| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Its content has been migrated to or superseded by the krb_users
reST documentation.
The texinfo document attempted to have a general introduction to
Kerberos, but it is not quite suitable for the target audience
of the user's guide and will be rewritten.
A few portions of the texinfo document are simply no longer relevant
and do not need to be migrated. In particular:
The krb5-appl utilities are out of scope for this document, as they
have been moved to a separate repository. Coverage of ksu may be
brought back at a later time, though.
The Kerberos Glossary will be expanded and handled separately.
ticket: 7408
|
| | |
|
| |
|
|
|
|
| |
We made two sets of incompatible changes to the DAL and libkdb5 API
during development for 1.11 (master key list simplification and policy
extensions), so increment the appropriate version numbers.
|
| |
|
|
|
|
|
|
|
| |
The message "Got incremental updates from the master" precedes
actually replaying the updates on the slave. Instead look for
"Incremental updates:" (the statistics message), which happens just
after the updates are replayed.
Also, we don't need to import time now that we're not sleeping.
|
| | |
|
| |
|
|
|
|
| |
When adding {str}, {lenstr}, or {data} to trace output, scan for
bytes which might be non-printable, and add them as hex-escaped
versions of themselves if any are found.
|
| | |
|
| | |
|
| |
|
|
|
| |
Update to generate and consume signed-data with no signer-info, which we
need for anonymous PKINIT.
|
| |
|
|
|
| |
Create an NSS context for use when performing KDF, so that the tests,
which call into the function directly, will work.
|
| | |
|
| |
|
|
|
| |
Print a debug message if we're unable to locate the matching private key
for a certificate when we've just loaded both of them from PEM files.
|
| |
|
|
|
| |
Reset the prompt_types list immediately after the prompter callback
returns, as is done everywhere else.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
After we start kpropd, read about the initial full dump before making
changes on the master. Avoid prodding kpropd for this read (by
shifting responsibility for the initial prod to the caller) since
kpropd doesn't sleep before its first request.
When waiting for sync, note whether we got a full propagation and
match that up with our expectations.
Use a long polling interval so kpropd doesn't wake up on its own and
confuse the test script with an extra incremental update.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Catch SIGUSR1 in iprop-mode kpropd so that we can use it to interrupt
sleeps and make kpropd do an iprop request immediately.
In k5test.py, add prod_kpropd and read_from_kpropd methods to allow
test scripts to send a SIGUSR1 to kpropd and to read its stdout/stderr
output; also allow the test script to specify additional arguments
when starting kpropd.
In t_iprop.py, start kpropd with -d and, instead of sleeping, read
kpropd output until we see an indication that kpropd is in sync with
the master. To avoid delays, prod kpropd before waiting for sync and
after a completed full prop.
|
| | |
|
| | |
|
| |
|
|
|
| |
This follows the design laid out on the project page:
http://k5wiki.kerberos.org/wiki/Projects/Password_response_item
|
| | |
|
| |
|
|
|
|
|
|
| |
Now that the admin guide make rules are removed, quite a few of the
texinfo sources are not referenced from anywhere and can be safely
removed.
ticket: 7408
|
| |
|
|
|
|
| |
Towards removing the texinfo docs entirely.
ticket: 7408
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Its content has been migrated to or superseded by the reST documentation,
essentially entirely in krb_admins.
A few portions of the texinfo document are simply no longer relevant
and do not need to be migrated. In particular:
Information about reporting bugs lives on k5wiki.kerberos.org.
General Kerberos concepts/introduction will be elsewhere in the tree.
We do not need to document the time zones accepted by kadmin.
We do not need a table of the various error codes and strings in our
formal documentation.
A complete description of the layout of our source tree is not useful
or relevant to most Kerberos administrators.
ticket: 7408
|
| |
|
|
|
|
|
| |
In check_cast, we want to match cast operators with or without spaces
after the closing paren, and then check for spaces after we match.
Also, per the comment, we want to match potential cast operators
followed by an open paren.
|
| |
|
|
|
|
|
| |
Mention the options on the synopsis line, and do not imply that
the principal argument(s) for ktadd are optional.
reST line blocks are needed to keep the two forms of ktadd on
separate lines.
|
| |
|
|
|
|
|
| |
Sphynx outputs class information that corresponds to its generated
basic.css, which we do not include. This results in all lists,
even nested lists, using arabic numerals.
Import the class properties into kerb.css for now.
|
| |
|
|
|
|
| |
We should include the stashsrvpw content in that section, not
the list content. Likewise, the list_policy content instead
of the destroy_policy content.
|
| |
|
|
|
|
| |
This text has not caught up with changes to the utility itself.
As a side effect, our output text box is narrower and does not have
to scroll on as many browser windows.
|
| |
|
|
|
|
|
| |
The keyfile worth overriding is the one in kdc.conf. Though using
stash -f would override kdb5_util's -sf argument, there is no reason to
pass both flags to the same invocation.
In any case, the "at startup" language is not really correct.
|
| |
|
|
| |
The policy must be unused, not the delete_policy command.
|
| |
|
|
|
|
|
|
| |
It's really not appropriate for the "examples" subsection of
"Adding, modifying and deleting principals".
While here, update the enctype recommendation for cross-realm principals
to something that does not include weak crypto.
|
| |
|
|
|
| |
Start with a capital letter and end with a full stop, making
the description a sentence (or at least close to one).
|
| |
|
|
|
|
| |
The target principal and restrictions arguments are not orthogonal;
a target principal argument must be given in order for a restriction
list to be supplied.
|
| |
|
|
|
|
|
|
|
| |
It is an eggregious security violation to give all admin principals
admin rights and then give all null instances permission to change
the password of the associated admin instance.
While here, don't assume that admin and root are the only non-null
instances, and correct the formatting of an entry with restrictions.
|
| |
|
|
| |
Make it a special note in the documentation to help it stand out.
|
| |
|
|
| |
Grammar fixup and avoid jargon.
|
| |
|
|
|
|
|
|
|
| |
Fix kpropd -S -t to actually exit after processing one connection (it
was breaking out of the switch statement, not the while loop). Use
the -t when invoking kpropd from the dejagnu test framework;
previously it was unnecessary because kpropd -S -d exited after one
connection. Clear up some confusion in the kprop.exp comments about
whether kpropd is expected to exit.
|
| |
|
|
|
| |
Tweak the wording a bit to be more clear and avoid using multiple
words deriving from the stem "use" in close succession.
|
| |
|
|
|
|
|
|
|
| |
Even though they are subject to vulnerabilities via DNS spoofing
and we accordingly don't recommend their use, we do have the code
to use them. Just as we document dns_lookup_realm in krb5.conf(5),
document them here.
ticket: 7407
|
| | |
|
| |
|
|
|
|
|
|
| |
Now that the install guide make rules are removed, nothing references
build.texinfo or install.texinfo any more (other than the tgz target,
which is updated accordingly).
ticket: 7408
|
| |
|
|
|
|
| |
Towards removing the texinfo docs entirely.
ticket: 7408
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Its content has been migrated to or superseded by the RST documentation,
split amongst krb_build and various sections of krb_admins.
A few portions of the texinfo document are simply no longer relevant
and do not need to be migrated. In particular:
It's 2012; we don't need to specify that we require a C89 compiler.
It's 2012; it will be easy to get enough disk to build krb5.
The KADM5 tests are part of 'make check' and don't need separate
documentation.
Shared library support is not limited to "a few operating systems".
We do not need to document incompatibilities with ancient/dead OSes.
kadmind4 and v5passwdd are no longer relevant.
ticket: 7408
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There are, unfortunately, still some single-DES deployments out
there. Try to help them along by documenting a procedure for
migrating to stronger crypto.
The texinfo install guide had a section on "upgrading", but it was
not really suitable for direct import into a RST document. For one,
it gave a high profile to the on-disk incompatibilities in upgrades
to 1.1 and 1.2. It also was driven at upgrading *to* triple-des (or RC4),
which are something of a dead-end. This new text attempts to be more
general and applicable to today's environment.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It's a slightly less-contrived use case of the utility than the
other example, which reads more like a usage statement.
Give a motivating sentence before each example, and note that this
new example is not needed in the general upgrade case.
The need to dump/load for upgrades prior to 1.2 was documented in
the texinfo install guide, but not in any RST sources until now.
ticket: 7407
|
| |
|
|
|
|
|
|
|
|
| |
The Camellia enctypes and cksumtypes have received IANA assignments.
Add #defines using those assignments to krb5.h, remove the CAMELLIA
conditional, and enable testing code as appropriate.
The Camellia draft has not received an RFC number yet, so there is no
Doxygen markup for the enctype and cksumtype #defines. That can be
added once the RFC number is known.
|
