svn rev #25000: trunk/doc/rst_source/krb_admins/database/db_princs/

tsitkova@MIT.EDU tsitkova at MIT.EDU
Wed Jun 29 12:29:35 EDT 2011 

http://src.mit.edu/fisheye/changelog/krb5/?cs=25000
Commit By: tsitkova
Log Message:
Updated list of the permissions - added "p/P" and removed "s/S".



Changed Files:
U   trunk/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst
Modified: trunk/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst	2011-06-28 22:11:51 UTC (rev 24999)
+++ trunk/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst	2011-06-29 16:29:34 UTC (rev 25000)
@@ -1,7 +1,9 @@
+.. _privileges_label:
+
 Privileges
 ===============
 
-Administrative privileges for the Kerberos database are stored in the file *kadm5.acl*.
+Administrative privileges for the Kerberos database are stored in the file **kadm5.acl**.
 
 The format of the file is::
 
@@ -18,18 +20,20 @@
 === =====================================
 a    allows the addition of principals or policies in the database.
 A    disallows the addition of principals or policies in the database.
+c    allows the changing of passwords for principals in the database.
+C    disallows the changing of passwords for principals in the database.
 d    allows the deletion of principals or policies in the database.
 D    disallows the deletion of principals or policies in the database.
-m    allows the modification of principals or policies in the database.
-M    disallows the modification of principals or policies in the database.
-c    allows the changing of passwords for principals in the database.
-C    disallows the changing of passwords for principals in the database.
 i    allows inquiries to the database.
 I    disallows inquiries to the database.
 l    allows the listing of principals or policies in the database.
 L    disallows the listing of principals or policies in the database.
-s    allows the explicit setting of the key for a principal
-S    disallows the explicit setting of the key for a principal
+m    allows the modification of principals or policies in the database.
+M    disallows the modification of principals or policies in the database.
+p    allow the propagation of  the  principal  database.
+P    disallow the propagation of the principal database.
+u    allows the creation of one-component user principals  whose  password  can  be validated with PAM.
+U    negates the u privilege.
 \*   All privileges (admcil).
 x    All privileges (admcil); identical to "\*".
 === =====================================
@@ -39,7 +43,7 @@
 The restrictions are a string of flags. Allowed restrictions are: 
 
 ======================== ============================
-[+ -]flagname              flag is forced to indicated value. The permissible flags are the same as the + and - flags for the kadmin addprinc and modprinc commands.
+[+\|-]flagname             flag is forced to indicated value. The permissible flags are the same as the + and - flags for the kadmin addprinc and modprinc commands.
 -clearpolicy               policy is forced to clear
 -policy *pol*              policy is forced to be *pol*
 -expire time

More information about the cvs-krb5 mailing list