diff options
Diffstat (limited to 'src/kadmin/cli/kadmin.M')
-rw-r--r-- | src/kadmin/cli/kadmin.M | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/src/kadmin/cli/kadmin.M b/src/kadmin/cli/kadmin.M index e2c9a2b84..b744b88a8 100644 --- a/src/kadmin/cli/kadmin.M +++ b/src/kadmin/cli/kadmin.M @@ -151,7 +151,13 @@ Specifying "ago" in a duration may result in unexpected behavior. \fBadd_principal\fP [\fIoptions\fP] \fInewprinc\fP creates the principal .IR newprinc , -prompting twice for a password. This command requires the +prompting twice for a password. If no policy is specified with the +-policy option, and the policy named "default" exists, then that +policy is assigned to the principal; note that the assignment of the +policy "default" only occurs automatically when a principal is first +created, so the policy "default" must already exist for the assignment +to occur. This assignment of "default" can be suppressed with the +-clearpolicy option. This command requires the .I add privilege. This command has the aliases .B addprinc @@ -176,8 +182,17 @@ maximum renewable life of tickets for the principal explicity set the key version number. .TP \fB\-policy\fP \fIpolicy\fP -policy used by this principal. If no policy is supplied, the principal -will default to having no policy, and a warning message will be printed. +policy used by this principal. If no policy is supplied, then if the +policy "default" exists and the -clearpolicy is not also specified, +then the policy "default" is used; otherwise, the principal +will have no policy, and a warning message will be printed. +.TP +\fB\-clearpolicy\fP +.B -clearpolicy +prevents the policy "default" from being assigned when +.B -policy +is not specified. This option has no effect if the policy "default" +does not exist. .TP {\fB\-\fP|\fB+\fP}\fBallow_postdated\fP .B -allow_postdated |