diff options
| author | Ben Kaduk <kaduk@mit.edu> | 2012-12-11 17:19:44 -0500 |
|---|---|---|
| committer | Ben Kaduk <kaduk@mit.edu> | 2012-12-11 17:19:44 -0500 |
| commit | 26481ee22377a46badbbf4bbdd8ae04265057205 (patch) | |
| tree | 61e7048ccf5909ba3d4277c177f4947eb023dbfd | |
| parent | 66bba9f9fa7ce3c138c35e78e91a3174d1f3af18 (diff) | |
| download | krb5-26481ee22377a46badbbf4bbdd8ae04265057205.tar.gz krb5-26481ee22377a46badbbf4bbdd8ae04265057205.tar.xz krb5-26481ee22377a46badbbf4bbdd8ae04265057205.zip | |
Regenerate checked-in man pages
Pick up changes to kadmin.rst and krb5_conf.rst adding cross-references
for account lockout and detailing parameter expansion for keytab
and credentials cache names in krb5.conf
ticket: 7494 (new)
tags: pullup
target_version: 1.11
| -rw-r--r-- | src/man/kadmin.man | 21 | ||||
| -rw-r--r-- | src/man/krb5.conf.man | 5 |
2 files changed, 19 insertions, 7 deletions
diff --git a/src/man/kadmin.man b/src/man/kadmin.man index e3278e739..06753dd8d 100644 --- a/src/man/kadmin.man +++ b/src/man/kadmin.man @@ -628,23 +628,34 @@ numbers, punctuation, and whitespace/unprintable characters. .B \fB\-history\fP \fInumber\fP Sets the number of past keys kept for a principal. This option is not supported with the LDAP KDC database module. +.UNINDENT +.INDENT 0.0 .TP .B \fB\-maxfailure\fP \fImaxnumber\fP -Sets the maximum number of authentication failures before the -principal is locked. Authentication failures are only tracked for -principals which require preauthentication. +Sets the number of authentication failures before the principal is +locked. Authentication failures are only tracked for principals +which require preauthentication. The counter of failed attempts +resets to 0 after a successful attempt to authenticate. A +\fImaxnumber\fP value of 0 (the default) disables lockout. +.UNINDENT +.INDENT 0.0 .TP .B \fB\-failurecountinterval\fP \fIfailuretime\fP (\fIgetdate\fP string) Sets the allowable time between authentication failures. If an authentication failure happens after \fIfailuretime\fP has elapsed since the previous failure, -the number of authentication failures is reset to 1. +the number of authentication failures is reset to 1. A +\fIfailuretime\fP value of 0 (the default) means forever. +.UNINDENT +.INDENT 0.0 .TP .B \fB\-lockoutduration\fP \fIlockouttime\fP (\fIgetdate\fP string) Sets the duration for which the principal is locked from authenticating if too many authentication failures occur without the specified failure count interval elapsing. -A duration of 0 means forever. +A duration of 0 (the default) means the principal remains locked +out until it is administratively unlocked with \fBmodprinc +\-unlock\fP. .TP .B \fB\-allowedkeysalts\fP Specifies the key/salt tuples supported for long\-term keys when diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man index 5c58fee09..a5bb7c3c6 100644 --- a/src/man/krb5.conf.man +++ b/src/man/krb5.conf.man @@ -1146,8 +1146,9 @@ The default is false. .UNINDENT .SH PARAMETER EXPANSION .sp -Several variables, such as \fBdefault_keytab_name\fP, allow parameters -to be expanded. Valid parameters are: +Starting with release 1.11, several variables, such as +\fBdefault_keytab_name\fP, allow parameters to be expanded. +Valid parameters are: .INDENT 0.0 .INDENT 3.5 .TS |