krb5 commit: Modernize example enctypes in documentation

Greg Hudson ghudson at mit.edu
Mon May 20 13:00:07 EDT 2019


https://github.com/krb5/krb5/commit/ccb4a3e4b35fa9ea63af0e98a42eba4aadb099e2
commit ccb4a3e4b35fa9ea63af0e98a42eba4aadb099e2
Author: Robbie Harwood <rharwood at redhat.com>
Date:   Thu Apr 11 18:25:41 2019 -0400

    Modernize example enctypes in documentation
    
    ticket: 8805 (new)

 doc/admin/admin_commands/kadmin_local.rst        |    8 ++++----
 doc/admin/admin_commands/kdb5_util.rst           |   10 +++++-----
 doc/admin/database.rst                           |    2 +-
 doc/admin/install_appl_srv.rst                   |   19 +++++++------------
 doc/admin/install_kdc.rst                        |    2 +-
 src/man/kadmin.man                               |   12 ++++++------
 src/man/kdb5_util.man                            |   10 +++++-----
 src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif   |    4 ++--
 src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema |    4 ++--
 9 files changed, 33 insertions(+), 38 deletions(-)

diff --git a/doc/admin/admin_commands/kadmin_local.rst b/doc/admin/admin_commands/kadmin_local.rst
index 150da1f..71aa894 100644
--- a/doc/admin/admin_commands/kadmin_local.rst
+++ b/doc/admin/admin_commands/kadmin_local.rst
@@ -569,16 +569,16 @@ Examples::
     Principal: tlyu/admin at BLEEP.COM
     Expiration date: [never]
     Last password change: Mon Aug 12 14:16:47 EDT 1996
-    Password expiration date: [none]
+    Password expiration date: [never]
     Maximum ticket life: 0 days 10:00:00
     Maximum renewable life: 7 days 00:00:00
     Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin at BLEEP.COM)
     Last successful authentication: [never]
     Last failed authentication: [never]
     Failed password attempts: 0
-    Number of keys: 2
-    Key: vno 1, des-cbc-crc
-    Key: vno 1, des-cbc-crc:v4
+    Number of keys: 1
+    Key: vno 1, aes256-cts-hmac-sha384-192
+    MKey: vno 1
     Attributes:
     Policy: [none]
 
diff --git a/doc/admin/admin_commands/kdb5_util.rst b/doc/admin/admin_commands/kdb5_util.rst
index 7dd54f7..444c58b 100644
--- a/doc/admin/admin_commands/kdb5_util.rst
+++ b/doc/admin/admin_commands/kdb5_util.rst
@@ -476,17 +476,17 @@ Examples::
     $ kdb5_util tabdump -o keyinfo.txt keyinfo
     $ cat keyinfo.txt
     name	keyindex	kvno	enctype	salttype	salt
+    K/M at EXAMPLE.COM	0	1	aes256-cts-hmac-sha384-192	normal	-1
     foo at EXAMPLE.COM	0	1	aes128-cts-hmac-sha1-96	normal	-1
     bar at EXAMPLE.COM	0	1	aes128-cts-hmac-sha1-96	normal	-1
-    bar at EXAMPLE.COM	1	1	des-cbc-crc	normal	-1
     $ sqlite3
     sqlite> .mode tabs
     sqlite> .import keyinfo.txt keyinfo
-    sqlite> select * from keyinfo where enctype like 'des-cbc-%';
-    bar at EXAMPLE.COM	1	1	des-cbc-crc	normal	-1
+    sqlite> select * from keyinfo where enctype like 'aes256-%';
+    K/M at EXAMPLE.COM	1	1	aes256-cts-hmac-sha384-192	normal	-1
     sqlite> .quit
-    $ awk -F'\t' '$4 ~ /des-cbc-/ { print }' keyinfo.txt
-    bar at EXAMPLE.COM	1	1	des-cbc-crc	normal	-1
+    $ awk -F'\t' '$4 ~ /aes256-/ { print }' keyinfo.txt
+    K/M at EXAMPLE.COM	1	1	aes256-cts-hmac-sha384-192	normal	-1
 
 
 ENVIRONMENT
diff --git a/doc/admin/database.rst b/doc/admin/database.rst
index 113a680..0eb5ccd 100644
--- a/doc/admin/database.rst
+++ b/doc/admin/database.rst
@@ -483,7 +483,7 @@ availability.  To roll over the master key, follow these steps:
 
     $ kdb5_util list_mkeys
     Master keys for Principal: K/M at KRBTEST.COM
-    KVNO: 1, Enctype: des-cbc-crc, Active on: Wed Dec 31 19:00:00 EST 1969 *
+    KVNO: 1, Enctype: aes256-cts-hmac-sha384-192, Active on: Thu Jan 01 00:00:00 UTC 1970 *
 
 #. On the master KDC, run ``kdb5_util use_mkey 1`` to ensure that a
    master key activation list is present in the database.  This step
diff --git a/doc/admin/install_appl_srv.rst b/doc/admin/install_appl_srv.rst
index 6bae724..6b2d8e4 100644
--- a/doc/admin/install_appl_srv.rst
+++ b/doc/admin/install_appl_srv.rst
@@ -44,18 +44,13 @@ pop, the administrator ``joeadmin`` would issue the command (on
 ``trillium.mit.edu``)::
 
     trillium% kadmin
-    kadmin5: ktadd host/trillium.mit.edu ftp/trillium.mit.edu
-        pop/trillium.mit.edu
-    kadmin: Entry for principal host/trillium.mit.edu at ATHENA.MIT.EDU with
-        kvno 3, encryption type DES-CBC-CRC added to keytab
-        FILE:/etc/krb5.keytab.
-    kadmin: Entry for principal ftp/trillium.mit.edu at ATHENA.MIT.EDU with
-        kvno 3, encryption type DES-CBC-CRC added to keytab
-        FILE:/etc/krb5.keytab.
-    kadmin: Entry for principal pop/trillium.mit.edu at ATHENA.MIT.EDU with
-        kvno 3, encryption type DES-CBC-CRC added to keytab
-        FILE:/etc/krb5.keytab.
-    kadmin5: quit
+    Authenticating as principal root/admin at ATHENA.MIT.EDU with password.
+    Password for root/admin at ATHENA.MIT.EDU:
+    kadmin: ktadd host/trillium.mit.edu ftp/trillium.mit.edu pop/trillium.mit.edu
+    Entry for principal host/trillium.mit.edu at ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+    kadmin: Entry for principal ftp/trillium.mit.edu at ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+    kadmin: Entry for principal pop/trillium.mit.edu at ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+    kadmin: quit
     trillium%
 
 If you generate the keytab file on another host, you need to get a
diff --git a/doc/admin/install_kdc.rst b/doc/admin/install_kdc.rst
index 5d1e70e..3bec59f 100644
--- a/doc/admin/install_kdc.rst
+++ b/doc/admin/install_kdc.rst
@@ -340,7 +340,7 @@ To extract a keytab directly on a replica KDC called
     Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
         type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
     Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
-        type des3-cbc-sha1 added to keytab FILE:/etc/krb5.keytab.
+        type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
     Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
         type arcfour-hmac added to keytab FILE:/etc/krb5.keytab.
 
diff --git a/src/man/kadmin.man b/src/man/kadmin.man
index db47ba8..44859a3 100644
--- a/src/man/kadmin.man
+++ b/src/man/kadmin.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KADMIN" "1" " " "1.17" "MIT Kerberos"
+.TH "KADMIN" "1" " " "1.18" "MIT Kerberos"
 .SH NAME
 kadmin \- Kerberos V5 database administration program
 .
@@ -610,16 +610,16 @@ kadmin: getprinc tlyu/admin
 Principal: tlyu/admin at BLEEP.COM
 Expiration date: [never]
 Last password change: Mon Aug 12 14:16:47 EDT 1996
-Password expiration date: [none]
+Password expiration date: [never]
 Maximum ticket life: 0 days 10:00:00
 Maximum renewable life: 7 days 00:00:00
 Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin at BLEEP.COM)
 Last successful authentication: [never]
 Last failed authentication: [never]
 Failed password attempts: 0
-Number of keys: 2
-Key: vno 1, des\-cbc\-crc
-Key: vno 1, des\-cbc\-crc:v4
+Number of keys: 1
+Key: vno 1, aes256\-cts\-hmac\-sha384\-192
+MKey: vno 1
 Attributes:
 Policy: [none]
 
@@ -1081,6 +1081,6 @@ kpasswd(1), kadmind(8), kerberos(7)
 .SH AUTHOR
 MIT
 .SH COPYRIGHT
-1985-2018, MIT
+1985-2019, MIT
 .\" Generated by docutils manpage writer.
 .
diff --git a/src/man/kdb5_util.man b/src/man/kdb5_util.man
index 9a36ef0..46772a2 100644
--- a/src/man/kdb5_util.man
+++ b/src/man/kdb5_util.man
@@ -529,17 +529,17 @@ Examples:
 $ kdb5_util tabdump \-o keyinfo.txt keyinfo
 $ cat keyinfo.txt
 name        keyindex        kvno    enctype salttype        salt
+K/M at EXAMPLE.COM     0       1       aes256\-cts\-hmac\-sha384\-192      normal  \-1
 foo at EXAMPLE.COM     0       1       aes128\-cts\-hmac\-sha1\-96 normal  \-1
 bar at EXAMPLE.COM     0       1       aes128\-cts\-hmac\-sha1\-96 normal  \-1
-bar at EXAMPLE.COM     1       1       des\-cbc\-crc     normal  \-1
 $ sqlite3
 sqlite> .mode tabs
 sqlite> .import keyinfo.txt keyinfo
-sqlite> select * from keyinfo where enctype like \(aqdes\-cbc\-%\(aq;
-bar at EXAMPLE.COM     1       1       des\-cbc\-crc     normal  \-1
+sqlite> select * from keyinfo where enctype like \(aqaes256\-%\(aq;
+K/M at EXAMPLE.COM     1       1       aes256\-cts\-hmac\-sha384\-192      normal  \-1
 sqlite> .quit
-$ awk \-F\(aq\et\(aq \(aq$4 ~ /des\-cbc\-/ { print }\(aq keyinfo.txt
-bar at EXAMPLE.COM     1       1       des\-cbc\-crc     normal  \-1
+$ awk \-F\(aq\et\(aq \(aq$4 ~ /aes256\-/ { print }\(aq keyinfo.txt
+K/M at EXAMPLE.COM     1       1       aes256\-cts\-hmac\-sha384\-192      normal  \-1
 .ft P
 .fi
 .UNINDENT
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
index 13db486..4224f08 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
@@ -512,7 +512,7 @@ attributetypes: ( 2.16.840.1.113719.1.301.4.41.1
 
 ##### Holds the default encryption/salt type combinations of principals for
 ##### the Realm. Stores in the form of key:salt strings.
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
 
 dn: cn=schema
 changetype: modify
@@ -533,7 +533,7 @@ attributetypes: ( 2.16.840.1.113719.1.301.4.42.1
 ##### ONLYREALM       
 ##### SPECIAL         
 ##### AFS3            
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
 #####
 ##### This attribute obsoletes the krbSupportedEncTypes and krbSupportedSaltTypes
 ##### attributes.
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
index 52036a1..171f669 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
@@ -410,7 +410,7 @@ attributetype ( 2.16.840.1.113719.1.301.4.41.1
 ##### Holds the default encryption/salt type combinations of principals for
 ##### the Realm. Stores in the form of key:salt strings. This will be
 ##### subset of the supported encryption/salt types.
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
 
 attributetype ( 2.16.840.1.113719.1.301.4.42.1
                 NAME 'krbDefaultEncSaltTypes'
@@ -428,7 +428,7 @@ attributetype ( 2.16.840.1.113719.1.301.4.42.1
 ##### ONLYREALM       
 ##### SPECIAL         
 ##### AFS3            
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
 
 attributetype ( 2.16.840.1.113719.1.301.4.43.1
                 NAME 'krbSupportedEncSaltTypes'


More information about the cvs-krb5 mailing list