summaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
...
* Document rdns libdefault settingTom Yu2010-12-201-0/+7
| | | | | | | | ticket: 6794 tags: pullup target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24584 dc483132-0cff-0310-8789-dd5450dbe970
* Correct typo in admin documentation for restrict_anonymous_to_tgtGreg Hudson2010-12-011-2/+2
| | | | | | ticket: 6829 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24550 dc483132-0cff-0310-8789-dd5450dbe970
* Implement restrict_anonymous_to_tgt realm flagGreg Hudson2010-12-011-1/+14
| | | | | | | | | | | | | Implement a new realm flag to reject ticket requests from anonymous principals to any principal other than the local TGT. Allows FAST to be deployed using anonymous tickets as armor in realms where the set of authenticatable users must be constrained. ticket: 6829 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24547 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a typo in install.texinfoGreg Hudson2010-11-161-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24517 dc483132-0cff-0310-8789-dd5450dbe970
* Remove KDC replay cacheGreg Hudson2010-10-191-5/+3
| | | | | | | | | | | | Now that SAM1 support has been removed, the KDC does not need a replay replay cache. Remove all code within USE_RCACHE and associated support. Rename --disable-kdc-replay-cache to --disable-kdc-lookaside-cache. ticket: 6804 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24464 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust copyright.texinfo to fix some TeX output issues. Also do minorTom Yu2010-10-181-126/+137
| | | | | | | | cleanup. ticket: 6802 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24462 dc483132-0cff-0310-8789-dd5450dbe970
* copyright notice updatesTom Yu2010-10-147-209/+806
| | | | | | | | | | | | Update copyright.texinfo. Move full copyright notices to appendices of documentation. New rules to generate top-level NOTICE file from copyright.texinfo. Regenerate NOTICE file. ticket: 6802 tags: pullup target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24455 dc483132-0cff-0310-8789-dd5450dbe970
* Add a kadm5 RPC for purging old keys from the KDB (e.g., fromTom Yu2010-10-081-12/+9
| | | | | | | | | | | | | | | change_password -keepold), and add a kadmin CLI command for it. Keeping ticket open because an automated test needs to be added. Long-term future work includes start/expire dates on keys, or not-yet-valid flags. ticket: 1219 status: open target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24442 dc483132-0cff-0310-8789-dd5450dbe970
* Document kadm5_hook interfaceSam Hartman2010-10-051-1/+12
| | | | | | | | * krb5.conf * admin.texinfo * kadm5_hook_plugin.h: document initvt requirement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24422 dc483132-0cff-0310-8789-dd5450dbe970
* Implement k5login_directory and k5login_authoritative optionsGreg Hudson2010-10-011-0/+14
| | | | | | | | Add and document two new options for controlling k5login behavior. ticket: 6792 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24402 dc483132-0cff-0310-8789-dd5450dbe970
* Correct the admin documentation for auth_to_localGreg Hudson2010-09-301-15/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24387 dc483132-0cff-0310-8789-dd5450dbe970
* Password quality pluggable interfaceGreg Hudson2010-09-012-2/+65
| | | | | | | | | | | Merge branches/plugins2 to trunk. Adds a password quality pluggable interface described in this project page: http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface ticket: 6765 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24284 dc483132-0cff-0310-8789-dd5450dbe970
* Revise the profile include design so that included files areGreg Hudson2010-08-251-2/+3
| | | | | | | | syntactically independent of parent files. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24256 dc483132-0cff-0310-8789-dd5450dbe970
* add profile include supportGreg Hudson2010-08-241-0/+14
| | | | | | | | | | Add support for "include" and "includedir" directives in profile files. See http://k5wiki.kerberos.org/wiki/Projects/Profile_Includes for more details. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24253 dc483132-0cff-0310-8789-dd5450dbe970
* Document the disable_last_success and disable_lockout variables inGreg Hudson2010-05-211-2/+2
| | | | | | | | | krb5.conf.M. Also document database_name in krb5.conf.M and slightly adjust the wording in admin.texinfo. ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24078 dc483132-0cff-0310-8789-dd5450dbe970
* When parsing a KDC or admin server string, allow the name or addressGreg Hudson2010-05-181-6/+8
| | | | | | | | | to be enclosed in brackets so that IPv6 addresses can be represented. (IPv6 addresses contain colons, which look like port separators.) ticket: 6562 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24055 dc483132-0cff-0310-8789-dd5450dbe970
* Add lockout-related performance tuning variablesGreg Hudson2010-05-101-4/+17
| | | | | | | | | | | | | | | The account lockout feature of krb5 1.8 came at a cost in database accesses for principals requiring preauth, even if lockout is not used. Add dbmodules variables disable_last_success and disable_lockout for the DB2 and LDAP back ends, allowing the admin to recover the lost performance at the cost of new functionality. (Unrelated documentation fix: document database_name as a DB2-specific dbmodules variable instead of the realm variable it used to be.) ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24003 dc483132-0cff-0310-8789-dd5450dbe970
* Document the ticket_lifetime libdefaults setting (which was added inGreg Hudson2010-03-191-7/+5
| | | | | | | | | | r16656, #2656). Based on a patch from nalin@redhat.com. ticket: 6680 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23820 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation with information about --with-crypto-impl=IMPL ↵Zhanna Tsitkov2010-02-251-0/+6
| | | | | | configuration flag git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23752 dc483132-0cff-0310-8789-dd5450dbe970
* doc updates for allow_weak_cryptoTom Yu2010-02-251-2/+5
| | | | | | | | | | Update documentation to be more helpful about allow_weak_crypto. ticket: 6669 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23750 dc483132-0cff-0310-8789-dd5450dbe970
* Minimal support for updating history keyGreg Hudson2010-02-111-1/+27
| | | | | | | | | | | | | | | | | | Add minimal support for re-randomizing the history key: * cpw -randkey kadmin/history now works, but creates only one key. * cpw -randkey -keepold kadmin/history still fails. * libkadm5 no longer caches the history key. Performance impact is minimal since password changes are not common. * randkey no longer checks the newly randomized key against old keys, and the disabled code to do so in setkey/setv4key is gone, so now only kadm5_chpass_principal_3 accesses the password history. ticket: 6660 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23716 dc483132-0cff-0310-8789-dd5450dbe970
* README, copyright, patchlevel for krb5-1.8 branchTom Yu2010-01-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23587 dc483132-0cff-0310-8789-dd5450dbe970
* Fixing minorly grammatical badKen Raeburn2009-12-281-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23522 dc483132-0cff-0310-8789-dd5450dbe970
* Note last real update was a while back; delete listings of libraries no ↵Ken Raeburn2009-12-281-11/+2
| | | | | | longer in tree git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23521 dc483132-0cff-0310-8789-dd5450dbe970
* Remove appl man pages from the list of pages to convert in the docGreg Hudson2009-11-241-6/+1
| | | | | | build system. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23341 dc483132-0cff-0310-8789-dd5450dbe970
* Remove discussion of the unbundled applications from the installGreg Hudson2009-11-221-153/+10
| | | | | | | | guide. ticket: 6583 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23310 dc483132-0cff-0310-8789-dd5450dbe970
* Update the build system documentation:Greg Hudson2009-11-221-35/+11
| | | | | | | | | | | * The test suite no longer requires root. * appl no longer contains what it used to contain. * Mention --disable-rpath as an alternative for make check. ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23309 dc483132-0cff-0310-8789-dd5450dbe970
* Update the kadm5 design documentation slightly to reflect that MITGreg Hudson2009-10-301-6/+17
| | | | | | doesn't commit to a stable libkadm5 C API. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23095 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an outdated parenthetical comment about master_kdc; we actuallyGreg Hudson2009-10-071-3/+1
| | | | | | do check if the response came from the master KDC now. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22864 dc483132-0cff-0310-8789-dd5450dbe970
* In doc/Makefile, specify the new location of the kpasswd man page (theGreg Hudson2009-08-141-2/+2
| | | | | | | | old one was removed in r22521. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22522 dc483132-0cff-0310-8789-dd5450dbe970
* Enctype list configuration enhancementsGreg Hudson2009-07-292-2/+20
| | | | | | | | | | | In the processing code for enctype lists, add support for "DEFAULT" to indicate the default list, for families (des/des3/aes/rc4), and for removing entries from the current list (-foo). Also add unit tests and document. ticket: 6539 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22469 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a typo in the admin guide (with not keyword -> with no keyword)Greg Hudson2009-06-011-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22396 dc483132-0cff-0310-8789-dd5450dbe970
* Fix formatting of ok_as_delegate documentation in admin guideGreg Hudson2009-05-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22304 dc483132-0cff-0310-8789-dd5450dbe970
* Document ok_as_delegate in the admin guideGreg Hudson2009-04-301-0/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22293 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typoGreg Hudson2009-04-281-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22287 dc483132-0cff-0310-8789-dd5450dbe970
* In the cross-realm setup example in the admin documentation, useGreg Hudson2009-04-221-2/+2
| | | | | | | "addprinc" instead of "add_princ" since the latter is not a recognized alias for add_principal. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22266 dc483132-0cff-0310-8789-dd5450dbe970
* Document allow_weak_cryptoGreg Hudson2009-04-102-6/+18
| | | | | | | | | | | Also document which cryptosystems are defined to be weak, and add some enctype entries which weren't in the documentation. ticket: 6452 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22188 dc483132-0cff-0310-8789-dd5450dbe970
* Update defaults in documentationGreg Hudson2009-04-091-8/+8
| | | | | | | | | | | | doc/definitions.texinfo had, predictably, fallen out of date with respect to the code. Update a few of the out of date comments and defaults, particularly the default enctype lists. ticket: 6451 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22187 dc483132-0cff-0310-8789-dd5450dbe970
* Unfortunately, pre-1.7 krshd fails to support keyed checksums becauseSam Hartman2009-04-031-2/+2
| | | | | | | | | | | | | | | | it uses the wrong API and wrong key usage. So, if the auth_context has an explicit checksum type set, then respect that. kcmd sets such a checksum type. Also, because other applications may have the same problem, allow the config file variable if set to override the default checksum. * kcmd.c: Force use of rsa_md5 * init_ctx.c: do not default to md5 * mk_req_ext.c: allow auth_context to override ticket: 1624 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22160 dc483132-0cff-0310-8789-dd5450dbe970
* Use the preferred checksum for non-DES keys in the kdc_req path andSam Hartman2009-04-011-1/+2
| | | | | | | | | | | | all the time in the ap_req checksum path. This breaks code to support DCE versions prior to 1.1 but uses the correct checksum for protocol compatibility. ticket: 1624 Target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22154 dc483132-0cff-0310-8789-dd5450dbe970
* Document alias support in LDAP back endGreg Hudson2009-03-151-0/+20
| | | | | | | | | | | | Add a few paragraphs to the LDAP instructions on creating aliases through direct manipulation of the LDAP data, and briefly explain when aliases will be used. ticket: 6419 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22089 dc483132-0cff-0310-8789-dd5450dbe970
* Improve LDAP admin documentationGreg Hudson2009-03-141-86/+101
| | | | | | | | | | | | | | | | | | Use dc=example,dc=com as the example base DN instead of more archaic forms. Provide a little more cross-referencing of concepts and mechanisms. Add additional steps in the OpenLDAP setup instructions for choosing DNs for the Kerberos container, KDC service, and kadmin service. Explain a little bit about what the Kerberos container and realm container are. Be clearer that using separate subtrees from the realm container for principals is an option, not a necessity, and don't use the base DN as an example of a separate subtree (it's confusing). ticket: 6418 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22088 dc483132-0cff-0310-8789-dd5450dbe970
* fix merge of new openldap noticeKen Raeburn2009-01-051-3/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21698 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-031-0/+63
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Remove documentation references to krb4 functionality we no longerGreg Hudson2008-12-1812-7086/+2
| | | | | | | | | have. Remove the krb425 transition guide since we no longer have compatibility code to assist with a transition. ticket: 6303 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21545 dc483132-0cff-0310-8789-dd5450dbe970
* another diff test 4Tom Yu2008-12-171-7/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21519 dc483132-0cff-0310-8789-dd5450dbe970
* another diff test 3Tom Yu2008-12-171-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21518 dc483132-0cff-0310-8789-dd5450dbe970
* another diff test 2Tom Yu2008-12-171-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21517 dc483132-0cff-0310-8789-dd5450dbe970
* another diff testTom Yu2008-12-171-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21516 dc483132-0cff-0310-8789-dd5450dbe970
* test mailing diffs 6Tom Yu2008-12-171-7/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21515 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 07:09:36 +0000