svn rev #25734: trunk/doc/rst_source/ krb_admins/admin_commands/ krb_admins/conf_files/ ...
tsitkova@MIT.EDU
tsitkova at MIT.EDU
Mon Mar 5 18:40:01 EST 2012
http://src.mit.edu/fisheye/changelog/krb5/?cs=25734
Commit By: tsitkova
Log Message:
Make sure that
1. a new-line " ::" is preceded by not more then one line of text;
2. a new line does not start with a whitespace(s) and a dot
Changed Files:
U trunk/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst
U trunk/doc/rst_source/krb_admins/admin_commands/kpropd.rst
U trunk/doc/rst_source/krb_admins/admin_commands/kproplog.rst
U trunk/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst
U trunk/doc/rst_source/krb_admins/admin_commands/sserver.rst
U trunk/doc/rst_source/krb_admins/conf_files/kdc_conf.rst
U trunk/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
U trunk/doc/rst_source/krb_users/user_commands/k5identity.rst
U trunk/doc/rst_source/krb_users/user_commands/k5login.rst
U trunk/doc/rst_source/krb_users/user_commands/kinit.rst
U trunk/doc/rst_source/krb_users/user_commands/klist.rst
U trunk/doc/rst_source/krb_users/user_commands/ksu.rst
Modified: trunk/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -176,6 +176,7 @@
Many of the kadmin commands take a duration or time as an
argument. The date can appear in a wide variety of formats, such as:
+
::
1 month ago
Modified: trunk/doc/rst_source/krb_admins/admin_commands/kpropd.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/kpropd.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_admins/admin_commands/kpropd.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -33,6 +33,7 @@
Normally, kpropd is invoked out of inetd(8). This is done by adding
a line to the ``/etc/inetd.conf`` file which looks like this:
+
::
kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
Modified: trunk/doc/rst_source/krb_admins/admin_commands/kproplog.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/kproplog.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_admins/admin_commands/kproplog.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -47,6 +47,7 @@
**-v**
Display individual attributes per update. An example of the
output generated for one entry:
+
::
Update Entry
Modified: trunk/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -106,6 +106,7 @@
The realms are listed on the command line. Per-realm options that can
be specified on the command line pertain for each realm that follows
it and are superseded by subsequent definitions of the same option.
+
For example:
::
Modified: trunk/doc/rst_source/krb_admins/admin_commands/sserver.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/admin_commands/sserver.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_admins/admin_commands/sserver.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -31,6 +31,7 @@
sserver is normally invoked out of inetd(8), using a line in
``/etc/inetd.conf`` that looks like this:
+
::
sample stream tcp nowait root /usr/local/sbin/sserver sserver
@@ -38,6 +39,7 @@
Since ``sample`` is normally not a port defined in ``/etc/services``,
you will usually have to add a line to ``/etc/services`` which looks
like this:
+
::
sample 13135/tcp
Modified: trunk/doc/rst_source/krb_admins/conf_files/kdc_conf.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/conf_files/kdc_conf.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_admins/conf_files/kdc_conf.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -343,16 +343,16 @@
1. realm-specific subsection of [realms],
::
- [realms]
- EXAMPLE.COM = {
- pkinit_anchors = FILE\:/usr/local/example.com.crt
- }
+ [realms]
+ EXAMPLE.COM = {
+ pkinit_anchors = FILE\:/usr/local/example.com.crt
+ }
2. generic value in the [kdcdefaults] section.
::
- [kdcdefaults]
- pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/
+ [kdcdefaults]
+ pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/
For information about the syntax of some of these options, see pkinit
identity syntax.
Modified: trunk/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
===================================================================
--- trunk/doc/rst_source/krb_admins/conf_files/krb5_conf.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_admins/conf_files/krb5_conf.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -18,6 +18,7 @@
The krb5.conf file is set up in the style of a Windows INI file.
Sections are headed by the section name, in square brackets. Each
section may contain zero or more relations, of the form:
+
::
foo = bar
@@ -45,6 +46,7 @@
The krb5.conf file can include other files using either of the
following directives at the beginning of a line:
+
::
include FILENAME
@@ -61,6 +63,7 @@
from a loadable module, rather than the file itself, using the
following directive at the beginning of a line before any section
headers:
+
::
module MODULEPATH:RESIDUAL
@@ -238,8 +241,8 @@
If set, the library will look for a local user's k5login file
within the named directory, with a filename corresponding to the
local username. If not set, the library will look for k5login
- files in the user's home directory, with the filename
- .k5login. For security reasons, .k5login files must be owned by
+ files in the user's home directory, with the filename .k5login.
+ For security reasons, .k5login files must be owned by
the local user or by root.
**kdc_default_options**
@@ -494,6 +497,7 @@
If no translation entry applies, the host's realm is considered to be
the hostname's domain portion converted to upper case. For example,
the following [domain_realm] section:
+
::
[domain_realm]
@@ -572,6 +576,7 @@
default severity of LOG_INFO; and the logging messages from the
administrative server will be appended to the file
``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``.
+
::
[logging]
@@ -613,6 +618,7 @@
realm of ``TEST.ANL.GOV`` which will authenticate with ``NERSC.GOV``
but not ``PNL.GOV``. The [capaths] section for ``ANL.GOV`` systems
would look like this:
+
::
[capaths]
@@ -637,6 +643,7 @@
The [capaths] section of the configuration file used on ``NERSC.GOV``
systems would look like this:
+
::
[capaths]
@@ -961,24 +968,24 @@
1. realm-specific subsection of [libdefaults] :
::
- [libdefaults]
- EXAMPLE.COM = {
- pkinit_anchors = FILE\:/usr/local/example.com.crt
- }
+ [libdefaults]
+ EXAMPLE.COM = {
+ pkinit_anchors = FILE\:/usr/local/example.com.crt
+ }
2. realm-specific value in the [realms] section,
::
- [realms]
- OTHERREALM.ORG = {
- pkinit_anchors = FILE\:/usr/local/otherrealm.org.crt
- }
+ [realms]
+ OTHERREALM.ORG = {
+ pkinit_anchors = FILE\:/usr/local/otherrealm.org.crt
+ }
3. generic value in the [libdefaults] section.
::
- [libdefaults]
- pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/
+ [libdefaults]
+ pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/
Specifying pkinit identity information
Modified: trunk/doc/rst_source/krb_users/user_commands/k5identity.rst
===================================================================
--- trunk/doc/rst_source/krb_users/user_commands/k5identity.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_users/user_commands/k5identity.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -57,6 +57,7 @@
the principal ``alice/root at EXAMPLE.COM`` if the server host is within
a servers subdomain, and the principal ``alice/mail at EXAMPLE.COM`` when
accessing the IMAP service on ``mail.example.com``:
+
::
alice at KRBTEST.COM realm=KRBTEST.COM
Modified: trunk/doc/rst_source/krb_users/user_commands/k5login.rst
===================================================================
--- trunk/doc/rst_source/krb_users/user_commands/k5login.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_users/user_commands/k5login.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -24,6 +24,7 @@
Suppose the user ``alice`` had a .k5login file in her home directory
containing the following line:
+
::
bob at FOOBAR.ORG
@@ -35,6 +36,7 @@
Let us further suppose that ``alice`` is a system administrator.
Alice and the other system administrators would have their principals
in root's .k5login file on each host:
+
::
alice at BLEEP.COM
Modified: trunk/doc/rst_source/krb_users/user_commands/kinit.rst
===================================================================
--- trunk/doc/rst_source/krb_users/user_commands/kinit.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_users/user_commands/kinit.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -45,6 +45,7 @@
requests a ticket with the lifetime lifetime. The
value for lifetime must be followed immediately by one
of the following delimiters:
+
::
s seconds
Modified: trunk/doc/rst_source/krb_users/user_commands/klist.rst
===================================================================
--- trunk/doc/rst_source/krb_users/user_commands/klist.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_users/user_commands/klist.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -44,6 +44,7 @@
**-f**
Shows the flags present in the credentials, using the following
abbreviations:
+
::
F Forwardable
Modified: trunk/doc/rst_source/krb_users/user_commands/ksu.rst
===================================================================
--- trunk/doc/rst_source/krb_users/user_commands/ksu.rst 2012-03-05 19:27:49 UTC (rev 25733)
+++ trunk/doc/rst_source/krb_users/user_commands/ksu.rst 2012-03-05 23:40:01 UTC (rev 25734)
@@ -218,6 +218,7 @@
The target cache name is automatically set to ``krb5cc_<target
uid>.(gen_sym())``, where gen_sym generates a new number such that
the resulting cache does not already exist. For example:
+
::
krb5cc_1984.2
@@ -279,6 +280,7 @@
ksu proceeds exactly the same as if it was invoked without the
**-e** option, except instead of executing the target shell, ksu
executes the specified command. Example of usage:
+
::
ksu bob -e ls -lag
@@ -299,6 +301,7 @@
principal name followed by a ``*`` means that the user is
authorized to execute any command. Thus, in the following
example:
+
::
jqpublic at USC.EDU ls mail /local/kerberos/klist
@@ -332,6 +335,7 @@
The **-a** option can be used to simulate the **-e** option if
used as follows:
+
::
-a -c [command [arguments]].
@@ -353,11 +357,10 @@
channel, the password may get exposed.
**PRINC_LOOK_AHEAD**
-
During the resolution of the default principal name,
- **PRINC_LOOK_AHEAD** enables ksu to find principal names in the
- .k5users file as described in the OPTIONS section (see **-n**
- option).
+ **PRINC_LOOK_AHEAD** enables ksu to find principal names in
+ the .k5users file as described in the OPTIONS section
+ (see **-n** option).
**CMD_PATH**
Specifies a list of directories containing programs that users are
More information about the cvs-krb5
mailing list