From 33919412ce8aaba818c41c585044909e97f506c2 Mon Sep 17 00:00:00 2001 From: Zhanna Tsitkov Date: Wed, 29 Jun 2011 16:29:34 +0000 Subject: [PATCH] Updated list of the permissions - added "p/P" and removed "s/S" git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25000 dc483132-0cff-0310-8789-dd5450dbe970 --- .../database/db_princs/priv_princ.rst | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst b/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst index 468448e65..e3820ec67 100644 --- a/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst +++ b/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst @@ -1,7 +1,9 @@ +.. _privileges_label: + Privileges =============== -Administrative privileges for the Kerberos database are stored in the file *kadm5.acl*. +Administrative privileges for the Kerberos database are stored in the file **kadm5.acl**. The format of the file is:: @@ -18,18 +20,20 @@ The permissions are represented by single letters; UPPER-CASE letters represent === ===================================== a allows the addition of principals or policies in the database. A disallows the addition of principals or policies in the database. -d allows the deletion of principals or policies in the database. -D disallows the deletion of principals or policies in the database. -m allows the modification of principals or policies in the database. -M disallows the modification of principals or policies in the database. c allows the changing of passwords for principals in the database. C disallows the changing of passwords for principals in the database. +d allows the deletion of principals or policies in the database. +D disallows the deletion of principals or policies in the database. i allows inquiries to the database. I disallows inquiries to the database. l allows the listing of principals or policies in the database. L disallows the listing of principals or policies in the database. -s allows the explicit setting of the key for a principal -S disallows the explicit setting of the key for a principal +m allows the modification of principals or policies in the database. +M disallows the modification of principals or policies in the database. +p allow the propagation of the principal database. +P disallow the propagation of the principal database. +u allows the creation of one-component user principals whose password can be validated with PAM. +U negates the u privilege. \* All privileges (admcil). x All privileges (admcil); identical to "\*". === ===================================== @@ -39,7 +43,7 @@ x All privileges (admcil); identical to "\*". The restrictions are a string of flags. Allowed restrictions are: ======================== ============================ -[+ -]flagname flag is forced to indicated value. The permissible flags are the same as the + and - flags for the kadmin addprinc and modprinc commands. +[+\|-]flagname flag is forced to indicated value. The permissible flags are the same as the + and - flags for the kadmin addprinc and modprinc commands. -clearpolicy policy is forced to clear -policy *pol* policy is forced to be *pol* -expire time -- 2.26.2