barry's changed, left checked out:

changed descriptions of pw_history_num and ...rename_principal

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2904 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 9 insertions, 3 deletions

diff --git a/doc/kadm5/api-funcspec.tex b/doc/kadm5/api-funcspec.tex
index 171c450c7..c8fbba807 100644
--- a/doc/kadm5/api-funcspec.tex
+++ b/doc/kadm5/api-funcspec.tex
@@ -269,8 +269,11 @@ set its password to anything with fewer than this number of character
 classes in it.
 
 \item[pw_history_num] The number of past passwords that are
-stored for the principal; its maximum value is 10.  A principal cannot
-set its password to any of its previous pw_history_num passwords.
+stored for the principal; the minimum value is 1 and the maximum value
+is 10.  A principal cannot set its password to any of its previous
+pw_history_num passwords.  The first ``previous'' password is the
+current password; thus, a principal with a policy can never reset its
+password to its current value.
 
 \item[policy_refcnt]  The number of principals currently using this policy.
 A policy cannot be deleted unless this number is zero.
@@ -782,7 +785,10 @@ AUTHORIZATION REQUIRED: add and delete
 \item Check to see if source principal exists, if not return
 OVSEC_KADM_UNK_PRINC error. 
 \item Check to see if target exists, if so return OVSEC_KADM_DUP error.
-\item Rename principal.
+\item Create the new principal named target, then delete the old
+principal named source.  All of target's fields will be the same as
+source's fields, except that mod_name and mod_date will be updated to
+reflect the current caller and time.
 \end{enumerate}
 
 Note that since the principal name may have been used as the salt for