svn rev #25727: trunk/doc/rst_source/ krb_admins/admin_commands/ krb_admins/conf_files/ ...
tsitkova@MIT.EDU
tsitkova at MIT.EDU
Fri Mar 2 22:30:36 EST 2012
http://src.mit.edu/fisheye/changelog/krb5/?cs=25727
Commit By: tsitkova
Log Message:
Fix the problem when the text of the examples and alike's was not properly indented in the man pages.
Changed Files:
U trunk/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst
U trunk/doc/rst_source/krb_admins/admin_commands/kadmind.rst
U trunk/doc/rst_source/krb_admins/admin_commands/kdb5_ldap_util.rst
U trunk/doc/rst_source/krb_admins/admin_commands/kpropd.rst
U trunk/doc/rst_source/krb_admins/admin_commands/kproplog.rst
U trunk/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst
U trunk/doc/rst_source/krb_admins/admin_commands/ktutil.rst
U trunk/doc/rst_source/krb_admins/admin_commands/sserver.rst
U trunk/doc/rst_source/krb_admins/conf_files/kdc_conf.rst
U trunk/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
U trunk/doc/rst_source/krb_users/user_commands/k5identity.rst
U trunk/doc/rst_source/krb_users/user_commands/k5login.rst
U trunk/doc/rst_source/krb_users/user_commands/kinit.rst
U trunk/doc/rst_source/krb_users/user_commands/klist.rst
U trunk/doc/rst_source/krb_users/user_commands/kpasswd.rst
U trunk/doc/rst_source/krb_users/user_commands/ksu.rst
Modified: trunk/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -175,7 +175,8 @@
.. _date_format:
Many of the kadmin commands take a duration or time as an
-argument. The date can appear in a wide variety of formats, such as::
+argument. The date can appear in a wide variety of formats, such as:
+ ::
1 month ago
2 hours ago
@@ -392,7 +393,8 @@
multiple enctype-salttype pairs. This will not function against
kadmin daemons earlier than krb5-1.2.
-Example::
+Example:
+ ::
kadmin: addprinc jennifer
WARNING: no policy specified for "jennifer at ATHENA.MIT.EDU";
@@ -402,7 +404,8 @@
Principal "jennifer at ATHENA.MIT.EDU" created.
kadmin:
-Errors::
+Errors:
+ ::
KADM5_AUTH_ADD (requires "add" privilege)
KADM5_BAD_MASK (shouldn't happen)
@@ -448,7 +451,8 @@
authentication attempts without enough time between them according
to its password policy) so that it can successfully authenticate.
-Errors::
+Errors:
+ ::
KADM5_AUTH_MODIFY (requires "modify" privilege)
KADM5_UNK_PRINC (principal does not exist)
@@ -472,7 +476,8 @@
Alias: **renprinc**
-Errors::
+Errors:
+ ::
KADM5_AUTH_ADD (requires "add" privilege)
KADM5_AUTH_DELETE (requires "delete" privilege)
@@ -495,7 +500,8 @@
Alias: **delprinc**
-Errors::
+Errors:
+ ::
KADM5_AUTH_DELETE (requires "delete" privilege)
KADM5_UNK_PRINC (principal does not exist)
@@ -539,7 +545,8 @@
you know what you're doing. This option is not supported for the
LDAP database.
-Example::
+Example:
+ ::
kadmin: cpw systest
Enter password for principal systest at BLEEP.COM:
@@ -547,7 +554,8 @@
Password for systest at BLEEP.COM changed.
kadmin:
-Errors::
+Errors:
+ ::
KADM5_AUTH_MODIFY (requires the modify privilege)
KADM5_UNK_PRINC (principal does not exist)
@@ -588,7 +596,8 @@
Alias: **getprinc**
-Examples::
+Examples:
+ ::
kadmin: getprinc tlyu/admin
Principal: tlyu/admin at BLEEP.COM
@@ -613,7 +622,8 @@
tlyu/admin at BLEEP.COM 786100034 0 0
kadmin:
-Errors::
+Errors:
+ ::
KADM5_AUTH_GET (requires the get (inquire) privilege)
KADM5_UNK_PRINC (principal does not exist)
@@ -639,7 +649,8 @@
Alias: **listprincs**, **get_principals**, **get_princs**
-Example::
+Example:
+ ::
kadmin: listprincs test*
test3 at SECURE-TEST.OV.COM
@@ -744,12 +755,14 @@
without the specified failure count interval elapsing. A
duration of 0 means forever.
-Example::
+Example:
+ ::
kadmin: add_policy -maxlife "2 days" -minlength 5 guests
kadmin:
-Errors::
+Errors:
+ ::
KADM5_AUTH_ADD (requires the add privilege)
KADM5_DUP (policy already exists)
@@ -769,7 +782,8 @@
Alias: **modpol**
-Errors::
+Errors:
+ ::
KADM5_AUTH_MODIFY (requires the modify privilege)
KADM5_UNK_POLICY (policy does not exist)
@@ -790,14 +804,16 @@
Alias: **delpol**
-Example::
+Example:
+ ::
kadmin: del_policy guests
Are you sure you want to delete the policy "guests"?
(yes/no): yes
kadmin:
-Errors::
+Errors:
+ ::
KADM5_AUTH_DELETE (requires the delete privilege)
KADM5_UNK_POLICY (policy does not exist)
@@ -819,7 +835,8 @@
Alias: getpol
-Examples::
+Examples:
+ ::
kadmin: get_policy admin
Policy: admin
@@ -836,7 +853,8 @@
The "Reference count" is the number of principals using that policy.
-Errors::
+Errors:
+ ::
KADM5_AUTH_GET (requires the get privilege)
KADM5_UNK_POLICY (policy does not exist)
@@ -860,7 +878,8 @@
Aliases: **listpols**, **get_policies**, **getpols**.
-Examples::
+Examples:
+ ::
kadmin: listpols
test-pol
@@ -885,7 +904,8 @@
Alias: **getprivs**
-Example::
+Example:
+ ::
kadmin: get_privs
Principal joe/admin at ATHENA.MIT.EDU
@@ -942,7 +962,8 @@
ignoring multiple keys with the same encryption type but different
salt types.
-Example::
+Example:
+ ::
kadmin: ktadd -k /tmp/foo-new-keytab host/foo.mit.edu
Entry for principal host/foo.mit.edu at ATHENA.MIT.EDU with
@@ -978,7 +999,8 @@
Run in quiet mode. This causes ktremove to display less verbose
information.
-Example::
+Example:
+ ::
kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin all
Entry for principal kadmin/admin with kvno 3 removed
Modified: trunk/doc/rst_source/krb_admins/admin_commands/kadmind.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/kadmind.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_admins/admin_commands/kadmind.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -186,7 +186,7 @@
is disallowed. If the character is lower-case, then the operation
is permitted.
- ::
+ ::
a [Dis]allows the addition of principals or policies in the database.
d [Dis]allows the deletion of principals or policies in the database.
Modified: trunk/doc/rst_source/krb_admins/admin_commands/kdb5_ldap_util.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/kdb5_ldap_util.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_admins/admin_commands/kdb5_ldap_util.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -216,7 +216,8 @@
.. _kdb5_ldap_util_create_edir_end:
-Example::
+EXAMPLE:
+ ::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu create -subtrees o=org -sscope SUB -r ATHENA.MIT.EDU
Password for "cn=admin,o=org":
@@ -393,7 +394,8 @@
.. _kdb5_ldap_util_modify_edir_end:
-Example::
+EXAMPLE:
+ ::
shell% kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify +requires_preauth -r ATHENA.MIT.EDU
Password for "cn=admin,o=org":
@@ -413,7 +415,8 @@
**-r** *realm*
Specifies the Kerberos realm of the database.
-EXAMPLE::
+EXAMPLE:
+ ::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view -r ATHENA.MIT.EDU
Password for "cn=admin,o=org":
@@ -442,7 +445,8 @@
**-r** *realm*
Specifies the Kerberos realm of the database.
-EXAMPLE::
+EXAMPLE:
+ ::
shell% kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy -r ATHENA.MIT.EDU
Password for "cn=admin,o=org":
@@ -462,7 +466,8 @@
Lists the name of realms.
-EXAMPLE::
+EXAMPLE:
+ ::
shell% kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list
Password for "cn=admin,o=org":
@@ -494,7 +499,8 @@
Specifies Distinguished Name (DN) of the service object whose
password is to be stored in file.
-EXAMPLE::
+EXAMPLE:
+ ::
kdb5_ldap_util stashsrvpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org
Password for "cn=service-kdc,o=org":
@@ -613,7 +619,8 @@
*policy_name*
Specifies the name of the ticket policy.
-EXAMPLE::
+EXAMPLE:
+ ::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu create_policy -r ATHENA.MIT.EDU -maxtktlife "1 day" -maxrenewlife "1 week" -allow_postdated +needchange -allow_forwardable tktpolicy
Password for "cn=admin,o=org":
@@ -638,7 +645,8 @@
**-r** *realm*
Specifies the Kerberos realm of the database.
-Example::
+EXAMPLE:
+ ::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify_policy -r ATHENA.MIT.EDU -maxtktlife "60 minutes" -maxrenewlife "10 hours" +allow_postdated -requires_preauth tktpolicy
Password for "cn=admin,o=org":
@@ -659,7 +667,8 @@
*policy_name*
Specifies the name of the ticket policy.
-EXAMPLE::
+EXAMPLE:
+ ::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view_policy -r ATHENA.MIT.EDU tktpolicy
Password for "cn=admin,o=org":
@@ -693,7 +702,8 @@
*policy_name*
Specifies the name of the ticket policy.
-Example::
+EXAMPLE:
+ ::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy_policy -r ATHENA.MIT.EDU tktpolicy
Password for "cn=admin,o=org":
@@ -717,7 +727,8 @@
**-r** *realm*
Specifies the Kerberos realm of the database.
-Example::
+EXAMPLE:
+ ::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list_policy -r ATHENA.MIT.EDU
Password for "cn=admin,o=org":
@@ -765,7 +776,8 @@
Specifies Distinguished Name (DN) of the service object whose
password is to be set.
-Example::
+EXAMPLE:
+ ::
kdb5_ldap_util setsrvpw -D cn=admin,o=org setsrvpw -fileonly -f /home/andrew/conf_keyfile cn=service-kdc,o=org
Password for "cn=admin,o=org":
@@ -829,7 +841,8 @@
Specifies Distinguished Name (DN) of the Kerberos service to be
created.
-Example::
+EXAMPLE:
+ ::
shell% kdb5_ldap_util -D cn=admin,o=org create_service -kdc -randpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org
Password for "cn=admin,o=org":
@@ -895,7 +908,8 @@
Specifies Distinguished Name (DN) of the Kerberos service to be
modified.
-Example::
+EXAMPLE:
+ ::
shell% kdb5_ldap_util -D cn=admin,o=org modify_service -realm ATHENA.MIT.EDU cn=service-kdc,o=org
Password for "cn=admin,o=org":
@@ -917,7 +931,8 @@
Specifies Distinguished Name (DN) of the Kerberos service to be
viewed.
-Example::
+EXAMPLE:
+ ::
shell% kdb5_ldap_util -D cn=admin,o=org view_service cn=service-kdc,o=org
Password for "cn=admin,o=org":
@@ -954,7 +969,8 @@
Specifies Distinguished Name (DN) of the Kerberos service to be
destroyed.
-EXAMPLE::
+EXAMPLE:
+ ::
shell% kdb5_ldap_util -D cn=admin,o=org destroy_service cn=service-kdc,o=org
Password for "cn=admin,o=org":
@@ -982,7 +998,8 @@
slapd.conf file will be used, where as in the case of eDirectory,
the default value for the base DN is Root.
-EXAMPLE::
+EXAMPLE:
+ ::
shell% kdb5_ldap_util -D cn=admin,o=org list_service
Password for "cn=admin,o=org":
Modified: trunk/doc/rst_source/krb_admins/admin_commands/kpropd.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/kpropd.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_admins/admin_commands/kpropd.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -32,7 +32,8 @@
file, the slave Kerberos server will have an up-to-date KDC database.
Normally, kpropd is invoked out of inetd(8). This is done by adding
-a line to the ``/etc/inetd.conf`` file which looks like this::
+a line to the ``/etc/inetd.conf`` file which looks like this:
+ ::
kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
Modified: trunk/doc/rst_source/krb_admins/admin_commands/kproplog.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/kproplog.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_admins/admin_commands/kproplog.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -46,7 +46,8 @@
**-v**
Display individual attributes per update. An example of the
- output generated for one entry::
+ output generated for one entry:
+ ::
Update Entry
Update serial # : 4
Modified: trunk/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -106,7 +106,8 @@
The realms are listed on the command line. Per-realm options that can
be specified on the command line pertain for each realm that follows
it and are superseded by subsequent definitions of the same option.
-For example::
+For example:
+ ::
krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3
Modified: trunk/doc/rst_source/krb_admins/admin_commands/ktutil.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/ktutil.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_admins/admin_commands/ktutil.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -115,7 +115,7 @@
EXAMPLE
-------
-::
+ ::
ktutil: add_entry -password -p alice at BLEEP.COM -k 1 -e aes128-cts-hmac-sha1-96
Password for alice at BLEEP.COM:
Modified: trunk/doc/rst_source/krb_admins/admin_commands/sserver.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/sserver.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_admins/admin_commands/sserver.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -30,13 +30,15 @@
The **-S** option allows for a different keytab than the default.
sserver is normally invoked out of inetd(8), using a line in
-``/etc/inetd.conf`` that looks like this::
+``/etc/inetd.conf`` that looks like this:
+ ::
sample stream tcp nowait root /usr/local/sbin/sserver sserver
Since ``sample`` is normally not a port defined in ``/etc/services``,
you will usually have to add a line to ``/etc/services`` which looks
-like this::
+like this:
+ ::
sample 13135/tcp
@@ -48,7 +50,8 @@
for the sample tcp port, and that the same port number is in both
files.
-When you run sclient you should see something like this::
+When you run sclient you should see something like this:
+ ::
sendauth succeeded, reply is:
reply len 32, contents:
@@ -58,28 +61,32 @@
COMMON ERROR MESSAGES
---------------------
-1) kinit returns the error::
+1) kinit returns the error:
+ ::
kinit: Client not found in Kerberos database while getting initial credentials
This means that you didn't create an entry for your username in the
Kerberos database.
-2) sclient returns the error::
+2) sclient returns the error:
+ ::
unknown service sample/tcp; check /etc/services
This means that you don't have an entry in /etc/services for the
sample tcp port.
-3) sclient returns the error::
+3) sclient returns the error:
+ ::
connect: Connection refused
This probably means you didn't edit /etc/inetd.conf correctly, or
you didn't restart inetd after editing inetd.conf.
-4) sclient returns the error::
+4) sclient returns the error:
+ ::
sclient: Server not found in Kerberos database while using sendauth
@@ -88,7 +95,8 @@
:ref:`kadmin(1)`, and a keytab file needs to be generated to make
the key for that service principal available for sclient.
-5) sclient returns the error::
+5) sclient returns the error:
+ ::
sendauth rejected, error reply is:
" No such file or directory"
Modified: trunk/doc/rst_source/krb_admins/conf_files/kdc_conf.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/conf_files/kdc_conf.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_admins/conf_files/kdc_conf.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -346,14 +346,16 @@
to, a generic [kdcdefaults] specification. The search order
is:
-1. realm-specific subsection of [realms], ::
+1. realm-specific subsection of [realms],
+ ::
[realms]
EXAMPLE.COM = {
pkinit_anchors = FILE\:/usr/local/example.com.crt
}
-2. generic value in the [kdcdefaults] section. ::
+2. generic value in the [kdcdefaults] section.
+ ::
[kdcdefaults]
pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/
@@ -445,7 +447,8 @@
Sample kdc.conf File
--------------------
-Here's an example of a kdc.conf file::
+Here's an example of a kdc.conf file:
+ ::
[kdcdefaults]
kdc_ports = 88
Modified: trunk/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/conf_files/krb5_conf.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_admins/conf_files/krb5_conf.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -17,11 +17,13 @@
The krb5.conf file is set up in the style of a Windows INI file.
Sections are headed by the section name, in square brackets. Each
-section may contain zero or more relations, of the form::
+section may contain zero or more relations, of the form:
+ ::
foo = bar
-or::
+or
+ ::
fubar = {
foo = bar
@@ -33,7 +35,8 @@
configuration file nor any other configuration file will be checked
for any other values for this tag.
-For example, if you have the following lines::
+For example, if you have the following lines:
+ ::
foo = bar*
foo = baz
@@ -41,7 +44,8 @@
then the second value of ``foo`` (``baz``) would never be read.
The krb5.conf file can include other files using either of the
-following directives at the beginning of a line::
+following directives at the beginning of a line:
+ ::
include FILENAME
includedir DIRNAME
@@ -56,7 +60,8 @@
The krb5.conf file can specify that configuration should be obtained
from a loadable module, rather than the file itself, using the
following directive at the beginning of a line before any section
-headers::
+headers:
+ ::
module MODULEPATH:RESIDUAL
@@ -393,7 +398,8 @@
default realm, this rule is not applicable and the conversion
will fail.
- For example::
+ For example:
+ ::
[realms]
ATHENA.MIT.EDU = {
@@ -487,7 +493,8 @@
If no translation entry applies, the host's realm is considered to be
the hostname's domain portion converted to upper case. For example,
-the following [domain_realm] section::
+the following [domain_realm] section:
+ ::
[domain_realm]
crash.mit.edu = TEST.ATHENA.MIT.EDU
@@ -564,7 +571,8 @@
the console and to the system log under the facility LOG_DAEMON with
default severity of LOG_INFO; and the logging messages from the
administrative server will be appended to the file
-``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``.::
+``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``.
+ ::
[logging]
kdc = CONSOLE
@@ -604,7 +612,8 @@
use the ``ES.NET`` realm as an intermediate realm. ``ANL`` has a sub
realm of ``TEST.ANL.GOV`` which will authenticate with ``NERSC.GOV``
but not ``PNL.GOV``. The [capaths] section for ``ANL.GOV`` systems
-would look like this::
+would look like this:
+ ::
[capaths]
ANL.GOV = {
@@ -627,7 +636,8 @@
}
The [capaths] section of the configuration file used on ``NERSC.GOV``
-systems would look like this::
+systems would look like this:
+ ::
[capaths]
NERSC.GOV = {
@@ -809,7 +819,8 @@
or an option that is used by some Kerberos V5 application[s]. The
value of the tag defines the default behaviors for that application.
-For example::
+For example:
+ ::
[appdefaults]
telnet = {
@@ -947,21 +958,24 @@
does not add to, a generic [libdefaults] specification. The
search order is:
-1. realm-specific subsection of [libdefaults] ::
+1. realm-specific subsection of [libdefaults] :
+ ::
[libdefaults]
EXAMPLE.COM = {
pkinit_anchors = FILE\:/usr/local/example.com.crt
}
-2. realm-specific value in the [realms] section, ::
+2. realm-specific value in the [realms] section,
+ ::
[realms]
OTHERREALM.ORG = {
pkinit_anchors = FILE\:/usr/local/otherrealm.org.crt
}
-3. generic value in the [libdefaults] section. ::
+3. generic value in the [libdefaults] section.
+ ::
[libdefaults]
pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/
@@ -1095,7 +1109,8 @@
* digitalSignature
* keyEncipherment
- Examples::
+ Examples:
+ ::
pkinit_cert_match = ||<SUBJECT>.*DoE.*<SAN>.*@EXAMPLE.COM
pkinit_cert_match = &&<EKU>msScLogin,clientAuth<ISSUER>.*DoE.*
@@ -1188,7 +1203,8 @@
Sample krb5.conf file
---------------------
-Here is an example of a generic krb5.conf file::
+Here is an example of a generic krb5.conf file:
+ ::
[libdefaults]
default_realm = ATHENA.MIT.EDU
Modified: trunk/doc/rst_source/krb_users/user_commands/k5identity.rst
===================================================================
--- trunk/doc/rst_source/krb_users/user_commands/k5identity.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_users/user_commands/k5identity.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -56,7 +56,8 @@
``alice at KRBTEST.COM`` if the server principal is within that realm,
the principal ``alice/root at EXAMPLE.COM`` if the server host is within
a servers subdomain, and the principal ``alice/mail at EXAMPLE.COM`` when
-accessing the IMAP service on ``mail.example.com``::
+accessing the IMAP service on ``mail.example.com``:
+ ::
alice at KRBTEST.COM realm=KRBTEST.COM
alice/root at EXAMPLE.COM host=*.servers.example.com
Modified: trunk/doc/rst_source/krb_users/user_commands/k5login.rst
===================================================================
--- trunk/doc/rst_source/krb_users/user_commands/k5login.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_users/user_commands/k5login.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -23,7 +23,8 @@
--------
Suppose the user ``alice`` had a .k5login file in her home directory
-containing the following line::
+containing the following line:
+ ::
bob at FOOBAR.ORG
@@ -33,7 +34,8 @@
Let us further suppose that ``alice`` is a system administrator.
Alice and the other system administrators would have their principals
-in root's .k5login file on each host::
+in root's .k5login file on each host:
+ ::
alice at BLEEP.COM
Modified: trunk/doc/rst_source/krb_users/user_commands/kinit.rst
===================================================================
--- trunk/doc/rst_source/krb_users/user_commands/kinit.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_users/user_commands/kinit.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -44,7 +44,8 @@
**-l** *lifetime*
requests a ticket with the lifetime lifetime. The
value for lifetime must be followed immediately by one
- of the following delimiters::
+ of the following delimiters:
+ ::
s seconds
m minutes
Modified: trunk/doc/rst_source/krb_users/user_commands/klist.rst
===================================================================
--- trunk/doc/rst_source/krb_users/user_commands/klist.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_users/user_commands/klist.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -43,7 +43,8 @@
**-f**
Shows the flags present in the credentials, using the following
- abbreviations::
+ abbreviations:
+ ::
F Forwardable
f forwarded
Modified: trunk/doc/rst_source/krb_users/user_commands/kpasswd.rst
===================================================================
--- trunk/doc/rst_source/krb_users/user_commands/kpasswd.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_users/user_commands/kpasswd.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -39,7 +39,8 @@
PORTS
-----
-kpasswd looks first for::
+kpasswd looks first for
+ ::
kpasswd_server = host:port
Modified: trunk/doc/rst_source/krb_users/user_commands/ksu.rst
===================================================================
--- trunk/doc/rst_source/krb_users/user_commands/ksu.rst 2012-03-02 22:43:34 UTC (rev 25726)
+++ trunk/doc/rst_source/krb_users/user_commands/ksu.rst 2012-03-03 03:30:36 UTC (rev 25727)
@@ -84,7 +84,8 @@
contains the name of a principal that is authorized to access the
account.
-For example::
+For example:
+ ::
jqpublic at USC.EDU
jqpublic/secure at USC.EDU
@@ -216,7 +217,8 @@
defined the source cache name is set to ``krb5cc_<source uid>``.
The target cache name is automatically set to ``krb5cc_<target
uid>.(gen_sym())``, where gen_sym generates a new number such that
- the resulting cache does not already exist. For example::
+ the resulting cache does not already exist. For example:
+ ::
krb5cc_1984.2
@@ -276,7 +278,8 @@
**-e** *command* [*args* ...]
ksu proceeds exactly the same as if it was invoked without the
**-e** option, except instead of executing the target shell, ksu
- executes the specified command Example of usage::
+ executes the specified command. Example of usage:
+ ::
ksu bob -e ls -lag
@@ -295,7 +298,8 @@
list of commands that the principal is authorized to execute. A
principal name followed by a ``*`` means that the user is
authorized to execute any command. Thus, in the following
- example::
+ example:
+ ::
jqpublic at USC.EDU ls mail /local/kerberos/klist
jqpublic/secure at USC.EDU *
@@ -327,7 +331,8 @@
thus all options intended for ksu must precede **-a**.
The **-a** option can be used to simulate the **-e** option if
- used as follows::
+ used as follows:
+ ::
-a -c [command [arguments]].
@@ -364,7 +369,8 @@
called to obtain the names of "legal shells". Note that the
target user's shell is obtained from the passwd file.
-Sample configuration::
+Sample configuration:
+ ::
KSU_OPTS = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /usr/ucb /local/bin"
More information about the cvs-krb5
mailing list