.\" direct, indirect, or consequential damages with respect to any
.\" claim by the user or distributor of the ksu software.
.\"
-.\" KSU was writen by: Ari Medvinsky, ari@isi.edu
+.\" KSU was written by: Ari Medvinsky, ari@isi.edu
.\" "
.TH KSU 1
.SH NAME
password. The password is then used to get a
ticket granting ticket from the Kerberos server.
The danger of configuring ksu with this macro is
-if the source user is loged in remotely and does not
+if the source user is logged in remotely and does not
have a secure channel, the password may get exposed.
.TP 10
\fIPRINC_LOOK_AHEAD\fP
.\"
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
.\"
.\" clients/kvnol/kvno.M
.\" "
.IP max_life
This
.B delta time string
-specifes the maximum time period that a ticket may be valid for in
+specifies the maximum time period that a ticket may be valid for in
this realm.
.IP max_renewable_life
.IP iprop_slave_poll
This
.B delta time string
-specfies how often the slave KDC polls for new updates from the
+specifies how often the slave KDC polls for new updates from the
master. Default is "2m" (that is, two minutes).
.IP supported_enctypes
.IP [dbmodules]
Contains database specific parameters used by the database library.
-.ip [plugins]
+.IP [plugins]
Contains plugin module registration and filtering parameters.
.PP
Each of these sections will be covered in more details in the following
DCE 1.1 systems.
.IP dns_lookup_kdc
-Indicate whether DNS SRV records shoud be used to locate the KDCs and
+Indicate whether DNS SRV records should be used to locate the KDCs and
other servers for a realm, if they are not listed in the information
for the realm. The default is to use these records.
Cross-realm authentication is typically organized hierarchically. This
hierarchy is based on the name of the realm, which thus imposes
restrictions on the choice of realm names, and on who may participate in
-a cross-realm authentication. A non hierarchical orgization may be used,
+a cross-realm authentication. A non hierarchical organization may be used,
but requires a database to construct the authentication paths between
the realms. This section defines that database.
.PP
.sp
In the above examples, the ordering is not important, except when the
same subtag name is used more then once. The client will use this to
-determing the path. (It is not important to the server, since the
+determine the path. (It is not important to the server, since the
transited field is not sorted.)
.PP
If this section is not present, or if the client or server cannot find a
-client/server path, then normal hierarchical orginization is assumed.
+client/server path, then normal hierarchical organization is assumed.
.PP
This feature is not currently supported by DCE. DCE security servers can
be used with Kerberized clients and servers, but versions prior to DCE
.TH KADMIN 1
.SH NAME
kadmin \- Kerberos V5 database administration program
-.SH SYNOPSYS
+.SH SYNOPSIS
.TP
.B kadmin
.ad l
maximum renewable life of tickets for the principal
.TP
\fB\-kvno\fP \fIkvno\fP
-explicity set the key version number.
+explicitly set the key version number.
.TP
\fB\-policy\fP \fIpolicy\fP
policy used by this principal. If no policy is supplied, then if the
kadmin:
.TP
ERRORS:
-KADM5_AUTH_DELETE (reequires "delete" privilege)
+KADM5_AUTH_DELETE (requires "delete" privilege)
KADM5_UNK_PRINC (principal does not exist)
.RE
.fi
an "@" character followed by the local realm is appended to the
expression. Requires the
.I list
-priviledge. Alias
+privilege. Alias
.BR listprincs ,
.BR get_principals ,
.BR get_princs .
are printed. If no expression is provided, all existing policy names
are printed. Requires the
.I list
-priviledge. Alias
+privilege. Alias
.BR listpols ,
.BR get_policies ,
.BR getpols .
parsed as an integer, and all entries whose kvno match that integer are
removed. If the
.B \-k
-argument is not specifeid, the default keytab
+argument is not specified, the default keytab
.I /etc/krb5.keytab
is used. If the
.B \-q
.SH HISTORY
The
.B kadmin
-prorgam was originally written by Tom Yu at MIT, as an interface to the
+program was originally written by Tom Yu at MIT, as an interface to the
OpenVision Kerberos administration program.
.SH SEE ALSO
.IR kerberos (1),
.TP
.B \-rev
dumps in reverse order. This may recover principals that do not dump
-normally, in cases where database corruption has occured.
+normally, in cases where database corruption has occurred.
.TP
.B \-recurse
causes the dump to walk the database recursively (btree only). This
may recover principals that do not dump normally, in cases where
-database corruption has occured. In cases of such corruption, this
+database corruption has occurred. In cases of such corruption, this
option will probably retrieve more principals than the \fB\-rev\fP
option will.
.RE
.SH DESCRIPTION
This command starts the KADM5 administration server. If the database is db2,
the administration server runs on the master Kerberos server, which stores the KDC
-prinicpal database and the KADM5 policy database. If the database is LDAP,
+principal database and the KADM5 policy database. If the database is LDAP,
the administration server and the KDC server need not run on the same machine.
.B Kadmind
accepts remote requests to administer the information in these
for it to work:
.TP "\w'kdc.conf\ \ 'u"
kdc.conf
-The KDC configuration file contains configuration informatin for the KDC
+The KDC configuration file contains configuration information for the KDC
and the KADM5 system.
.B Kadmind
-understands a number of variable settings in this file, some of whch are
+understands a number of variable settings in this file, some of which are
mandatory and some of which are optional. See the CONFIGURATION VALUES
section below.
.TP
.B *
) character.
.IP operation-mask
-Specifies what operations may or may not be peformed by a principal
+Specifies what operations may or may not be performed by a principal
matching a particular entry. This is a string of one or more of the
following list of characters or their upper-case counterparts. If the
character is upper-case, then the operation is disallowed. If the
The KDC may service requests for multiple realms (maximum 32 realms). The
realms are listed on the command line. Per-realm options that can be
specified on the command line pertain for each realm that follows it and are
-superceded by subsequent definitions of the same option. For example,
+superseded by subsequent definitions of the same option. For example,
.PP
.B krb5kdc
.B \-p
.SH DESCRIPTION
.I kprop
is used to propagate a Kerberos V5 database dump file from the master
-Kerberos server to a slave Kerberos server, which is specfied by
+Kerberos server to a slave Kerberos server, which is specified by
.IR slave_host .
This is done by transmitting the dumped database file to the slave
server over an encrypted, secure channel. The dump file must be created
The
.B \-r
.I realm
-option specifies the realm in which the entreis should be created;
+option specifies the realm in which the entries should be created;
by default the realm returned by
.IR krb5_default_local_realm (3)
is used.