e3eb597da0256faf117c9c441

If dns_canonicalize_hostname is set to false in [libdefaults],
krb5_sname_to_principal will not canonicalize the hostname using
either forward or reverse lookups.

ticket: 7703 (new)





If dns_canonicalize_hostname is set to false in [libdefaults],
krb5_sname_to_principal will not canonicalize the hostname using
either forward or reverse lookups.

ticket: 7703 (new)







Omit signedpath if no_auth_data_required is set
2013-08-20T04:25:02+00:00

Greg Hudson
ghudson@mit.edu

2013-08-20T00:01:03+00:00

eaaf406f5ab3224fc262da300476efa21b407bed

The no_auth_data_required bit was introduced to suppress PACs in
service tickets when the back end supports them.  Make it also
suppress AD-SIGNEDPATH, so that the ~70-byte expansion of the ticket
can be avoided for services which aren't going to do constrained
delegation.

ticket: 7697 (new)





The no_auth_data_required bit was introduced to suppress PACs in
service tickets when the back end supports them.  Make it also
suppress AD-SIGNEDPATH, so that the ~70-byte expansion of the ticket
can be avoided for services which aren't going to do constrained
delegation.

ticket: 7697 (new)