diff options
| author | Nicolas Williams <nico@cryptonector.com> | 2012-07-18 16:27:35 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-07-30 19:11:28 -0400 |
| commit | 5829ca2b348974e52a67b553afc7f7491007c33a (patch) | |
| tree | 3fdbcdfc56a26445c2f2fce9fb72b6deddb28d0f /doc | |
| parent | 796366a03ea170efb937913acae36a2083a5329e (diff) | |
Policy extensions + new policy: allowed ks types
This simply adds KADM5_API_VERSION_4 and various fields to the
policy structures:
- attributes (policy-ish principal attributes)
- max_life (max ticket life)
- max_renewable_life (max ticket renewable life)
- allowed_keysalts (allowed key/salt types)
- TL data (future policy extensions)
Of these only allowed_keysalts is currently implemented.
Some refactoring of TL data handling is also done.
ticket: 7223 (new)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/rst_source/krb_admins/admin_commands/kadmin_local.rst | 8 | ||||
| -rw-r--r-- | doc/rst_source/krb_admins/admin_commands/kdb5_util.rst | 15 |
2 files changed, 23 insertions, 0 deletions
diff --git a/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst b/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst index 8e55b3f0b..fbb6038c3 100644 --- a/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst +++ b/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst @@ -626,6 +626,14 @@ The following options are available: occur without the specified failure count interval elapsing. A duration of 0 means forever. +**-allowedkeysalts** + Specifies the key/salt tuples supported for long-term keys when + setting or changing a principal's password/keys. See + :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)` for a list + of the accepted values, but note that key/salt tuples must be + separated with commas (',') only. To clear the allowed key/salt + policy use a value of '-'. + Example: :: diff --git a/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst b/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst index 3601b4df6..ea533f587 100644 --- a/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst +++ b/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst @@ -159,6 +159,11 @@ load_dump version 6". If filename is not specified, or is the string load_dump version 5"). This was the dump format produced on releases prior to 1.8. +**-r18** + causes the dump to be in the Kerberos 5 1.8 format ("kdb5_util + load_dump version 6"). This was the dump format produced on + releases prior to 1.11. + **-verbose** causes the name of each principal and policy to be printed as it is dumped. @@ -220,6 +225,16 @@ Options: requires the database to be in "ovsec_adm_import" format. Must be used with the **-update** option. +**-r13** + requires the database to be in Kerberos 5 1.3 format ("kdb5_util + load_dump version 5"). This was the dump format produced on + releases prior to 1.8. + +**-r18** + requires the database to be in Kerberos 5 1.8 format ("kdb5_util + load_dump version 6"). This was the dump format produced on + releases prior to 1.11. + **-hash** requires the database to be stored as a hash. If this option is not specified, the database will be stored as a btree. This |