diff options
| author | Tom Yu <tlyu@mit.edu> | 2013-12-09 15:48:02 -0500 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2013-12-09 17:03:05 -0500 |
| commit | 23a75649277afc24a9dfea199689e18129fa390c (patch) | |
| tree | 11491b938fa8735470b9fb59775ca467af7d76c1 /doc/admin/admin_commands | |
| parent | 13fd26e1863c79f616653f6a10a58c01f65fceff (diff) | |
| download | krb5-23a75649277afc24a9dfea199689e18129fa390c.tar.gz krb5-23a75649277afc24a9dfea199689e18129fa390c.tar.xz krb5-23a75649277afc24a9dfea199689e18129fa390c.zip | |
Better keysalt docs
Add a new section to kdc_conf.rst to describe keysalt lists, and
update other documentation to better distinguish enctype lists from
keysalt lists.
ticket: 7608
target_version: 1.12
tags: pullup
Diffstat (limited to 'doc/admin/admin_commands')
| -rw-r--r-- | doc/admin/admin_commands/kadmin_local.rst | 33 | ||||
| -rw-r--r-- | doc/admin/admin_commands/kdb5_util.rst | 6 |
2 files changed, 21 insertions, 18 deletions
diff --git a/doc/admin/admin_commands/kadmin_local.rst b/doc/admin/admin_commands/kadmin_local.rst index bcae5d4d2..7f334a518 100644 --- a/doc/admin/admin_commands/kadmin_local.rst +++ b/doc/admin/admin_commands/kadmin_local.rst @@ -127,9 +127,9 @@ OPTIONS instead of reading it from a stash file. **-e** "*enc*:*salt* ..." - Sets the list of encryption types and salt types to be used for - any new keys created. See :ref:`Encryption_and_salt_types` in - :ref:`kdc.conf(5)` for a list of possible values. + Sets the keysalt list to be used for any new keys created. See + :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a list of possible + values. **-O** Force use of old AUTH_GSSAPI authentication flavor. @@ -307,8 +307,9 @@ Options: via the process list. **-e** *enc*:*salt*,... - Uses the specified list of enctype-salttype pairs for setting the - key of the principal. + Uses the specified keysalt list for setting the keys of the + principal. See :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a + list of possible values. **-x** *db_princ_args* Indicates database-specific options. The options for the LDAP @@ -439,8 +440,9 @@ The following options are available: the process list. **-e** *enc*:*salt*,... - Uses the specified list of enctype-salttype pairs for setting the - key of the principal. + Uses the specified keysalt list for setting the keys of the + principal. See :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a + list of possible values. **-keepold** Keeps the existing keys in the database. This flag is usually not @@ -580,8 +582,8 @@ modules. The following string attributes are recognized by the KDC: **session_enctypes** Specifies the encryption types supported for session keys when the principal is authenticated to as a server. See - :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)` for a list - of the accepted values. + :ref:`Encryption_types` in :ref:`kdc.conf(5)` for a list of the + accepted values. This command requires the **modify** privilege. @@ -668,10 +670,10 @@ The following options are available: **-allowedkeysalts** Specifies the key/salt tuples supported for long-term keys when setting or changing a principal's password/keys. See - :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)` for a list - of the accepted values, but note that key/salt tuples must be - separated with commas (',') only. To clear the allowed key/salt - policy use a value of '-'. + :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a list of the + accepted values, but note that key/salt tuples must be separated + with commas (',') only. To clear the allowed key/salt policy use + a value of '-'. Example: @@ -819,8 +821,9 @@ The options are: used. **-e** *enc*:*salt*,... - Use the specified list of enctype-salttype pairs for setting the - new keys of the principal. + Uses the specified keysalt list for setting the new keys of the + principal. See :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a + list of possible values. **-q** Display less verbose information. diff --git a/doc/admin/admin_commands/kdb5_util.rst b/doc/admin/admin_commands/kdb5_util.rst index 4a90eb66e..a10e6d86b 100644 --- a/doc/admin/admin_commands/kdb5_util.rst +++ b/doc/admin/admin_commands/kdb5_util.rst @@ -262,9 +262,9 @@ add_mkey Adds a new master key to the master key principal, but does not mark it as active. Existing master keys will remain. The **-e** option specifies the encryption type of the new master key; see -:ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)` for a list of -possible values. The **-s** option stashes the new master key in the -stash file, which will be created if it doesn't already exist. +:ref:`Encryption_types` in :ref:`kdc.conf(5)` for a list of possible +values. The **-s** option stashes the new master key in the stash +file, which will be created if it doesn't already exist. After a new master key is added, it should be propagated to slave servers via a manual or periodic invocation of :ref:`kprop(8)`. Then, |