krb5 commit: Regenerate checked-in man pages

Benjamin Kaduk kaduk at MIT.EDU
Tue Dec 11 17:23:45 EST 2012 

https://github.com/krb5/krb5/commit/26481ee22377a46badbbf4bbdd8ae04265057205
commit 26481ee22377a46badbbf4bbdd8ae04265057205
Author: Ben Kaduk <kaduk at mit.edu>
Date:   Tue Dec 11 17:19:44 2012 -0500

    Regenerate checked-in man pages
    
    Pick up changes to kadmin.rst and krb5_conf.rst adding cross-references
    for account lockout and detailing parameter expansion for keytab
    and credentials cache names in krb5.conf
    
    ticket: 7494 (new)
    tags: pullup
    target_version: 1.11

 src/man/kadmin.man    |   21 ++++++++++++++++-----
 src/man/krb5.conf.man |    5 +++--
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/man/kadmin.man b/src/man/kadmin.man
index e3278e7..06753dd 100644
--- a/src/man/kadmin.man
+++ b/src/man/kadmin.man
@@ -628,23 +628,34 @@ numbers, punctuation, and whitespace/unprintable characters.
 .B \fB\-history\fP \fInumber\fP
 Sets the number of past keys kept for a principal.  This option is
 not supported with the LDAP KDC database module.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \fB\-maxfailure\fP \fImaxnumber\fP
-Sets the maximum number of authentication failures before the
-principal is locked.  Authentication failures are only tracked for
-principals which require preauthentication.
+Sets the number of authentication failures before the principal is
+locked.  Authentication failures are only tracked for principals
+which require preauthentication.  The counter of failed attempts
+resets to 0 after a successful attempt to authenticate.  A
+\fImaxnumber\fP value of 0 (the default) disables lockout.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \fB\-failurecountinterval\fP \fIfailuretime\fP
 (\fIgetdate\fP string) Sets the allowable time between
 authentication failures.  If an authentication failure happens
 after \fIfailuretime\fP has elapsed since the previous failure,
-the number of authentication failures is reset to 1.
+the number of authentication failures is reset to 1.  A
+\fIfailuretime\fP value of 0 (the default) means forever.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \fB\-lockoutduration\fP \fIlockouttime\fP
 (\fIgetdate\fP string) Sets the duration for which the principal
 is locked from authenticating if too many authentication failures
 occur without the specified failure count interval elapsing.
-A duration of 0 means forever.
+A duration of 0 (the default) means the principal remains locked
+out until it is administratively unlocked with \fBmodprinc
+\-unlock\fP.
 .TP
 .B \fB\-allowedkeysalts\fP
 Specifies the key/salt tuples supported for long\-term keys when
diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man
index 5c58fee..a5bb7c3 100644
--- a/src/man/krb5.conf.man
+++ b/src/man/krb5.conf.man
@@ -1146,8 +1146,9 @@ The default is false.
 .UNINDENT
 .SH PARAMETER EXPANSION
 .sp
-Several variables, such as \fBdefault_keytab_name\fP, allow parameters
-to be expanded.  Valid parameters are:
+Starting with release 1.11, several variables, such as
+\fBdefault_keytab_name\fP, allow parameters to be expanded.
+Valid parameters are:
 .INDENT 0.0
 .INDENT 3.5
 .TS

More information about the cvs-krb5 mailing list