svn rev #22342: branches/krb5-1-7/doc/

tlyu@MIT.EDU tlyu at MIT.EDU
Mon May 11 18:11:31 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22342
Commit By: tlyu
Log Message:
ticket: 6485
tags: pullup
target_version: 1.7
version_fixed: 1.7
subject: document ok_as_delegate in admin.texinfo

pull up r2293, r22304 from trunk

 ------------------------------------------------------------------------
 r22304 | ghudson | 2009-05-03 14:47:27 -0400 (Sun, 03 May 2009) | 2 lines
 Changed paths:
    M /trunk/doc/admin.texinfo

 Fix formatting of ok_as_delegate documentation in admin guide.
 ------------------------------------------------------------------------
 r22293 | ghudson | 2009-04-30 11:08:50 -0400 (Thu, 30 Apr 2009) | 2 lines
 Changed paths:
    M /trunk/doc/admin.texinfo

 Document ok_as_delegate in the admin guide.


Changed Files:
U   branches/krb5-1-7/doc/admin.texinfo
Modified: branches/krb5-1-7/doc/admin.texinfo
===================================================================
--- branches/krb5-1-7/doc/admin.texinfo	2009-05-11 20:56:55 UTC (rev 22341)
+++ branches/krb5-1-7/doc/admin.texinfo	2009-05-11 22:11:30 UTC (rev 22342)
@@ -2274,6 +2274,14 @@
 ``+password_changing_service'' option sets the KRB5_KDB_PWCHANGE_SERVICE
 flag on the principal in the database.
 
+ at item @{-|+@}ok_as_delegate
+The ``+ok_as_delegate'' option sets a flag in tickets issued for the
+service principal.  Some client programs may recognize this flag as
+indicating that it is okay to delegate credentials to the service.  If
+ok_as_delegate is set on a cross-realm TGT, it indicates that the
+foreign realm's ok_as_delegate flags should be honored by clients in
+the local realm.  The default is ``-ok_as_delegate''.
+
 @item -randkey
 Sets the key for the principal to a random value (@code{add_principal}
 only).  @value{COMPANY} recommends using this option for host keys.
@@ -3101,6 +3109,13 @@
 @samp{KRB5_KDB_REQURES_HW_AUTH} flag.)  @code{-requires_hwauth} clears
 this flag.
 
+ at itemx @{-|+@}ok_as_delegate
+ at code{+ok_as_delegate} sets the OK-AS-DELEGATE flag on tickets issued for use
+with this principal as the service, which clients may use as a hint that
+credentials can and should be delegated when authenticating to the service.
+(Sets the @samp{KRB5_KDB_OK_AS_DELEGATE} flag.) @code{-ok_as_delegate} clears
+this flag.
+
 @itemx @{-|+@}allow_svr
 @code{-allow_svr} prohibits the issuance of service tickets for principals. (Sets the @samp{KRB5_KDB_DISALLOW_SVR} flag.) @code{+allow_svr} clears this flag.

More information about the cvs-krb5 mailing list