\subsection{Data Structures}
This section describes the data structures used by the Admin API that
-are unique to \secure{}.
+are unique to \secure{}. They are defined in ovsec_admin/admin.h.
\subsubsection{Principals, ovsec_kadm_principal_ent_t}
\label{sec:principal-structure}
\label{tab:policy-bits}
\end{table}
+\subsection{Constants}
+
+Several values are fixed and known through \#define's in include files.
+
+These are defined in <ovsec_admin/admin.h>:
+
+\begin{description}
+\item[admin service principal] ADM_PRINCIPAL (``admin'')
+\item[admin history key] HIST_PRINCIPAL (``admin/history'')
+\item[server acl file path] ACLFILE (``/krb/ovsec_admin.acl'')
+\end{description}
+
+The location of the admin policy and principal databases are defined
+in <ovsec_admin/adb.h>:
+
+\begin{description}
+\item[admin policy database] POLICY_DB (``/krb5/policy.db'')
+\item[admin principal database] PRINCIPAL_DB (``/krb5/principal.db'')
+\end{description}
+
\subsection{Error Codes}
The error codes that can be returned by admin functions are listed
The admin system guarantees that a function that returns an error code
has no other side effect.
-The Admin system will use \v{com_err} for error codes. The error code
-table name will be ``kadm'', and the offsets will be the same as the
-order presented here.
+The Admin system will use \v{com_err} for error codes. Note, this
+means that \v{com_err} codes may returned from functions that the
+admin routines call (e.g. the kerberos library). Callers should not
+expect that only OVSEC errors will be returned. The Admin system
+error code table name will be ``kadm'', and the offsets will be the
+same as the order presented here.
\begin{description}
\item[* OVSEC_KADM_OK] Operation successful.