From 838fad6c3b320d10df135c99a5f6fb1f270ee4b3 Mon Sep 17 00:00:00 2001
From: Michael Shanzer <shanzer@mit.edu>
Date: Fri, 20 May 1994 18:30:01 +0000
Subject: [PATCH] document the fact that you can not change the key of
 ovsec_adm/history

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3616 dc483132-0cff-0310-8789-dd5450dbe970
---
 doc/kadm5/api-funcspec.tex | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/doc/kadm5/api-funcspec.tex b/doc/kadm5/api-funcspec.tex
index df3a41893..3f6b32bb2 100644
--- a/doc/kadm5/api-funcspec.tex
+++ b/doc/kadm5/api-funcspec.tex
@@ -447,6 +447,7 @@ expired.
 \item[OVSEC_KADM_POLICY_REF] Policy reference count is not zero.
 \item[OVSEC_KADM_INIT] Connection to server already initialized.
 \item[OVSEC_KADM_BAD_PASSWORD] Incorrect password.
+\item[OVSEC_KADM_PROTECT_PRINCIPAL] Cannot change protected principal."
 \end{description}
 
 \subsection{Authentication and Authorization}
@@ -860,6 +861,8 @@ set in the principal's aux_attributes field.
 \item If caller does not have modify privilege, (now - last_pwd_change) $<$
 pw_min_life, and the KRB5_KDB_REQUIRES_PWCHANGE bit is not set in the
 principal's attributes, return OVSEC_KADM_PASS_TOOSOON.
+\item If the principal your are trying to change is ovsec_adm/history
+return OVSEC_KADM_PROTECT_PRINCIPAL.
 \item If the password does not meet the quality
 standards, return the appropriate OVSEC_KADM_PASS_Q_* error code.
 \item Convert password to key.  The key is generated with
@@ -887,8 +890,8 @@ RETURN CODES:
 standards. 
 \item[OVSEC_KADM_PASS_REUSE] Requested password is in user's
 password history. 
-\item[OVSEC_KADM_PASS_TOOSOON] Current password has not reached minimum
-life. 
+\item[OVSEC_KADM_PASS_TOOSOON] Current password has not reached minimum life
+\item[OVSEC_KADM_PROTECT_PRINCIPAL] Cannot change the password of a special principal
 \end{description}
 
 
@@ -1026,6 +1029,8 @@ if verification fails.
 \item If caller does not have modify privilege, (now - last_pwd_change) $<$
 pw_min_life, and the KRB5_KDB_REQUIRES_PWCHANGE bit is not set in the
 principal's attributes, return OVSEC_KADM_PASS_TOOSOON.
+\item If the principal you are trying to change is ovsec_adm/history return
+OVSEC_KADM_PROTECT_PRINCIPAL.
 \item Store old key in history.
 \item Update principal to have new key.
 \item Increment principal's key version number by one.
@@ -1043,6 +1048,8 @@ RETURN CODES:
 \item[OVSEC_KADM_UNK_PRINC] Principal does not exist.
 \item[OVSEC_KADM_PASS_TOOSOON] The minimum lifetime for the current
 key has not expired.
+\item[OVSEC_KADM_PROTECT_PRINCIPAL] Cannot change the password of a special
+principal
 \end{description}
 
 This function can also be used as part of a sequence to create a new
-- 
2.26.2