krb5 commit [krb5-1.12]: Update man pages

Tom Yu tlyu at MIT.EDU
Fri Nov 8 14:33:57 EST 2013 

https://github.com/krb5/krb5/commit/5e052c3c554f937a682448a6c55ce800a8b89571
commit 5e052c3c554f937a682448a6c55ce800a8b89571
Author: Tom Yu <tlyu at mit.edu>
Date:   Fri Nov 8 13:23:27 2013 -0500

    Update man pages

 src/man/kdb5_util.man |    4 +-
 src/man/kdc.conf.man  |   70 +++++++++++++++++++++++++++++++-----------------
 src/man/kpropd.man    |   27 ++++++++----------
 3 files changed, 59 insertions(+), 42 deletions(-)

diff --git a/src/man/kdb5_util.man b/src/man/kdb5_util.man
index 76266c7..633e9a5 100644
--- a/src/man/kdb5_util.man
+++ b/src/man/kdb5_util.man
@@ -333,8 +333,8 @@ gives more verbose output.
 .sp
 Update all principal records (or only those matching the
 \fIprinc\-pattern\fP glob pattern) to re\-encrypt the key data using the
-active database master key, if they are encrypted using older
-versions, and give a count at the end of the number of principals
+active database master key, if they are encrypted using a different
+version, and give a count at the end of the number of principals
 updated.  If the \fB\-f\fP option is not given, ask for confirmation
 before starting to make changes.  The \fB\-v\fP option causes each
 principal processed to be listed, with an indication as to whether it
diff --git a/src/man/kdc.conf.man b/src/man/kdc.conf.man
index ed6bbd6..d37781c 100644
--- a/src/man/kdc.conf.man
+++ b/src/man/kdc.conf.man
@@ -112,11 +112,21 @@ default value is 4096 bytes.
 .UNINDENT
 .SS [realms]
 .sp
-Each tag in the [realms] section is the name of a Kerberos realm.
-The value of the tag is a subsection where the relations define KDC
-parameters for that particular realm.
+Each tag in the [realms] section is the name of a Kerberos realm.  The
+value of the tag is a subsection where the relations define KDC
+parameters for that particular realm.  The following example shows how
+to define one parameter for the ATHENA.MIT.EDU realm:
 .sp
-For each realm, the following tags may be specified:
+.nf
+.ft C
+[realms]
+    ATHENA.MIT.EDU = {
+        max_renewable_life = 7d 0h 0m 0s
+    }
+.ft P
+.fi
+.sp
+The following tags may be specified in a [realms] subsection:
 .INDENT 0.0
 .TP
 .B \fBacl_file\fP
@@ -127,17 +137,17 @@ which permissions on the Kerberos database.  The default value is
 file see \fIkadm5.acl(5)\fP.
 .TP
 .B \fBdatabase_module\fP
-This relation indicates the name of the configuration section
-under \fI\%[dbmodules]\fP for database specific parameters used by
-the loadable database library.
+(String.)  This relation indicates the name of the configuration
+section under \fI\%[dbmodules]\fP for database\-specific parameters
+used by the loadable database library.  The default value is the
+realm name.  If this configuration section does not exist, default
+values will be used for all database parameters.
 .TP
 .B \fBdatabase_name\fP
-(String.)  This string specifies the location of the Kerberos
-database for this realm, if the DB2 back\-end is being used.  If a
-\fBdatabase_module\fP is specified for the realm and the
-corresponding module contains a \fBdatabase_name\fP parameter, that
-value will take precedence over this one.  The default value is
-\fB at LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP.
+(String, deprecated.)  This relation specifies the location of the
+Kerberos database for this realm, if the DB2 module is being used
+and the \fI\%[dbmodules]\fP configuration section does not specify a
+database name.  The default value is \fB at LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP.
 .TP
 .B \fBdefault_principal_expiration\fP
 (\fIabstime\fP string.)  Specifies the default expiration date of
@@ -396,20 +406,21 @@ definitions of these relations.
 .SS [dbmodules]
 .sp
 The [dbmodules] section contains parameters used by the KDC database
-library and database modules.
+library and database modules.  Each tag in the [dbmodules] section is
+the name of a Kerberos realm or a section name specified by a realm\(aqs
+\fBdatabase_module\fP parameter.  The following example shows how to
+define one database parameter for the ATHENA.MIT.EDU realm:
 .sp
-The following tag may be specified in the [dbmodules] section:
-.INDENT 0.0
-.TP
-.B \fBdb_module_dir\fP
-This tag controls where the plugin system looks for modules.  The
-value should be an absolute path.
-.UNINDENT
+.nf
+.ft C
+[dbmodules]
+    ATHENA.MIT.EDU = {
+        disable_last_success = true
+    }
+.ft P
+.fi
 .sp
-Other tags in the [dbmodules] section name a configuration subsection
-for parameters which can be referred to by a realm\(aqs
-\fBdatabase_module\fP parameter.  The following tags may be specified in
-the subsection:
+The following tags may be specified in a [dbmodules] subsection:
 .INDENT 0.0
 .TP
 .B \fBdatabase_name\fP
@@ -470,6 +481,15 @@ passwords (created by \fBkdb5_ldap_util stashsrvpw\fP) for the
 \fBldap_kadmind_dn\fP and \fBldap_kdc_dn\fP objects.  This file must
 be kept secure.
 .UNINDENT
+.sp
+The following tag may be specified directly in the [dbmodules]
+section to control where database modules are loaded from:
+.INDENT 0.0
+.TP
+.B \fBdb_module_dir\fP
+This tag controls where the plugin system looks for database
+modules.  The value should be an absolute path.
+.UNINDENT
 .SS [logging]
 .sp
 The [logging] section indicates how \fIkrb5kdc(8)\fP and
diff --git a/src/man/kpropd.man b/src/man/kpropd.man
index 3115789..7231793 100644
--- a/src/man/kpropd.man
+++ b/src/man/kpropd.man
@@ -69,9 +69,14 @@ kprop  stream  tcp  nowait  root  /usr/local/sbin/kpropd  kpropd
 .UNINDENT
 .UNINDENT
 .sp
-kpropd can also run as a standalone daemon.  This is required for
-incremental propagation.  But this is also useful for debugging
-purposes.
+kpropd can also run as a standalone daemon, backgrounding itself and
+waiting for connections on port 754 (or the port specified with the
+\fB\-P\fP option if given).  Standalone mode is required for incremental
+propagation.  Starting in release 1.11, kpropd automatically detects
+whether it was run from inetd and runs in standalone mode if it is
+not.  Prior to release 1.11, the \fB\-S\fP option is required to run
+kpropd in standalone mode; this option is now accepted for backward
+compatibility but does nothing.
 .sp
 Incremental propagation may be enabled with the \fBiprop_enable\fP
 variable in \fIkdc.conf(5)\fP.  If incremental propagation is
@@ -101,19 +106,11 @@ to be stored; by default the dumped database file is \fB at LOCALSTATEDIR@\fP\fB/kr
 Allows the user to specify the pathname to the \fIkdb5_util(8)\fP
 program; by default the pathname used is \fB at SBINDIR@\fP\fB/kdb5_util\fP.
 .TP
-.B \fB\-S\fP
-[DEPRECATED] Enable standalone mode.  Normally kpropd is invoked by
-inetd(8) so it expects a network connection to be passed to it
-from inetd(8).  If the \fB\-S\fP option is specified, or if standard
-input is not a socket, kpropd will put itself into the background,
-and wait for connections on port 754 (or the port specified with the
-\fB\-P\fP option if given).
-.TP
 .B \fB\-d\fP
-Turn on debug mode.  In this mode, if the \fB\-S\fP option is
-selected, kpropd will not detach itself from the current job and
-run in the background.  Instead, it will run in the foreground and
-print out debugging messages during the database propagation.
+Turn on debug mode.  In this mode, kpropd will not detach
+itself from the current job and run in the background.  Instead,
+it will run in the foreground and print out debugging messages
+during the database propagation.
 .TP
 .B \fB\-P\fP
 Allow for an alternate port number for kpropd to listen on.  This

More information about the cvs-krb5 mailing list