summaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
...
* Document kadm5_hook interfaceSam Hartman2010-10-051-1/+12
| | | | | | | | * krb5.conf * admin.texinfo * kadm5_hook_plugin.h: document initvt requirement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24422 dc483132-0cff-0310-8789-dd5450dbe970
* Implement k5login_directory and k5login_authoritative optionsGreg Hudson2010-10-011-0/+14
| | | | | | | | Add and document two new options for controlling k5login behavior. ticket: 6792 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24402 dc483132-0cff-0310-8789-dd5450dbe970
* Correct the admin documentation for auth_to_localGreg Hudson2010-09-301-15/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24387 dc483132-0cff-0310-8789-dd5450dbe970
* Password quality pluggable interfaceGreg Hudson2010-09-012-2/+65
| | | | | | | | | | | Merge branches/plugins2 to trunk. Adds a password quality pluggable interface described in this project page: http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface ticket: 6765 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24284 dc483132-0cff-0310-8789-dd5450dbe970
* Revise the profile include design so that included files areGreg Hudson2010-08-251-2/+3
| | | | | | | | syntactically independent of parent files. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24256 dc483132-0cff-0310-8789-dd5450dbe970
* add profile include supportGreg Hudson2010-08-241-0/+14
| | | | | | | | | | Add support for "include" and "includedir" directives in profile files. See http://k5wiki.kerberos.org/wiki/Projects/Profile_Includes for more details. ticket: 6761 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24253 dc483132-0cff-0310-8789-dd5450dbe970
* Document the disable_last_success and disable_lockout variables inGreg Hudson2010-05-211-2/+2
| | | | | | | | | krb5.conf.M. Also document database_name in krb5.conf.M and slightly adjust the wording in admin.texinfo. ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24078 dc483132-0cff-0310-8789-dd5450dbe970
* When parsing a KDC or admin server string, allow the name or addressGreg Hudson2010-05-181-6/+8
| | | | | | | | | to be enclosed in brackets so that IPv6 addresses can be represented. (IPv6 addresses contain colons, which look like port separators.) ticket: 6562 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24055 dc483132-0cff-0310-8789-dd5450dbe970
* Add lockout-related performance tuning variablesGreg Hudson2010-05-101-4/+17
| | | | | | | | | | | | | | | The account lockout feature of krb5 1.8 came at a cost in database accesses for principals requiring preauth, even if lockout is not used. Add dbmodules variables disable_last_success and disable_lockout for the DB2 and LDAP back ends, allowing the admin to recover the lost performance at the cost of new functionality. (Unrelated documentation fix: document database_name as a DB2-specific dbmodules variable instead of the realm variable it used to be.) ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24003 dc483132-0cff-0310-8789-dd5450dbe970
* Document the ticket_lifetime libdefaults setting (which was added inGreg Hudson2010-03-191-7/+5
| | | | | | | | | | r16656, #2656). Based on a patch from nalin@redhat.com. ticket: 6680 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23820 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation with information about --with-crypto-impl=IMPL ↵Zhanna Tsitkov2010-02-251-0/+6
| | | | | | configuration flag git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23752 dc483132-0cff-0310-8789-dd5450dbe970
* doc updates for allow_weak_cryptoTom Yu2010-02-251-2/+5
| | | | | | | | | | Update documentation to be more helpful about allow_weak_crypto. ticket: 6669 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23750 dc483132-0cff-0310-8789-dd5450dbe970
* Minimal support for updating history keyGreg Hudson2010-02-111-1/+27
| | | | | | | | | | | | | | | | | | Add minimal support for re-randomizing the history key: * cpw -randkey kadmin/history now works, but creates only one key. * cpw -randkey -keepold kadmin/history still fails. * libkadm5 no longer caches the history key. Performance impact is minimal since password changes are not common. * randkey no longer checks the newly randomized key against old keys, and the disabled code to do so in setkey/setv4key is gone, so now only kadm5_chpass_principal_3 accesses the password history. ticket: 6660 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23716 dc483132-0cff-0310-8789-dd5450dbe970
* README, copyright, patchlevel for krb5-1.8 branchTom Yu2010-01-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23587 dc483132-0cff-0310-8789-dd5450dbe970
* Fixing minorly grammatical badKen Raeburn2009-12-281-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23522 dc483132-0cff-0310-8789-dd5450dbe970
* Note last real update was a while back; delete listings of libraries no ↵Ken Raeburn2009-12-281-11/+2
| | | | | | longer in tree git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23521 dc483132-0cff-0310-8789-dd5450dbe970
* Remove appl man pages from the list of pages to convert in the docGreg Hudson2009-11-241-6/+1
| | | | | | build system. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23341 dc483132-0cff-0310-8789-dd5450dbe970
* Remove discussion of the unbundled applications from the installGreg Hudson2009-11-221-153/+10
| | | | | | | | guide. ticket: 6583 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23310 dc483132-0cff-0310-8789-dd5450dbe970
* Update the build system documentation:Greg Hudson2009-11-221-35/+11
| | | | | | | | | | | * The test suite no longer requires root. * appl no longer contains what it used to contain. * Mention --disable-rpath as an alternative for make check. ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23309 dc483132-0cff-0310-8789-dd5450dbe970
* Update the kadm5 design documentation slightly to reflect that MITGreg Hudson2009-10-301-6/+17
| | | | | | doesn't commit to a stable libkadm5 C API. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23095 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an outdated parenthetical comment about master_kdc; we actuallyGreg Hudson2009-10-071-3/+1
| | | | | | do check if the response came from the master KDC now. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22864 dc483132-0cff-0310-8789-dd5450dbe970
* In doc/Makefile, specify the new location of the kpasswd man page (theGreg Hudson2009-08-141-2/+2
| | | | | | | | old one was removed in r22521. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22522 dc483132-0cff-0310-8789-dd5450dbe970
* Enctype list configuration enhancementsGreg Hudson2009-07-292-2/+20
| | | | | | | | | | | In the processing code for enctype lists, add support for "DEFAULT" to indicate the default list, for families (des/des3/aes/rc4), and for removing entries from the current list (-foo). Also add unit tests and document. ticket: 6539 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22469 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a typo in the admin guide (with not keyword -> with no keyword)Greg Hudson2009-06-011-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22396 dc483132-0cff-0310-8789-dd5450dbe970
* Fix formatting of ok_as_delegate documentation in admin guideGreg Hudson2009-05-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22304 dc483132-0cff-0310-8789-dd5450dbe970
* Document ok_as_delegate in the admin guideGreg Hudson2009-04-301-0/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22293 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typoGreg Hudson2009-04-281-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22287 dc483132-0cff-0310-8789-dd5450dbe970
* In the cross-realm setup example in the admin documentation, useGreg Hudson2009-04-221-2/+2
| | | | | | | "addprinc" instead of "add_princ" since the latter is not a recognized alias for add_principal. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22266 dc483132-0cff-0310-8789-dd5450dbe970
* Document allow_weak_cryptoGreg Hudson2009-04-102-6/+18
| | | | | | | | | | | Also document which cryptosystems are defined to be weak, and add some enctype entries which weren't in the documentation. ticket: 6452 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22188 dc483132-0cff-0310-8789-dd5450dbe970
* Update defaults in documentationGreg Hudson2009-04-091-8/+8
| | | | | | | | | | | | doc/definitions.texinfo had, predictably, fallen out of date with respect to the code. Update a few of the out of date comments and defaults, particularly the default enctype lists. ticket: 6451 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22187 dc483132-0cff-0310-8789-dd5450dbe970
* Unfortunately, pre-1.7 krshd fails to support keyed checksums becauseSam Hartman2009-04-031-2/+2
| | | | | | | | | | | | | | | | it uses the wrong API and wrong key usage. So, if the auth_context has an explicit checksum type set, then respect that. kcmd sets such a checksum type. Also, because other applications may have the same problem, allow the config file variable if set to override the default checksum. * kcmd.c: Force use of rsa_md5 * init_ctx.c: do not default to md5 * mk_req_ext.c: allow auth_context to override ticket: 1624 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22160 dc483132-0cff-0310-8789-dd5450dbe970
* Use the preferred checksum for non-DES keys in the kdc_req path andSam Hartman2009-04-011-1/+2
| | | | | | | | | | | | all the time in the ap_req checksum path. This breaks code to support DCE versions prior to 1.1 but uses the correct checksum for protocol compatibility. ticket: 1624 Target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22154 dc483132-0cff-0310-8789-dd5450dbe970
* Document alias support in LDAP back endGreg Hudson2009-03-151-0/+20
| | | | | | | | | | | | Add a few paragraphs to the LDAP instructions on creating aliases through direct manipulation of the LDAP data, and briefly explain when aliases will be used. ticket: 6419 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22089 dc483132-0cff-0310-8789-dd5450dbe970
* Improve LDAP admin documentationGreg Hudson2009-03-141-86/+101
| | | | | | | | | | | | | | | | | | Use dc=example,dc=com as the example base DN instead of more archaic forms. Provide a little more cross-referencing of concepts and mechanisms. Add additional steps in the OpenLDAP setup instructions for choosing DNs for the Kerberos container, KDC service, and kadmin service. Explain a little bit about what the Kerberos container and realm container are. Be clearer that using separate subtrees from the realm container for principals is an option, not a necessity, and don't use the base DN as an example of a separate subtree (it's confusing). ticket: 6418 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22088 dc483132-0cff-0310-8789-dd5450dbe970
* fix merge of new openldap noticeKen Raeburn2009-01-051-3/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21698 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-031-0/+63
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Remove documentation references to krb4 functionality we no longerGreg Hudson2008-12-1812-7086/+2
| | | | | | | | | have. Remove the krb425 transition guide since we no longer have compatibility code to assist with a transition. ticket: 6303 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21545 dc483132-0cff-0310-8789-dd5450dbe970
* another diff test 4Tom Yu2008-12-171-7/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21519 dc483132-0cff-0310-8789-dd5450dbe970
* another diff test 3Tom Yu2008-12-171-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21518 dc483132-0cff-0310-8789-dd5450dbe970
* another diff test 2Tom Yu2008-12-171-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21517 dc483132-0cff-0310-8789-dd5450dbe970
* another diff testTom Yu2008-12-171-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21516 dc483132-0cff-0310-8789-dd5450dbe970
* test mailing diffs 6Tom Yu2008-12-171-7/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21515 dc483132-0cff-0310-8789-dd5450dbe970
* test mailing diffs 5Tom Yu2008-12-171-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21514 dc483132-0cff-0310-8789-dd5450dbe970
* test mailing diffs 4Tom Yu2008-12-171-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21513 dc483132-0cff-0310-8789-dd5450dbe970
* test mailing diffs 3Tom Yu2008-12-171-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21512 dc483132-0cff-0310-8789-dd5450dbe970
* test mailing diffs 2Tom Yu2008-12-171-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21511 dc483132-0cff-0310-8789-dd5450dbe970
* test mailing diffsTom Yu2008-12-171-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21510 dc483132-0cff-0310-8789-dd5450dbe970
* Note kprop doesn't do IPv6 yet eitherKen Raeburn2008-11-171-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21135 dc483132-0cff-0310-8789-dd5450dbe970
* Add _with_password credential acquisition functions to KIM APIAlexandra Ellwood2008-11-0320-29/+194
| | | | | | | | Needed for kinit password option. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20963 dc483132-0cff-0310-8789-dd5450dbe970
* PKINIT specs, draft 9 and final standardKen Raeburn2008-10-102-0/+1247
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20859 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 02:31:02 +0000