From 90df80e4c0132cf29bfe22d3f92a31d320c9f90a Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 27 Feb 2012 18:17:19 +0000 Subject: [PATCH] Clean up labels in RST docs In various labels, correct typos, remove the redundant "_label" suffix, and avoid overabbreviating. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25715 dc483132-0cff-0310-8789-dd5450dbe970 --- .../admin_commands/kadmin_local.rst | 6 ++--- .../krb_admins/admin_commands/kdb5_util.rst | 4 ++-- .../krb_admins/appl_servers/conf_firewall.rst | 2 +- .../krb_admins/appl_servers/index.rst | 6 ++--- .../krb_admins/conf_files/krb5_conf.rst | 6 ++--- doc/rst_source/krb_admins/conf_ldap.rst | 7 +++--- .../database/db_operations/index.rst | 6 ++--- .../krb_admins/database/db_options.rst | 4 ++-- .../krb_admins/database/db_policies/index.rst | 2 -- .../database/db_princs/modify_princ.rst | 4 ++-- .../database/db_princs/priv_princ.rst | 6 ++--- .../krb_admins/database/incr_db_prop.rst | 4 ++-- .../ldap_operations/edir_create_realm.rst | 8 +++---- .../ldap_operations/edir_mod_realm.rst | 4 ++-- .../database/ldap_operations/index.rst | 2 +- .../ldap_operations/ldap_create_realm.rst | 4 ++-- .../ldap_operations/ldap_mod_realm.rst | 4 ++-- .../ldap_operations/ldap_stash_pass.rst | 2 +- .../krb_admins/database/xrealm_authn.rst | 2 +- doc/rst_source/krb_admins/dns.rst | 6 ++--- .../krb_admins/install_appl_srv.rst | 22 +++++++++---------- .../krb_admins/install_kdc/admins_to_acl.rst | 2 +- .../krb_admins/install_kdc/admins_to_db.rst | 2 +- .../krb_admins/install_kdc/create_db.rst | 4 ++-- .../krb_admins/install_kdc/index.rst | 4 ++-- .../krb_admins/install_kdc/kdc_prop_slave.rst | 10 ++++----- .../krb_admins/install_kdc/mod_conf.rst | 4 ++-- .../krb_admins/install_kdc/slave_install.rst | 2 +- .../krb_admins/install_kdc/stash_file_def.rst | 14 ++++++------ .../krb_admins/realm_config/db_prop.rst | 4 ++-- .../krb_admins/realm_config/kdc_hn.rst | 2 +- .../krb_admins/realm_config/kdc_ports.rst | 2 +- .../krb_admins/realm_config/mapping_hn.rst | 2 +- .../krb_build/options2configure.rst | 4 ++-- .../krb_users/pwd_mgmt/grant_access.rst | 2 +- doc/rst_source/krb_users/pwd_mgmt/index.rst | 4 ++-- .../krb_users/tkt_mgmt/obtain_kinit.rst | 4 ++-- .../krb_users/tkt_mgmt/view_klist.rst | 2 +- doc/rst_source/krb_users/user_appl/index.rst | 2 +- doc/rst_source/krb_users/user_appl/ksu.rst | 4 ++-- 40 files changed, 90 insertions(+), 95 deletions(-) diff --git a/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst b/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst index 3c78ad9a2..575e1f1c7 100644 --- a/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst +++ b/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst @@ -6,7 +6,7 @@ kadmin SYNOPSIS -------- -.. _kadmin_synopsys: +.. _kadmin_synopsis: **kadmin** [**-O**\|\ **-N**] @@ -26,7 +26,7 @@ SYNOPSIS [**-m**] [**-x** *db_args*] -.. _kadmin_synopsys_end: +.. _kadmin_synopsis_end: DESCRIPTION @@ -852,7 +852,7 @@ list_policies Retrieves all or some policy names. *expression* is a shell-style glob expression that can contain the wild-card characters ``?``, -``*``, and ``[]'`. All policy names matching the expression are +``*``, and ``[]``. All policy names matching the expression are printed. If no expression is provided, all existing policy names are printed. diff --git a/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst b/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst index bc9c3c5b1..1c608cb03 100644 --- a/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst +++ b/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst @@ -6,7 +6,7 @@ kdb5_util SYNOPSIS -------- -.. _kdb5_util_synopsys: +.. _kdb5_util_synopsis: **kdb5_util** [**-r** *realm*] @@ -18,7 +18,7 @@ SYNOPSIS [**-m**] *command* [*command_options*] -.. _kdb5_util_synopsys_end: +.. _kdb5_util_synopsis_end: DESCRIPTION ----------- diff --git a/doc/rst_source/krb_admins/appl_servers/conf_firewall.rst b/doc/rst_source/krb_admins/appl_servers/conf_firewall.rst index 783c90039..57d512700 100644 --- a/doc/rst_source/krb_admins/appl_servers/conf_firewall.rst +++ b/doc/rst_source/krb_admins/appl_servers/conf_firewall.rst @@ -1,4 +1,4 @@ -.. _conf_firewall_label: +.. _conf_firewall: Configuring your firewall to work with Kerberos V5 ================================================== diff --git a/doc/rst_source/krb_admins/appl_servers/index.rst b/doc/rst_source/krb_admins/appl_servers/index.rst index a54639212..db3f5c1b0 100644 --- a/doc/rst_source/krb_admins/appl_servers/index.rst +++ b/doc/rst_source/krb_admins/appl_servers/index.rst @@ -4,9 +4,9 @@ Application servers If you need to install the Kerberos V5 programs on an application server, please refer to the Kerberos V5 Installation Guide. Once you have installed the software, you need to add that host to the Kerberos -database (see :ref:`add_mod_del_princs_label`), and generate a keytab -for that host, that contains the host's key. You also need to make -sure the host's clock is within your maximum clock skew of the KDCs. +database (see :ref:`add_mod_del_princs`), and generate a keytab for +that host, that contains the host's key. You also need to make sure +the host's clock is within your maximum clock skew of the KDCs. .. toctree:: :maxdepth: 2 diff --git a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst index ee469c524..fb1e2401c 100644 --- a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst +++ b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst @@ -136,7 +136,7 @@ The libdefaults section may contain any of the following relations: **default_realm** Identifies the default Kerberos realm for the client. Set its value to your Kerberos realm. If this is not specified and the - TXT record lookup is enabled (see :ref:`udns_label`), then that + TXT record lookup is enabled (see :ref:`using_dns`), then that information will be used to determine the default realm. If this tag is not set in this configuration file and there is no DNS information found, then an error will be returned. @@ -438,7 +438,7 @@ following tags may be specified in the realm's subsection: be able to communicate with the KDC for each realm, this tag must be given a value in each realm subsection in the configuration file, or there must be DNS SRV records specifying the KDCs (see - :ref:`udns_label`). + :ref:`using_dns`). **kpasswd_server** Points to the server where all the password changes are performed. @@ -1185,8 +1185,6 @@ PKINIT krb5.conf options The default is false. -.. _krb5_conf_sample_label: - Sample krb5.conf file --------------------- diff --git a/doc/rst_source/krb_admins/conf_ldap.rst b/doc/rst_source/krb_admins/conf_ldap.rst index 3b842626c..bbd8f76db 100644 --- a/doc/rst_source/krb_admins/conf_ldap.rst +++ b/doc/rst_source/krb_admins/conf_ldap.rst @@ -114,7 +114,7 @@ Configuring Kerberos with OpenLDAP back-end :ref:`krb5_conf_sample_label`. 8. Create the realm using :ref:`kdb5_ldap_util(8)` (see - :ref:`ldap_create_realm_label`):: + :ref:`ldap_create_realm`):: kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees ou=users,dc=example,dc=com -r EXAMPLE.COM -s @@ -125,8 +125,7 @@ Configuring Kerberos with OpenLDAP back-end exist underneath the realm container, omit the **-subtrees** option and do not worry about creating the principal subtree. - For more information, refer to the section - :ref:`ops_on_ldap_label`. + For more information, refer to the section :ref:`ops_on_ldap`. The realm object is created under the **ldap_kerberos_container_dn** specified in the configuration file. @@ -137,7 +136,7 @@ Configuring Kerberos with OpenLDAP back-end 9. Stash the password of the service object used by the KDC and Administration service to bind to the LDAP server using the :ref:`kdb5_ldap_util(8)` **stashsrvpw** command (see - :ref:`stash_ldap_label`). The object DN should be the same as + :ref:`stash_ldap`). The object DN should be the same as **ldap_kdc*_dn* and **ldap_kadmind_dn** values specified in the :ref:`krb5.conf(5)` file:: diff --git a/doc/rst_source/krb_admins/database/db_operations/index.rst b/doc/rst_source/krb_admins/database/db_operations/index.rst index 3487eaa09..af266de7c 100644 --- a/doc/rst_source/krb_admins/database/db_operations/index.rst +++ b/doc/rst_source/krb_admins/database/db_operations/index.rst @@ -1,4 +1,4 @@ -.. _db_operations_label: +.. _db_operations: Operations on the Kerberos database =================================== @@ -7,8 +7,8 @@ The :ref:`kdb5_util(8)` command is the primary tool for administrating the Kerberos database. .. include:: ../../admin_commands/kdb5_util.rst - :start-after: _kdb5_util_synopsys: - :end-before: _kdb5_util_synopsys_end: + :start-after: _kdb5_util_synopsis: + :end-before: _kdb5_util_synopsis_end: **OPTIONS** diff --git a/doc/rst_source/krb_admins/database/db_options.rst b/doc/rst_source/krb_admins/database/db_options.rst index 4020ad45d..d9769c9d7 100644 --- a/doc/rst_source/krb_admins/database/db_options.rst +++ b/doc/rst_source/krb_admins/database/db_options.rst @@ -5,8 +5,8 @@ You can invoke :ref:`kadmin(1)` or kadmin.local with any of the following options: .. include:: ../admin_commands/kadmin_local.rst - :start-after: kadmin_synopsys: - :end-before: kadmin_synopsys_end: + :start-after: kadmin_synopsis: + :end-before: kadmin_synopsis_end: **OPTIONS** diff --git a/doc/rst_source/krb_admins/database/db_policies/index.rst b/doc/rst_source/krb_admins/database/db_policies/index.rst index cb1104a60..7e5ea798d 100644 --- a/doc/rst_source/krb_admins/database/db_policies/index.rst +++ b/doc/rst_source/krb_admins/database/db_policies/index.rst @@ -1,5 +1,3 @@ -.. _db_policies_label: - Policies ======== diff --git a/doc/rst_source/krb_admins/database/db_princs/modify_princ.rst b/doc/rst_source/krb_admins/database/db_princs/modify_princ.rst index 1d3678c8d..48b8a9066 100644 --- a/doc/rst_source/krb_admins/database/db_princs/modify_princ.rst +++ b/doc/rst_source/krb_admins/database/db_princs/modify_princ.rst @@ -1,4 +1,4 @@ -.. _add_mod_del_princs_label: +.. _add_mod_del_princs: Adding, modifying and deleting principals ============================================ @@ -76,7 +76,7 @@ principals ``krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU`` and ``krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM`` to both databases. You need to be sure the passwords and the key version numbers (kvno) are the same in both databases. This may require explicitly setting the kvno with -the **-kvno** option. See :ref:`xrealm_authn_label` for more details. +the **-kvno** option. See :ref:`xrealm_authn` for more details. If you want to delete a principal :: diff --git a/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst b/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst index 2243bf351..bf73e3008 100644 --- a/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst +++ b/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst @@ -1,4 +1,4 @@ -.. _privileges_label: +.. _privileges: Privileges ========== @@ -46,8 +46,8 @@ l allows the listing of principals or policies in the database. L disallows the listing of principals or policies in the database. m allows the modification of principals or policies in the database. M disallows the modification of principals or policies in the database. -p allow the propagation of the principal database (Used in :ref:`incr_db_prop_label`). -P disallow the propagation of the principal database (Used in :ref:`incr_db_prop_label`). +p allow the propagation of the principal database (used in :ref:`incr_db_prop`). +P disallow the propagation of the principal database (used in :ref:`incr_db_prop`). s allows the explicit setting of the key for a principal S disallows the explicit setting of the key for a principal \* All privileges (admcil). diff --git a/doc/rst_source/krb_admins/database/incr_db_prop.rst b/doc/rst_source/krb_admins/database/incr_db_prop.rst index 0dc4360fb..53e5caa51 100644 --- a/doc/rst_source/krb_admins/database/incr_db_prop.rst +++ b/doc/rst_source/krb_admins/database/incr_db_prop.rst @@ -1,4 +1,4 @@ -.. _incr_db_prop_label: +.. _incr_db_prop: Incremental database propagation ================================ @@ -49,7 +49,7 @@ stored in the default keytab file (``/etc/krb5.keytab``). On the master KDC side, the ``kiprop/hostname`` principal must be listed in the kadmind ACL file kadm5.acl, and given the **p** -privilege (See :ref:`privileges_label`) +privilege (see :ref:`privileges`). On the slave KDC side, :ref:`kpropd(8)` should be run. When incremental propagation is enabled, it will connect to the kadmind on diff --git a/doc/rst_source/krb_admins/database/ldap_operations/edir_create_realm.rst b/doc/rst_source/krb_admins/database/ldap_operations/edir_create_realm.rst index 964d82cf3..5b92917b0 100644 --- a/doc/rst_source/krb_admins/database/ldap_operations/edir_create_realm.rst +++ b/doc/rst_source/krb_admins/database/ldap_operations/edir_create_realm.rst @@ -1,9 +1,9 @@ -.. _edir_create_realm_label: +.. _edir_create_realm: eDir: Creating a Kerberos realm =============================== -See :ref:`ldap_create_realm_label` +See :ref:`ldap_create_realm` The following are the eDirectory specific options: @@ -24,13 +24,13 @@ EXAMPLE:: Re-enter KDC database master key to verify: shell% -.. _edir_mod_realm_label: +.. _edir_mod_realm: eDir: Modifying a Kerberos realm ================================ -See :ref:`ldap_mod_realm_label` +See :ref:`ldap_mod_realm` .. include:: ../../admin_commands/kdb5_ldap_util.rst :start-after: _kdb5_ldap_util_modify_edir: diff --git a/doc/rst_source/krb_admins/database/ldap_operations/edir_mod_realm.rst b/doc/rst_source/krb_admins/database/ldap_operations/edir_mod_realm.rst index 369e21d27..4876fb57c 100644 --- a/doc/rst_source/krb_admins/database/ldap_operations/edir_mod_realm.rst +++ b/doc/rst_source/krb_admins/database/ldap_operations/edir_mod_realm.rst @@ -1,10 +1,10 @@ -.. _edir_mod_realm_label: +.. _edir_mod_realm: eDir: Modifying a Kerberos realm ================================= -See :ref:`ldap_mod_realm_label` +See :ref:`ldap_mod_realm` The following are the eDirectory specific options diff --git a/doc/rst_source/krb_admins/database/ldap_operations/index.rst b/doc/rst_source/krb_admins/database/ldap_operations/index.rst index 6f2a631c3..7fdbebaab 100644 --- a/doc/rst_source/krb_admins/database/ldap_operations/index.rst +++ b/doc/rst_source/krb_admins/database/ldap_operations/index.rst @@ -1,4 +1,4 @@ -.. _ops_on_ldap_label: +.. _ops_on_ldap: Operations on the LDAP database =============================== diff --git a/doc/rst_source/krb_admins/database/ldap_operations/ldap_create_realm.rst b/doc/rst_source/krb_admins/database/ldap_operations/ldap_create_realm.rst index 46b77bad6..b6e6a903c 100644 --- a/doc/rst_source/krb_admins/database/ldap_operations/ldap_create_realm.rst +++ b/doc/rst_source/krb_admins/database/ldap_operations/ldap_create_realm.rst @@ -1,4 +1,4 @@ -.. _ldap_create_realm_label: +.. _ldap_create_realm: Creating a Kerberos realm ========================= @@ -10,7 +10,7 @@ If you need to create a new realm, use the :ref:`kdb5_ldap_util(8)` :start-after: _kdb5_ldap_util_create: :end-before: _kdb5_ldap_util_create_end: -.. seealso:: :ref:`edir_create_realm_label` +.. seealso:: :ref:`edir_create_realm` Feedback diff --git a/doc/rst_source/krb_admins/database/ldap_operations/ldap_mod_realm.rst b/doc/rst_source/krb_admins/database/ldap_operations/ldap_mod_realm.rst index 5e8ae67fc..204b566ed 100644 --- a/doc/rst_source/krb_admins/database/ldap_operations/ldap_mod_realm.rst +++ b/doc/rst_source/krb_admins/database/ldap_operations/ldap_mod_realm.rst @@ -1,4 +1,4 @@ -.. _ldap_mod_realm_label: +.. _ldap_mod_realm: Modifying a Kerberos realm ========================== @@ -10,7 +10,7 @@ If you need to modify a realm, use the :ref:`kdb5_ldap_util(8)` :start-after: _kdb5_ldap_util_modify: :end-before: _kdb5_ldap_util_modify_end: -.. seealso:: :ref:`edir_mod_realm_label` +.. seealso:: :ref:`edir_mod_realm` Feedback diff --git a/doc/rst_source/krb_admins/database/ldap_operations/ldap_stash_pass.rst b/doc/rst_source/krb_admins/database/ldap_operations/ldap_stash_pass.rst index 93984def8..6a18498fd 100644 --- a/doc/rst_source/krb_admins/database/ldap_operations/ldap_stash_pass.rst +++ b/doc/rst_source/krb_admins/database/ldap_operations/ldap_stash_pass.rst @@ -1,4 +1,4 @@ -.. _stash_ldap_label: +.. _stash_ldap: Stashing service object's password ================================== diff --git a/doc/rst_source/krb_admins/database/xrealm_authn.rst b/doc/rst_source/krb_admins/database/xrealm_authn.rst index 91c4d9a2d..41c23d27a 100644 --- a/doc/rst_source/krb_admins/database/xrealm_authn.rst +++ b/doc/rst_source/krb_admins/database/xrealm_authn.rst @@ -1,4 +1,4 @@ -.. _xrealm_authn_label: +.. _xrealm_authn: Cross-realm authentication ========================== diff --git a/doc/rst_source/krb_admins/dns.rst b/doc/rst_source/krb_admins/dns.rst index b2224f3ef..7ef5c6329 100644 --- a/doc/rst_source/krb_admins/dns.rst +++ b/doc/rst_source/krb_admins/dns.rst @@ -1,4 +1,4 @@ -.. _udns_label: +.. _using_dns: Using DNS ========= @@ -9,9 +9,9 @@ Using DNS additions to krb5-bugs@mit.edu. Your contribution is greatly appreciated. -See :ref:`mapping_hn_label` +See :ref:`mapping_hostnames` -See :ref:`kdc_hn_label` +See :ref:`kdc_hostnames` Feedback diff --git a/doc/rst_source/krb_admins/install_appl_srv.rst b/doc/rst_source/krb_admins/install_appl_srv.rst index 045a080cb..b18ca263f 100644 --- a/doc/rst_source/krb_admins/install_appl_srv.rst +++ b/doc/rst_source/krb_admins/install_appl_srv.rst @@ -16,7 +16,7 @@ insecure server, and still take advantage of Kerberos V5's single sign-on capability. -.. _kt_file_label: +.. _keytab_file: The keytab file --------------- @@ -24,19 +24,19 @@ The keytab file All Kerberos server machines need a keytab file to authenticate to the KDC. By default on UNIX-like systems this file is named ``/etc/krb5.keytab``. The keytab file is an encrypted, local, on-disk -copy of the host's key. The keytab file, like the stash file (See -:ref:`create_db_label`) is a potential point-of-entry for a break-in, -and if compromised, would allow unrestricted access to its host. The -keytab file should be readable only by root, and should exist only on -the machine's local disk. The file should not be part of any backup -of the machine, unless access to the backup data is secured as tightly -as access to the machine's root password itself. +copy of the host's key. The keytab file, like the stash file (see +:ref:`create_db`) is a potential point-of-entry for a break-in, and if +compromised, would allow unrestricted access to its host. The keytab +file should be readable only by root, and should exist only on the +machine's local disk. The file should not be part of any backup of +the machine, unless access to the backup data is secured as tightly as +access to the machine's root password itself. In order to generate a keytab for a host, the host must have a principal in the Kerberos database. The procedure for adding hosts to -the database is described fully in :ref:`add_mod_del_princs_label`. -(See :ref:`slave_host_key_label` for a brief description.) The keytab -is generated by running :ref:`kadmin(1)` and issuing the :ref:`ktadd` +the database is described fully in :ref:`add_mod_del_princs`. (See +:ref:`slave_host_key` for a brief description.) The keytab is +generated by running :ref:`kadmin(1)` and issuing the :ref:`ktadd` command. For example, to generate a keytab file to allow the host diff --git a/doc/rst_source/krb_admins/install_kdc/admins_to_acl.rst b/doc/rst_source/krb_admins/install_kdc/admins_to_acl.rst index d9b3b69a3..a56a528ca 100644 --- a/doc/rst_source/krb_admins/install_kdc/admins_to_acl.rst +++ b/doc/rst_source/krb_admins/install_kdc/admins_to_acl.rst @@ -1,4 +1,4 @@ -.. _admin_acl_label: +.. _admin_acl: Add administrators to the ACL file ================================== diff --git a/doc/rst_source/krb_admins/install_kdc/admins_to_db.rst b/doc/rst_source/krb_admins/install_kdc/admins_to_db.rst index 91597341c..1200e3320 100644 --- a/doc/rst_source/krb_admins/install_kdc/admins_to_db.rst +++ b/doc/rst_source/krb_admins/install_kdc/admins_to_db.rst @@ -15,7 +15,7 @@ administrative privileges on the local filesystem to access database files for this command to succeed.) The administrative principals you create should be the ones you added -to the ACL file. (See :ref:`admin_acl_label`.) +to the ACL file (see :ref:`admin_acl`). In the following example, the administrative principal ``admin/admin`` is created:: diff --git a/doc/rst_source/krb_admins/install_kdc/create_db.rst b/doc/rst_source/krb_admins/install_kdc/create_db.rst index 894778f42..a7e489527 100644 --- a/doc/rst_source/krb_admins/install_kdc/create_db.rst +++ b/doc/rst_source/krb_admins/install_kdc/create_db.rst @@ -1,4 +1,4 @@ -.. _create_db_label: +.. _create_db: Create the database =================== @@ -52,7 +52,7 @@ This will create five files in the directory specified in your **-s** option. For more information on administrating Kerberos database see -:ref:`db_operations_label`. +:ref:`db_operations`. Feedback diff --git a/doc/rst_source/krb_admins/install_kdc/index.rst b/doc/rst_source/krb_admins/install_kdc/index.rst index 018f6b185..8780ec427 100644 --- a/doc/rst_source/krb_admins/install_kdc/index.rst +++ b/doc/rst_source/krb_admins/install_kdc/index.rst @@ -79,8 +79,8 @@ Install the Slave KDCs Once your KDCs are set up and running, you are ready to use :ref:`kadmin(1)` to load principals for your users, hosts, and other services into the Kerberos database. This procedure is described -fully in the :ref:`add_mod_del_princs_label`. The keytab is generated -by running kadmin and issuing the :ref:`ktadd` command. +fully in the :ref:`add_mod_del_princs`. The keytab is generated by +running kadmin and issuing the :ref:`ktadd` command. You may occasionally want to use one of your slave KDCs as the master. This might happen if you are upgrading the master KDC, or if your diff --git a/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst b/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst index b30b0fdff..dc9270c7b 100644 --- a/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst +++ b/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst @@ -48,9 +48,9 @@ following is an example of a bourne shell script that will do this. done You will need to set up a cron job to run this script at the intervals -you decided on earlier (See :ref:`db_prop_label` and -:ref:`incr_db_prop_label`.) The dump can also be used as a save file. -Once the operation succeeded, connect to slaves and start thier KDCs. +you decided on earlier (See :ref:`db_prop` and :ref:`incr_db_prop`.) +The dump can also be used as a save file. Once the operation +succeeded, connect to slaves and start thier KDCs. Now that the slave KDC has a copy of the Kerberos database, you can start the krb5kdc daemon:: @@ -64,8 +64,8 @@ the krb5kdc daemon automatically at boot time. Once your KDCs are set up and running, you are ready to use :ref:`kadmin(1)` to load principals for your users, hosts, and other services into the Kerberos database. This procedure is described -fully in the :ref:`add_mod_del_princs_label`. The keytab is generated -by running kadmin and issuing the ktadd command. +fully in the :ref:`add_mod_del_princs`. The keytab is generated by +running kadmin and issuing the ktadd command. Propagation failed? diff --git a/doc/rst_source/krb_admins/install_kdc/mod_conf.rst b/doc/rst_source/krb_admins/install_kdc/mod_conf.rst index d4e1e1966..2672e52b8 100644 --- a/doc/rst_source/krb_admins/install_kdc/mod_conf.rst +++ b/doc/rst_source/krb_admins/install_kdc/mod_conf.rst @@ -24,10 +24,10 @@ example:: krb5.conf --------- -If you are not using DNS TXT records (see :ref:`mapping_hn_label`), +If you are not using DNS TXT records (see :ref:`mapping_hostnames`), you must specify the **default_realm** in the :ref:`libdefaults` section. If you are not using DNS SRV records (see -:ref:`kdc_hn_label`), you must include the **kdc** tag for each +:ref:`kdc_hostnames`), you must include the **kdc** tag for each *realm* in the :ref:`realms` section. To communicate with the kadmin server in each realm, the **admin_server** tag must be set in the :ref:`realms` section. If your domain name and realm name are not the diff --git a/doc/rst_source/krb_admins/install_kdc/slave_install.rst b/doc/rst_source/krb_admins/install_kdc/slave_install.rst index f21e95cfe..0b1be907d 100644 --- a/doc/rst_source/krb_admins/install_kdc/slave_install.rst +++ b/doc/rst_source/krb_admins/install_kdc/slave_install.rst @@ -1,4 +1,4 @@ -.. _slave_host_key_label: +.. _slave_host_key: Setting up slave KDCs ===================== diff --git a/doc/rst_source/krb_admins/install_kdc/stash_file_def.rst b/doc/rst_source/krb_admins/install_kdc/stash_file_def.rst index ad019274d..da1cd6cc6 100644 --- a/doc/rst_source/krb_admins/install_kdc/stash_file_def.rst +++ b/doc/rst_source/krb_admins/install_kdc/stash_file_def.rst @@ -9,13 +9,13 @@ encrypted form on the KDC's local disk. The stash file is used to authenticate the KDC to itself automatically before starting the :ref:`kadmind(8)` and :ref:`krb5kdc(8)` daemons (e.g., as part of the machine's boot sequence). The stash file, like the keytab file (see -:ref:`kt_file_label` for more information) is a potential -point-of-entry for a break-in, and if compromised, would allow -unrestricted access to the Kerberos database. If you choose to -install a stash file, it should be readable only by root, and should -exist only on the KDC's local disk. The file should not be part of -any backup of the machine, unless access to the backup data is secured -as tightly as access to the master password itself. +:ref:`keytab_file`) is a potential point-of-entry for a break-in, and +if compromised, would allow unrestricted access to the Kerberos +database. If you choose to install a stash file, it should be +readable only by root, and should exist only on the KDC's local disk. +The file should not be part of any backup of the machine, unless +access to the backup data is secured as tightly as access to the +master password itself. .. note:: If you choose not to install a stash file, the KDC will prompt you for the master key each time it starts up. This means that the KDC will not be able to start automatically, such as after a system reboot. diff --git a/doc/rst_source/krb_admins/realm_config/db_prop.rst b/doc/rst_source/krb_admins/realm_config/db_prop.rst index f669b652a..c8e46d309 100644 --- a/doc/rst_source/krb_admins/realm_config/db_prop.rst +++ b/doc/rst_source/krb_admins/realm_config/db_prop.rst @@ -1,4 +1,4 @@ -.. _db_prop_label: +.. _db_prop: Database propagation ==================== @@ -18,7 +18,7 @@ parallel. To do this, have the master KDC propagate the database to one set of slaves, and then have each of these slaves propagate the database to additional slaves. -See also :ref:`incr_db_prop_label` +See also :ref:`incr_db_prop` Feedback diff --git a/doc/rst_source/krb_admins/realm_config/kdc_hn.rst b/doc/rst_source/krb_admins/realm_config/kdc_hn.rst index 939f2a600..eb50e5ec8 100644 --- a/doc/rst_source/krb_admins/realm_config/kdc_hn.rst +++ b/doc/rst_source/krb_admins/realm_config/kdc_hn.rst @@ -1,4 +1,4 @@ -.. _kdc_hn_label: +.. _kdc_hostnames: Hostnames for KDCs ================== diff --git a/doc/rst_source/krb_admins/realm_config/kdc_ports.rst b/doc/rst_source/krb_admins/realm_config/kdc_ports.rst index 2bb1b61ff..4e1aeff99 100644 --- a/doc/rst_source/krb_admins/realm_config/kdc_ports.rst +++ b/doc/rst_source/krb_admins/realm_config/kdc_ports.rst @@ -6,7 +6,7 @@ The default ports used by Kerberos are port 88 for the KDC1 and port ports, as long as they are specified in each host's ``/etc/services`` and :ref:`krb5.conf(5)` files, and the :ref:`kdc.conf(5)` file on each KDC. For a more thorough treatment of port numbers used by the -Kerberos V5 programs, refer to the :ref:`conf_firewall_label`. +Kerberos V5 programs, refer to the :ref:`conf_firewall`. Feedback -------- diff --git a/doc/rst_source/krb_admins/realm_config/mapping_hn.rst b/doc/rst_source/krb_admins/realm_config/mapping_hn.rst index 26954f183..4ed422eee 100644 --- a/doc/rst_source/krb_admins/realm_config/mapping_hn.rst +++ b/doc/rst_source/krb_admins/realm_config/mapping_hn.rst @@ -1,4 +1,4 @@ -.. _mapping_hn_label: +.. _mapping_hostnames: Mapping hostnames onto Kerberos realms diff --git a/doc/rst_source/krb_build/options2configure.rst b/doc/rst_source/krb_build/options2configure.rst index 8edbd9f69..fa5dcb0b4 100644 --- a/doc/rst_source/krb_build/options2configure.rst +++ b/doc/rst_source/krb_build/options2configure.rst @@ -48,8 +48,8 @@ Most commonly used options **--enable-dns-for-realm** Enable the use of DNS to look up a host's Kerberos realm, or a realm's KDCs, if the information is not provided in - :ref:`krb5.conf(5)`. See :ref:`kdc_hn_label` for information - about using DNS to locate the KDCs, and :ref:`mapping_hn_label` + :ref:`krb5.conf(5)`. See :ref:`kdc_hostnames` for information + about using DNS to locate the KDCs, and :ref:`mapping_hostnames` for information about using DNS to determine the default realm. By default, DNS lookups are enabled for the former but not for the latter. diff --git a/doc/rst_source/krb_users/pwd_mgmt/grant_access.rst b/doc/rst_source/krb_users/pwd_mgmt/grant_access.rst index 5d9b8a4f8..54f18e46b 100644 --- a/doc/rst_source/krb_users/pwd_mgmt/grant_access.rst +++ b/doc/rst_source/krb_users/pwd_mgmt/grant_access.rst @@ -1,4 +1,4 @@ -.. _gatya_label: +.. _grant_access: Granting access to your account =============================== diff --git a/doc/rst_source/krb_users/pwd_mgmt/index.rst b/doc/rst_source/krb_users/pwd_mgmt/index.rst index d8dacdeb7..295703045 100644 --- a/doc/rst_source/krb_users/pwd_mgmt/index.rst +++ b/doc/rst_source/krb_users/pwd_mgmt/index.rst @@ -12,8 +12,8 @@ you--send email that comes from you, read, edit, or delete your files, or log into other hosts as you--and no one will be able to tell the difference. For this reason, it is important that you choose a good password, and keep it secret. If you need to give access to your -account to someone else, you can do so through Kerberos. (See -:ref:`gatya_label`.) You should never tell your password to anyone, +account to someone else, you can do so through Kerberos (see +:ref:`grant_access`). You should never tell your password to anyone, including your system administrator, for any reason. You should change your password frequently, particularly any time you think someone may have found out what it is. diff --git a/doc/rst_source/krb_users/tkt_mgmt/obtain_kinit.rst b/doc/rst_source/krb_users/tkt_mgmt/obtain_kinit.rst index 777f877ba..e355e4f31 100644 --- a/doc/rst_source/krb_users/tkt_mgmt/obtain_kinit.rst +++ b/doc/rst_source/krb_users/tkt_mgmt/obtain_kinit.rst @@ -1,4 +1,4 @@ -.. _otwk_labal: +.. _obtain_tkt Obtaining tickets with kinit ============================ @@ -55,7 +55,7 @@ need to request forwardable tickets. You do this by specifying the Note that kinit does not tell you that it obtained forwardable tickets; you can verify this using the :ref:`klist(1)` command (see -:ref:`vytwk_label`). +:ref:`view_tkt`). Normally, your tickets are good for your system's default ticket lifetime, which is ten hours on many systems. You can specify a diff --git a/doc/rst_source/krb_users/tkt_mgmt/view_klist.rst b/doc/rst_source/krb_users/tkt_mgmt/view_klist.rst index 9d43a7329..2dd554624 100644 --- a/doc/rst_source/krb_users/tkt_mgmt/view_klist.rst +++ b/doc/rst_source/krb_users/tkt_mgmt/view_klist.rst @@ -1,4 +1,4 @@ -.. _vytwk_label: +.. _view_tkt: Viewing tickets with klist ========================== diff --git a/doc/rst_source/krb_users/user_appl/index.rst b/doc/rst_source/krb_users/user_appl/index.rst index 982399fe4..501f8204a 100644 --- a/doc/rst_source/krb_users/user_appl/index.rst +++ b/doc/rst_source/krb_users/user_appl/index.rst @@ -29,7 +29,7 @@ because Kerberos has already proven your identity. The Kerberos V5 network programs allow you the options of forwarding your tickets to the remote host (if you obtained forwardable tickets -with the :ref:`kinit(1)` program; see :ref:`otwk_labal`), and +with the :ref:`kinit(1)` program; see :ref:`obtain_tkt`), and encrypting data transmitted between you and the remote host. The Kerberos V5 applications are versions of existing UNIX network diff --git a/doc/rst_source/krb_users/user_appl/ksu.rst b/doc/rst_source/krb_users/user_appl/ksu.rst index 360763229..3097d3d87 100644 --- a/doc/rst_source/krb_users/user_appl/ksu.rst +++ b/doc/rst_source/krb_users/user_appl/ksu.rst @@ -96,9 +96,9 @@ The ksu options you are most likely to use are: (e.g., the user *joeadmin* might want to use his admin instance.) -c specifies the location of your Kerberos credentials cache (ticket file). -k tells ksu not to destroy your Kerberos tickets when ksu is finished. --f requests forwardable tickets. (See :ref:`otwk_labal`.) +-f requests forwardable tickets. (See :ref:`obtain_tkt`.) This is only applicable if ksu needs to obtain tickets. --l *lifetime* sets the ticket lifetime. (See :ref:`otwk_labal`.) i +-l *lifetime* sets the ticket lifetime. (See :ref:`obtain_tkt`.) This is only applicable if ksu needs to obtain tickets. -z tells ksu to copy your Kerberos tickets only if the UID you are switching is the same as the Kerberos primary -- 2.26.2