krb5 commit: Modernize example enctypes in documentation
Greg Hudson
ghudson at mit.edu
Mon May 20 13:00:07 EDT 2019
https://github.com/krb5/krb5/commit/ccb4a3e4b35fa9ea63af0e98a42eba4aadb099e2
commit ccb4a3e4b35fa9ea63af0e98a42eba4aadb099e2
Author: Robbie Harwood <rharwood at redhat.com>
Date: Thu Apr 11 18:25:41 2019 -0400
Modernize example enctypes in documentation
ticket: 8805 (new)
doc/admin/admin_commands/kadmin_local.rst | 8 ++++----
doc/admin/admin_commands/kdb5_util.rst | 10 +++++-----
doc/admin/database.rst | 2 +-
doc/admin/install_appl_srv.rst | 19 +++++++------------
doc/admin/install_kdc.rst | 2 +-
src/man/kadmin.man | 12 ++++++------
src/man/kdb5_util.man | 10 +++++-----
src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif | 4 ++--
src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema | 4 ++--
9 files changed, 33 insertions(+), 38 deletions(-)
diff --git a/doc/admin/admin_commands/kadmin_local.rst b/doc/admin/admin_commands/kadmin_local.rst
index 150da1f..71aa894 100644
--- a/doc/admin/admin_commands/kadmin_local.rst
+++ b/doc/admin/admin_commands/kadmin_local.rst
@@ -569,16 +569,16 @@ Examples::
Principal: tlyu/admin at BLEEP.COM
Expiration date: [never]
Last password change: Mon Aug 12 14:16:47 EDT 1996
- Password expiration date: [none]
+ Password expiration date: [never]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin at BLEEP.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
- Number of keys: 2
- Key: vno 1, des-cbc-crc
- Key: vno 1, des-cbc-crc:v4
+ Number of keys: 1
+ Key: vno 1, aes256-cts-hmac-sha384-192
+ MKey: vno 1
Attributes:
Policy: [none]
diff --git a/doc/admin/admin_commands/kdb5_util.rst b/doc/admin/admin_commands/kdb5_util.rst
index 7dd54f7..444c58b 100644
--- a/doc/admin/admin_commands/kdb5_util.rst
+++ b/doc/admin/admin_commands/kdb5_util.rst
@@ -476,17 +476,17 @@ Examples::
$ kdb5_util tabdump -o keyinfo.txt keyinfo
$ cat keyinfo.txt
name keyindex kvno enctype salttype salt
+ K/M at EXAMPLE.COM 0 1 aes256-cts-hmac-sha384-192 normal -1
foo at EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
bar at EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
- bar at EXAMPLE.COM 1 1 des-cbc-crc normal -1
$ sqlite3
sqlite> .mode tabs
sqlite> .import keyinfo.txt keyinfo
- sqlite> select * from keyinfo where enctype like 'des-cbc-%';
- bar at EXAMPLE.COM 1 1 des-cbc-crc normal -1
+ sqlite> select * from keyinfo where enctype like 'aes256-%';
+ K/M at EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
sqlite> .quit
- $ awk -F'\t' '$4 ~ /des-cbc-/ { print }' keyinfo.txt
- bar at EXAMPLE.COM 1 1 des-cbc-crc normal -1
+ $ awk -F'\t' '$4 ~ /aes256-/ { print }' keyinfo.txt
+ K/M at EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
ENVIRONMENT
diff --git a/doc/admin/database.rst b/doc/admin/database.rst
index 113a680..0eb5ccd 100644
--- a/doc/admin/database.rst
+++ b/doc/admin/database.rst
@@ -483,7 +483,7 @@ availability. To roll over the master key, follow these steps:
$ kdb5_util list_mkeys
Master keys for Principal: K/M at KRBTEST.COM
- KVNO: 1, Enctype: des-cbc-crc, Active on: Wed Dec 31 19:00:00 EST 1969 *
+ KVNO: 1, Enctype: aes256-cts-hmac-sha384-192, Active on: Thu Jan 01 00:00:00 UTC 1970 *
#. On the master KDC, run ``kdb5_util use_mkey 1`` to ensure that a
master key activation list is present in the database. This step
diff --git a/doc/admin/install_appl_srv.rst b/doc/admin/install_appl_srv.rst
index 6bae724..6b2d8e4 100644
--- a/doc/admin/install_appl_srv.rst
+++ b/doc/admin/install_appl_srv.rst
@@ -44,18 +44,13 @@ pop, the administrator ``joeadmin`` would issue the command (on
``trillium.mit.edu``)::
trillium% kadmin
- kadmin5: ktadd host/trillium.mit.edu ftp/trillium.mit.edu
- pop/trillium.mit.edu
- kadmin: Entry for principal host/trillium.mit.edu at ATHENA.MIT.EDU with
- kvno 3, encryption type DES-CBC-CRC added to keytab
- FILE:/etc/krb5.keytab.
- kadmin: Entry for principal ftp/trillium.mit.edu at ATHENA.MIT.EDU with
- kvno 3, encryption type DES-CBC-CRC added to keytab
- FILE:/etc/krb5.keytab.
- kadmin: Entry for principal pop/trillium.mit.edu at ATHENA.MIT.EDU with
- kvno 3, encryption type DES-CBC-CRC added to keytab
- FILE:/etc/krb5.keytab.
- kadmin5: quit
+ Authenticating as principal root/admin at ATHENA.MIT.EDU with password.
+ Password for root/admin at ATHENA.MIT.EDU:
+ kadmin: ktadd host/trillium.mit.edu ftp/trillium.mit.edu pop/trillium.mit.edu
+ Entry for principal host/trillium.mit.edu at ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+ kadmin: Entry for principal ftp/trillium.mit.edu at ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+ kadmin: Entry for principal pop/trillium.mit.edu at ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+ kadmin: quit
trillium%
If you generate the keytab file on another host, you need to get a
diff --git a/doc/admin/install_kdc.rst b/doc/admin/install_kdc.rst
index 5d1e70e..3bec59f 100644
--- a/doc/admin/install_kdc.rst
+++ b/doc/admin/install_kdc.rst
@@ -340,7 +340,7 @@ To extract a keytab directly on a replica KDC called
Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
- type des3-cbc-sha1 added to keytab FILE:/etc/krb5.keytab.
+ type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
type arcfour-hmac added to keytab FILE:/etc/krb5.keytab.
diff --git a/src/man/kadmin.man b/src/man/kadmin.man
index db47ba8..44859a3 100644
--- a/src/man/kadmin.man
+++ b/src/man/kadmin.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KADMIN" "1" " " "1.17" "MIT Kerberos"
+.TH "KADMIN" "1" " " "1.18" "MIT Kerberos"
.SH NAME
kadmin \- Kerberos V5 database administration program
.
@@ -610,16 +610,16 @@ kadmin: getprinc tlyu/admin
Principal: tlyu/admin at BLEEP.COM
Expiration date: [never]
Last password change: Mon Aug 12 14:16:47 EDT 1996
-Password expiration date: [none]
+Password expiration date: [never]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin at BLEEP.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
-Number of keys: 2
-Key: vno 1, des\-cbc\-crc
-Key: vno 1, des\-cbc\-crc:v4
+Number of keys: 1
+Key: vno 1, aes256\-cts\-hmac\-sha384\-192
+MKey: vno 1
Attributes:
Policy: [none]
@@ -1081,6 +1081,6 @@ kpasswd(1), kadmind(8), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2018, MIT
+1985-2019, MIT
.\" Generated by docutils manpage writer.
.
diff --git a/src/man/kdb5_util.man b/src/man/kdb5_util.man
index 9a36ef0..46772a2 100644
--- a/src/man/kdb5_util.man
+++ b/src/man/kdb5_util.man
@@ -529,17 +529,17 @@ Examples:
$ kdb5_util tabdump \-o keyinfo.txt keyinfo
$ cat keyinfo.txt
name keyindex kvno enctype salttype salt
+K/M at EXAMPLE.COM 0 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
foo at EXAMPLE.COM 0 1 aes128\-cts\-hmac\-sha1\-96 normal \-1
bar at EXAMPLE.COM 0 1 aes128\-cts\-hmac\-sha1\-96 normal \-1
-bar at EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
$ sqlite3
sqlite> .mode tabs
sqlite> .import keyinfo.txt keyinfo
-sqlite> select * from keyinfo where enctype like \(aqdes\-cbc\-%\(aq;
-bar at EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
+sqlite> select * from keyinfo where enctype like \(aqaes256\-%\(aq;
+K/M at EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
sqlite> .quit
-$ awk \-F\(aq\et\(aq \(aq$4 ~ /des\-cbc\-/ { print }\(aq keyinfo.txt
-bar at EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
+$ awk \-F\(aq\et\(aq \(aq$4 ~ /aes256\-/ { print }\(aq keyinfo.txt
+K/M at EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
.ft P
.fi
.UNINDENT
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
index 13db486..4224f08 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
@@ -512,7 +512,7 @@ attributetypes: ( 2.16.840.1.113719.1.301.4.41.1
##### Holds the default encryption/salt type combinations of principals for
##### the Realm. Stores in the form of key:salt strings.
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
dn: cn=schema
changetype: modify
@@ -533,7 +533,7 @@ attributetypes: ( 2.16.840.1.113719.1.301.4.42.1
##### ONLYREALM
##### SPECIAL
##### AFS3
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
#####
##### This attribute obsoletes the krbSupportedEncTypes and krbSupportedSaltTypes
##### attributes.
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
index 52036a1..171f669 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
@@ -410,7 +410,7 @@ attributetype ( 2.16.840.1.113719.1.301.4.41.1
##### Holds the default encryption/salt type combinations of principals for
##### the Realm. Stores in the form of key:salt strings. This will be
##### subset of the supported encryption/salt types.
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
attributetype ( 2.16.840.1.113719.1.301.4.42.1
NAME 'krbDefaultEncSaltTypes'
@@ -428,7 +428,7 @@ attributetype ( 2.16.840.1.113719.1.301.4.42.1
##### ONLYREALM
##### SPECIAL
##### AFS3
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
attributetype ( 2.16.840.1.113719.1.301.4.43.1
NAME 'krbSupportedEncSaltTypes'
More information about the cvs-krb5
mailing list