From 93889f1341eeb7aec2e994673594f610309c1795 Mon Sep 17 00:00:00 2001 From: Zhanna Tsitkov Date: Mon, 5 Mar 2012 23:40:01 +0000 Subject: [PATCH] Make sure that 1. a new-line " ::" is preceded by not more then one line of text; 2. a new line does not start with a whitespace(s) and a dot git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25734 dc483132-0cff-0310-8789-dd5450dbe970 --- .../admin_commands/kadmin_local.rst | 1 + .../krb_admins/admin_commands/kpropd.rst | 1 + .../krb_admins/admin_commands/kproplog.rst | 1 + .../krb_admins/admin_commands/krb5kdc.rst | 1 + .../krb_admins/admin_commands/sserver.rst | 2 ++ .../krb_admins/conf_files/kdc_conf.rst | 12 +++---- .../krb_admins/conf_files/krb5_conf.rst | 31 ++++++++++++------- .../krb_users/user_commands/k5identity.rst | 1 + .../krb_users/user_commands/k5login.rst | 2 ++ .../krb_users/user_commands/kinit.rst | 1 + .../krb_users/user_commands/klist.rst | 1 + .../krb_users/user_commands/ksu.rst | 11 ++++--- 12 files changed, 43 insertions(+), 22 deletions(-) diff --git a/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst b/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst index 12f265edf..f5cb5b198 100644 --- a/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst +++ b/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst @@ -176,6 +176,7 @@ DATE FORMAT Many of the kadmin commands take a duration or time as an argument. The date can appear in a wide variety of formats, such as: + :: 1 month ago diff --git a/doc/rst_source/krb_admins/admin_commands/kpropd.rst b/doc/rst_source/krb_admins/admin_commands/kpropd.rst index a69b7dc25..18d67e263 100644 --- a/doc/rst_source/krb_admins/admin_commands/kpropd.rst +++ b/doc/rst_source/krb_admins/admin_commands/kpropd.rst @@ -33,6 +33,7 @@ file, the slave Kerberos server will have an up-to-date KDC database. Normally, kpropd is invoked out of inetd(8). This is done by adding a line to the ``/etc/inetd.conf`` file which looks like this: + :: kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd diff --git a/doc/rst_source/krb_admins/admin_commands/kproplog.rst b/doc/rst_source/krb_admins/admin_commands/kproplog.rst index fd171592f..1a8253907 100644 --- a/doc/rst_source/krb_admins/admin_commands/kproplog.rst +++ b/doc/rst_source/krb_admins/admin_commands/kproplog.rst @@ -47,6 +47,7 @@ OPTIONS **-v** Display individual attributes per update. An example of the output generated for one entry: + :: Update Entry diff --git a/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst b/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst index 49e19652f..f5193be43 100644 --- a/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst +++ b/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst @@ -106,6 +106,7 @@ The KDC may service requests for multiple realms (maximum 32 realms). The realms are listed on the command line. Per-realm options that can be specified on the command line pertain for each realm that follows it and are superseded by subsequent definitions of the same option. + For example: :: diff --git a/doc/rst_source/krb_admins/admin_commands/sserver.rst b/doc/rst_source/krb_admins/admin_commands/sserver.rst index 982cbbd9b..438a56828 100644 --- a/doc/rst_source/krb_admins/admin_commands/sserver.rst +++ b/doc/rst_source/krb_admins/admin_commands/sserver.rst @@ -31,6 +31,7 @@ The **-S** option allows for a different keytab than the default. sserver is normally invoked out of inetd(8), using a line in ``/etc/inetd.conf`` that looks like this: + :: sample stream tcp nowait root /usr/local/sbin/sserver sserver @@ -38,6 +39,7 @@ sserver is normally invoked out of inetd(8), using a line in Since ``sample`` is normally not a port defined in ``/etc/services``, you will usually have to add a line to ``/etc/services`` which looks like this: + :: sample 13135/tcp diff --git a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst index 013e8b3ec..32f3d0ae4 100644 --- a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst +++ b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst @@ -343,16 +343,16 @@ PKINIT options 1. realm-specific subsection of [realms], :: - [realms] - EXAMPLE.COM = { - pkinit_anchors = FILE\:/usr/local/example.com.crt - } + [realms] + EXAMPLE.COM = { + pkinit_anchors = FILE\:/usr/local/example.com.crt + } 2. generic value in the [kdcdefaults] section. :: - [kdcdefaults] - pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/ + [kdcdefaults] + pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/ For information about the syntax of some of these options, see pkinit identity syntax. diff --git a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst index 79ef9470c..49a688ef2 100644 --- a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst +++ b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst @@ -18,6 +18,7 @@ Structure The krb5.conf file is set up in the style of a Windows INI file. Sections are headed by the section name, in square brackets. Each section may contain zero or more relations, of the form: + :: foo = bar @@ -45,6 +46,7 @@ then the second value of ``foo`` (``baz``) would never be read. The krb5.conf file can include other files using either of the following directives at the beginning of a line: + :: include FILENAME @@ -61,6 +63,7 @@ The krb5.conf file can specify that configuration should be obtained from a loadable module, rather than the file itself, using the following directive at the beginning of a line before any section headers: + :: module MODULEPATH:RESIDUAL @@ -238,8 +241,8 @@ The libdefaults section may contain any of the following relations: If set, the library will look for a local user's k5login file within the named directory, with a filename corresponding to the local username. If not set, the library will look for k5login - files in the user's home directory, with the filename - .k5login. For security reasons, .k5login files must be owned by + files in the user's home directory, with the filename .k5login. + For security reasons, .k5login files must be owned by the local user or by root. **kdc_default_options** @@ -494,6 +497,7 @@ Host names and domain names should be in lower case. If no translation entry applies, the host's realm is considered to be the hostname's domain portion converted to upper case. For example, the following [domain_realm] section: + :: [domain_realm] @@ -572,6 +576,7 @@ the console and to the system log under the facility LOG_DAEMON with default severity of LOG_INFO; and the logging messages from the administrative server will be appended to the file ``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``. + :: [logging] @@ -613,6 +618,7 @@ use the ``ES.NET`` realm as an intermediate realm. ``ANL`` has a sub realm of ``TEST.ANL.GOV`` which will authenticate with ``NERSC.GOV`` but not ``PNL.GOV``. The [capaths] section for ``ANL.GOV`` systems would look like this: + :: [capaths] @@ -637,6 +643,7 @@ would look like this: The [capaths] section of the configuration file used on ``NERSC.GOV`` systems would look like this: + :: [capaths] @@ -961,24 +968,24 @@ PKINIT options 1. realm-specific subsection of [libdefaults] : :: - [libdefaults] - EXAMPLE.COM = { - pkinit_anchors = FILE\:/usr/local/example.com.crt - } + [libdefaults] + EXAMPLE.COM = { + pkinit_anchors = FILE\:/usr/local/example.com.crt + } 2. realm-specific value in the [realms] section, :: - [realms] - OTHERREALM.ORG = { - pkinit_anchors = FILE\:/usr/local/otherrealm.org.crt - } + [realms] + OTHERREALM.ORG = { + pkinit_anchors = FILE\:/usr/local/otherrealm.org.crt + } 3. generic value in the [libdefaults] section. :: - [libdefaults] - pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/ + [libdefaults] + pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/ Specifying pkinit identity information diff --git a/doc/rst_source/krb_users/user_commands/k5identity.rst b/doc/rst_source/krb_users/user_commands/k5identity.rst index 06195d2e6..5dbdff2b4 100644 --- a/doc/rst_source/krb_users/user_commands/k5identity.rst +++ b/doc/rst_source/krb_users/user_commands/k5identity.rst @@ -57,6 +57,7 @@ The following example .k5identity file selects the client principal the principal ``alice/root@EXAMPLE.COM`` if the server host is within a servers subdomain, and the principal ``alice/mail@EXAMPLE.COM`` when accessing the IMAP service on ``mail.example.com``: + :: alice@KRBTEST.COM realm=KRBTEST.COM diff --git a/doc/rst_source/krb_users/user_commands/k5login.rst b/doc/rst_source/krb_users/user_commands/k5login.rst index 6f6fa59a0..bf607f789 100644 --- a/doc/rst_source/krb_users/user_commands/k5login.rst +++ b/doc/rst_source/krb_users/user_commands/k5login.rst @@ -24,6 +24,7 @@ EXAMPLES Suppose the user ``alice`` had a .k5login file in her home directory containing the following line: + :: bob@FOOBAR.ORG @@ -35,6 +36,7 @@ access ``alice``'s account, using ``bob``'s Kerberos tickets. Let us further suppose that ``alice`` is a system administrator. Alice and the other system administrators would have their principals in root's .k5login file on each host: + :: alice@BLEEP.COM diff --git a/doc/rst_source/krb_users/user_commands/kinit.rst b/doc/rst_source/krb_users/user_commands/kinit.rst index 3b98522f2..109a5c02a 100644 --- a/doc/rst_source/krb_users/user_commands/kinit.rst +++ b/doc/rst_source/krb_users/user_commands/kinit.rst @@ -45,6 +45,7 @@ OPTIONS requests a ticket with the lifetime lifetime. The value for lifetime must be followed immediately by one of the following delimiters: + :: s seconds diff --git a/doc/rst_source/krb_users/user_commands/klist.rst b/doc/rst_source/krb_users/user_commands/klist.rst index 4b610b51e..30ae72ef4 100644 --- a/doc/rst_source/krb_users/user_commands/klist.rst +++ b/doc/rst_source/krb_users/user_commands/klist.rst @@ -44,6 +44,7 @@ OPTIONS **-f** Shows the flags present in the credentials, using the following abbreviations: + :: F Forwardable diff --git a/doc/rst_source/krb_users/user_commands/ksu.rst b/doc/rst_source/krb_users/user_commands/ksu.rst index 9acbcbe36..d6075629c 100644 --- a/doc/rst_source/krb_users/user_commands/ksu.rst +++ b/doc/rst_source/krb_users/user_commands/ksu.rst @@ -218,6 +218,7 @@ OPTIONS The target cache name is automatically set to ``krb5cc_.(gen_sym())``, where gen_sym generates a new number such that the resulting cache does not already exist. For example: + :: krb5cc_1984.2 @@ -279,6 +280,7 @@ Ticket granting ticket options: ksu proceeds exactly the same as if it was invoked without the **-e** option, except instead of executing the target shell, ksu executes the specified command. Example of usage: + :: ksu bob -e ls -lag @@ -299,6 +301,7 @@ Ticket granting ticket options: principal name followed by a ``*`` means that the user is authorized to execute any command. Thus, in the following example: + :: jqpublic@USC.EDU ls mail /local/kerberos/klist @@ -332,6 +335,7 @@ Ticket granting ticket options: The **-a** option can be used to simulate the **-e** option if used as follows: + :: -a -c [command [arguments]]. @@ -353,11 +357,10 @@ ksu can be compiled with the following four flags: channel, the password may get exposed. **PRINC_LOOK_AHEAD** - During the resolution of the default principal name, - **PRINC_LOOK_AHEAD** enables ksu to find principal names in the - .k5users file as described in the OPTIONS section (see **-n** - option). + **PRINC_LOOK_AHEAD** enables ksu to find principal names in + the .k5users file as described in the OPTIONS section + (see **-n** option). **CMD_PATH** Specifies a list of directories containing programs that users are -- 2.26.2