From 2758d6990b6ddef75c9884a08ea6840c18daab41 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 4 Jan 2010 19:59:03 +0000 Subject: [PATCH] Fix documentation of armor cache based on fast negotiation project git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23579 dc483132-0cff-0310-8789-dd5450dbe970 --- src/clients/kinit/kinit.M | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/clients/kinit/kinit.M b/src/clients/kinit/kinit.M index 5b85772ac..f50ca3ac3 100644 --- a/src/clients/kinit/kinit.M +++ b/src/clients/kinit/kinit.M @@ -140,9 +140,11 @@ option; otherwise the default name and location will be used. .TP \fB\-T\fP \fIarmor_ccache\fP Specifies the name of a credential cache that already contains a -ticket. This ccache will be used to armor the request. Ideally, an -attacker should have to attack both the armor ticket and the key of -the principal. +ticket. If supported by the KDC, This ccache will be used to armor +the request so that an attacker would have to know both the key of the +armor ticket and the key of the principal used for authentication in +order to attack the request. Armoring also makes sure that the +response from the KDC is not modified in transit. .TP \fB\-c\fP \fIcache_name\fP use -- 2.26.2