From b120b68fe45df97d2bdb79c048054e83e73fff76 Mon Sep 17 00:00:00 2001 From: Zhanna Tsitkov Date: Sat, 3 Mar 2012 03:30:36 +0000 Subject: [PATCH] Fix the problem when the text of the examples and alike's was not properly indented in the man pages. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25727 dc483132-0cff-0310-8789-dd5450dbe970 --- .../admin_commands/kadmin_local.rst | 66 ++++++++++++------- .../krb_admins/admin_commands/kadmind.rst | 2 +- .../admin_commands/kdb5_ldap_util.rst | 51 +++++++++----- .../krb_admins/admin_commands/kpropd.rst | 3 +- .../krb_admins/admin_commands/kproplog.rst | 3 +- .../krb_admins/admin_commands/krb5kdc.rst | 3 +- .../krb_admins/admin_commands/ktutil.rst | 2 +- .../krb_admins/admin_commands/sserver.rst | 24 ++++--- .../krb_admins/conf_files/kdc_conf.rst | 9 ++- .../krb_admins/conf_files/krb5_conf.rst | 48 +++++++++----- .../krb_users/user_commands/k5identity.rst | 3 +- .../krb_users/user_commands/k5login.rst | 6 +- .../krb_users/user_commands/kinit.rst | 3 +- .../krb_users/user_commands/klist.rst | 3 +- .../krb_users/user_commands/kpasswd.rst | 3 +- .../krb_users/user_commands/ksu.rst | 18 +++-- 16 files changed, 164 insertions(+), 83 deletions(-) diff --git a/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst b/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst index 575e1f1c7..12f265edf 100644 --- a/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst +++ b/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst @@ -175,7 +175,8 @@ DATE FORMAT .. _date_format: Many of the kadmin commands take a duration or time as an -argument. The date can appear in a wide variety of formats, such as:: +argument. The date can appear in a wide variety of formats, such as: + :: 1 month ago 2 hours ago @@ -392,7 +393,8 @@ The options are: multiple enctype-salttype pairs. This will not function against kadmin daemons earlier than krb5-1.2. -Example:: +Example: + :: kadmin: addprinc jennifer WARNING: no policy specified for "jennifer@ATHENA.MIT.EDU"; @@ -402,7 +404,8 @@ Example:: Principal "jennifer@ATHENA.MIT.EDU" created. kadmin: -Errors:: +Errors: + :: KADM5_AUTH_ADD (requires "add" privilege) KADM5_BAD_MASK (shouldn't happen) @@ -448,7 +451,8 @@ The options are: authentication attempts without enough time between them according to its password policy) so that it can successfully authenticate. -Errors:: +Errors: + :: KADM5_AUTH_MODIFY (requires "modify" privilege) KADM5_UNK_PRINC (principal does not exist) @@ -472,7 +476,8 @@ given. Alias: **renprinc** -Errors:: +Errors: + :: KADM5_AUTH_ADD (requires "add" privilege) KADM5_AUTH_DELETE (requires "delete" privilege) @@ -495,7 +500,8 @@ prompts for deletion, unless the **-force** option is given. Alias: **delprinc** -Errors:: +Errors: + :: KADM5_AUTH_DELETE (requires "delete" privilege) KADM5_UNK_PRINC (principal does not exist) @@ -539,7 +545,8 @@ The following options are available: you know what you're doing. This option is not supported for the LDAP database. -Example:: +Example: + :: kadmin: cpw systest Enter password for principal systest@BLEEP.COM: @@ -547,7 +554,8 @@ Example:: Password for systest@BLEEP.COM changed. kadmin: -Errors:: +Errors: + :: KADM5_AUTH_MODIFY (requires the modify privilege) KADM5_UNK_PRINC (principal does not exist) @@ -588,7 +596,8 @@ fields as quoted tab-separated strings. Alias: **getprinc** -Examples:: +Examples: + :: kadmin: getprinc tlyu/admin Principal: tlyu/admin@BLEEP.COM @@ -613,7 +622,8 @@ Examples:: tlyu/admin@BLEEP.COM 786100034 0 0 kadmin: -Errors:: +Errors: + :: KADM5_AUTH_GET (requires the get (inquire) privilege) KADM5_UNK_PRINC (principal does not exist) @@ -639,7 +649,8 @@ expression. Alias: **listprincs**, **get_principals**, **get_princs** -Example:: +Example: + :: kadmin: listprincs test* test3@SECURE-TEST.OV.COM @@ -744,12 +755,14 @@ The following options are available: without the specified failure count interval elapsing. A duration of 0 means forever. -Example:: +Example: + :: kadmin: add_policy -maxlife "2 days" -minlength 5 guests kadmin: -Errors:: +Errors: + :: KADM5_AUTH_ADD (requires the add privilege) KADM5_DUP (policy already exists) @@ -769,7 +782,8 @@ Modifies the named *policy*. Options are as above for *add_policy*. Alias: **modpol** -Errors:: +Errors: + :: KADM5_AUTH_MODIFY (requires the modify privilege) KADM5_UNK_POLICY (policy does not exist) @@ -790,14 +804,16 @@ The command will fail if the policy is in use by any principals. Alias: **delpol** -Example:: +Example: + :: kadmin: del_policy guests Are you sure you want to delete the policy "guests"? (yes/no): yes kadmin: -Errors:: +Errors: + :: KADM5_AUTH_DELETE (requires the delete privilege) KADM5_UNK_POLICY (policy does not exist) @@ -819,7 +835,8 @@ outputs the fields as quoted strings separated by tabs. Alias: getpol -Examples:: +Examples: + :: kadmin: get_policy admin Policy: admin @@ -836,7 +853,8 @@ Examples:: The "Reference count" is the number of principals using that policy. -Errors:: +Errors: + :: KADM5_AUTH_GET (requires the get privilege) KADM5_UNK_POLICY (policy does not exist) @@ -860,7 +878,8 @@ printed. Aliases: **listpols**, **get_policies**, **getpols**. -Examples:: +Examples: + :: kadmin: listpols test-pol @@ -885,7 +904,8 @@ is currently running kadmin. Alias: **getprivs** -Example:: +Example: + :: kadmin: get_privs Principal joe/admin@ATHENA.MIT.EDU @@ -942,7 +962,8 @@ An entry for each of the principal's unique encryption types is added, ignoring multiple keys with the same encryption type but different salt types. -Example:: +Example: + :: kadmin: ktadd -k /tmp/foo-new-keytab host/foo.mit.edu Entry for principal host/foo.mit.edu@ATHENA.MIT.EDU with @@ -978,7 +999,8 @@ The options are: Run in quiet mode. This causes ktremove to display less verbose information. -Example:: +Example: + :: kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin all Entry for principal kadmin/admin with kvno 3 removed diff --git a/doc/rst_source/krb_admins/admin_commands/kadmind.rst b/doc/rst_source/krb_admins/admin_commands/kadmind.rst index 52ca28c1f..9554a6f53 100644 --- a/doc/rst_source/krb_admins/admin_commands/kadmind.rst +++ b/doc/rst_source/krb_admins/admin_commands/kadmind.rst @@ -186,7 +186,7 @@ control access for a particular principal on a particular principal. is disallowed. If the character is lower-case, then the operation is permitted. - :: + :: a [Dis]allows the addition of principals or policies in the database. d [Dis]allows the deletion of principals or policies in the database. diff --git a/doc/rst_source/krb_admins/admin_commands/kdb5_ldap_util.rst b/doc/rst_source/krb_admins/admin_commands/kdb5_ldap_util.rst index 59304bf34..58fa2b1dc 100644 --- a/doc/rst_source/krb_admins/admin_commands/kdb5_ldap_util.rst +++ b/doc/rst_source/krb_admins/admin_commands/kdb5_ldap_util.rst @@ -216,7 +216,8 @@ Command options specific to eDirectory: .. _kdb5_ldap_util_create_edir_end: -Example:: +EXAMPLE: + :: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu create -subtrees o=org -sscope SUB -r ATHENA.MIT.EDU Password for "cn=admin,o=org": @@ -393,7 +394,8 @@ Command options specific to eDirectory: .. _kdb5_ldap_util_modify_edir_end: -Example:: +EXAMPLE: + :: shell% kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify +requires_preauth -r ATHENA.MIT.EDU Password for "cn=admin,o=org": @@ -413,7 +415,8 @@ Displays the attributes of a realm. Options: **-r** *realm* Specifies the Kerberos realm of the database. -EXAMPLE:: +EXAMPLE: + :: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view -r ATHENA.MIT.EDU Password for "cn=admin,o=org": @@ -442,7 +445,8 @@ Destroys an existing realm. Options: **-r** *realm* Specifies the Kerberos realm of the database. -EXAMPLE:: +EXAMPLE: + :: shell% kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy -r ATHENA.MIT.EDU Password for "cn=admin,o=org": @@ -462,7 +466,8 @@ list Lists the name of realms. -EXAMPLE:: +EXAMPLE: + :: shell% kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list Password for "cn=admin,o=org": @@ -494,7 +499,8 @@ to the LDAP server. Options: Specifies Distinguished Name (DN) of the service object whose password is to be stored in file. -EXAMPLE:: +EXAMPLE: + :: kdb5_ldap_util stashsrvpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org Password for "cn=service-kdc,o=org": @@ -613,7 +619,8 @@ Creates a ticket policy in directory. Options: *policy_name* Specifies the name of the ticket policy. -EXAMPLE:: +EXAMPLE: + :: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu create_policy -r ATHENA.MIT.EDU -maxtktlife "1 day" -maxrenewlife "1 week" -allow_postdated +needchange -allow_forwardable tktpolicy Password for "cn=admin,o=org": @@ -638,7 +645,8 @@ create_policy. **-r** *realm* Specifies the Kerberos realm of the database. -Example:: +EXAMPLE: + :: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify_policy -r ATHENA.MIT.EDU -maxtktlife "60 minutes" -maxrenewlife "10 hours" +allow_postdated -requires_preauth tktpolicy Password for "cn=admin,o=org": @@ -659,7 +667,8 @@ Displays the attributes of a ticket policy. Options: *policy_name* Specifies the name of the ticket policy. -EXAMPLE:: +EXAMPLE: + :: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view_policy -r ATHENA.MIT.EDU tktpolicy Password for "cn=admin,o=org": @@ -693,7 +702,8 @@ Destroys an existing ticket policy. Options: *policy_name* Specifies the name of the ticket policy. -Example:: +EXAMPLE: + :: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy_policy -r ATHENA.MIT.EDU tktpolicy Password for "cn=admin,o=org": @@ -717,7 +727,8 @@ realm. Options: **-r** *realm* Specifies the Kerberos realm of the database. -Example:: +EXAMPLE: + :: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list_policy -r ATHENA.MIT.EDU Password for "cn=admin,o=org": @@ -765,7 +776,8 @@ eDirectory object. Options: Specifies Distinguished Name (DN) of the service object whose password is to be set. -Example:: +EXAMPLE: + :: kdb5_ldap_util setsrvpw -D cn=admin,o=org setsrvpw -fileonly -f /home/andrew/conf_keyfile cn=service-kdc,o=org Password for "cn=admin,o=org": @@ -829,7 +841,8 @@ Creates a service in directory and assigns appropriate rights. Options: Specifies Distinguished Name (DN) of the Kerberos service to be created. -Example:: +EXAMPLE: + :: shell% kdb5_ldap_util -D cn=admin,o=org create_service -kdc -randpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org Password for "cn=admin,o=org": @@ -895,7 +908,8 @@ rights. Options: Specifies Distinguished Name (DN) of the Kerberos service to be modified. -Example:: +EXAMPLE: + :: shell% kdb5_ldap_util -D cn=admin,o=org modify_service -realm ATHENA.MIT.EDU cn=service-kdc,o=org Password for "cn=admin,o=org": @@ -917,7 +931,8 @@ Displays the attributes of a service. Options: Specifies Distinguished Name (DN) of the Kerberos service to be viewed. -Example:: +EXAMPLE: + :: shell% kdb5_ldap_util -D cn=admin,o=org view_service cn=service-kdc,o=org Password for "cn=admin,o=org": @@ -954,7 +969,8 @@ Destroys an existing service. Options: Specifies Distinguished Name (DN) of the Kerberos service to be destroyed. -EXAMPLE:: +EXAMPLE: + :: shell% kdb5_ldap_util -D cn=admin,o=org destroy_service cn=service-kdc,o=org Password for "cn=admin,o=org": @@ -982,7 +998,8 @@ Lists the name of services under a given base in directory. Options: slapd.conf file will be used, where as in the case of eDirectory, the default value for the base DN is Root. -EXAMPLE:: +EXAMPLE: + :: shell% kdb5_ldap_util -D cn=admin,o=org list_service Password for "cn=admin,o=org": diff --git a/doc/rst_source/krb_admins/admin_commands/kpropd.rst b/doc/rst_source/krb_admins/admin_commands/kpropd.rst index 5856e5a12..a69b7dc25 100644 --- a/doc/rst_source/krb_admins/admin_commands/kpropd.rst +++ b/doc/rst_source/krb_admins/admin_commands/kpropd.rst @@ -32,7 +32,8 @@ the slave servers. Upon a successful download of the KDC database file, the slave Kerberos server will have an up-to-date KDC database. Normally, kpropd is invoked out of inetd(8). This is done by adding -a line to the ``/etc/inetd.conf`` file which looks like this:: +a line to the ``/etc/inetd.conf`` file which looks like this: + :: kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd diff --git a/doc/rst_source/krb_admins/admin_commands/kproplog.rst b/doc/rst_source/krb_admins/admin_commands/kproplog.rst index b9b36e716..fd171592f 100644 --- a/doc/rst_source/krb_admins/admin_commands/kproplog.rst +++ b/doc/rst_source/krb_admins/admin_commands/kproplog.rst @@ -46,7 +46,8 @@ OPTIONS **-v** Display individual attributes per update. An example of the - output generated for one entry:: + output generated for one entry: + :: Update Entry Update serial # : 4 diff --git a/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst b/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst index 6a3013ccf..49e19652f 100644 --- a/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst +++ b/doc/rst_source/krb_admins/admin_commands/krb5kdc.rst @@ -106,7 +106,8 @@ The KDC may service requests for multiple realms (maximum 32 realms). The realms are listed on the command line. Per-realm options that can be specified on the command line pertain for each realm that follows it and are superseded by subsequent definitions of the same option. -For example:: +For example: + :: krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3 diff --git a/doc/rst_source/krb_admins/admin_commands/ktutil.rst b/doc/rst_source/krb_admins/admin_commands/ktutil.rst index 0cdbfaf0e..0e9e2ae50 100644 --- a/doc/rst_source/krb_admins/admin_commands/ktutil.rst +++ b/doc/rst_source/krb_admins/admin_commands/ktutil.rst @@ -115,7 +115,7 @@ Aliases: **exit**, **q** EXAMPLE ------- -:: + :: ktutil: add_entry -password -p alice@BLEEP.COM -k 1 -e aes128-cts-hmac-sha1-96 Password for alice@BLEEP.COM: diff --git a/doc/rst_source/krb_admins/admin_commands/sserver.rst b/doc/rst_source/krb_admins/admin_commands/sserver.rst index 2ee42a5a9..982cbbd9b 100644 --- a/doc/rst_source/krb_admins/admin_commands/sserver.rst +++ b/doc/rst_source/krb_admins/admin_commands/sserver.rst @@ -30,13 +30,15 @@ installed as ``/etc/krb5.keytab``. The **-S** option allows for a different keytab than the default. sserver is normally invoked out of inetd(8), using a line in -``/etc/inetd.conf`` that looks like this:: +``/etc/inetd.conf`` that looks like this: + :: sample stream tcp nowait root /usr/local/sbin/sserver sserver Since ``sample`` is normally not a port defined in ``/etc/services``, you will usually have to add a line to ``/etc/services`` which looks -like this:: +like this: + :: sample 13135/tcp @@ -48,7 +50,8 @@ connecting to, be sure that both hosts have an entry in /etc/services for the sample tcp port, and that the same port number is in both files. -When you run sclient you should see something like this:: +When you run sclient you should see something like this: + :: sendauth succeeded, reply is: reply len 32, contents: @@ -58,28 +61,32 @@ When you run sclient you should see something like this:: COMMON ERROR MESSAGES --------------------- -1) kinit returns the error:: +1) kinit returns the error: + :: kinit: Client not found in Kerberos database while getting initial credentials This means that you didn't create an entry for your username in the Kerberos database. -2) sclient returns the error:: +2) sclient returns the error: + :: unknown service sample/tcp; check /etc/services This means that you don't have an entry in /etc/services for the sample tcp port. -3) sclient returns the error:: +3) sclient returns the error: + :: connect: Connection refused This probably means you didn't edit /etc/inetd.conf correctly, or you didn't restart inetd after editing inetd.conf. -4) sclient returns the error:: +4) sclient returns the error: + :: sclient: Server not found in Kerberos database while using sendauth @@ -88,7 +95,8 @@ COMMON ERROR MESSAGES :ref:`kadmin(1)`, and a keytab file needs to be generated to make the key for that service principal available for sclient. -5) sclient returns the error:: +5) sclient returns the error: + :: sendauth rejected, error reply is: " No such file or directory" diff --git a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst index 9633ce3b4..40d29b06d 100644 --- a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst +++ b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst @@ -346,14 +346,16 @@ PKINIT options to, a generic [kdcdefaults] specification. The search order is: -1. realm-specific subsection of [realms], :: +1. realm-specific subsection of [realms], + :: [realms] EXAMPLE.COM = { pkinit_anchors = FILE\:/usr/local/example.com.crt } -2. generic value in the [kdcdefaults] section. :: +2. generic value in the [kdcdefaults] section. + :: [kdcdefaults] pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/ @@ -445,7 +447,8 @@ identity syntax. Sample kdc.conf File -------------------- -Here's an example of a kdc.conf file:: +Here's an example of a kdc.conf file: + :: [kdcdefaults] kdc_ports = 88 diff --git a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst index fb1e2401c..79ef9470c 100644 --- a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst +++ b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst @@ -17,11 +17,13 @@ Structure The krb5.conf file is set up in the style of a Windows INI file. Sections are headed by the section name, in square brackets. Each -section may contain zero or more relations, of the form:: +section may contain zero or more relations, of the form: + :: foo = bar -or:: +or + :: fubar = { foo = bar @@ -33,7 +35,8 @@ value for the tag. This means that neither the remainder of this configuration file nor any other configuration file will be checked for any other values for this tag. -For example, if you have the following lines:: +For example, if you have the following lines: + :: foo = bar* foo = baz @@ -41,7 +44,8 @@ For example, if you have the following lines:: then the second value of ``foo`` (``baz``) would never be read. The krb5.conf file can include other files using either of the -following directives at the beginning of a line:: +following directives at the beginning of a line: + :: include FILENAME includedir DIRNAME @@ -56,7 +60,8 @@ file must begin with a section header. The krb5.conf file can specify that configuration should be obtained from a loadable module, rather than the file itself, using the following directive at the beginning of a line before any section -headers:: +headers: + :: module MODULEPATH:RESIDUAL @@ -393,7 +398,8 @@ following tags may be specified in the realm's subsection: default realm, this rule is not applicable and the conversion will fail. - For example:: + For example: + :: [realms] ATHENA.MIT.EDU = { @@ -487,7 +493,8 @@ Host names and domain names should be in lower case. If no translation entry applies, the host's realm is considered to be the hostname's domain portion converted to upper case. For example, -the following [domain_realm] section:: +the following [domain_realm] section: + :: [domain_realm] crash.mit.edu = TEST.ATHENA.MIT.EDU @@ -564,7 +571,8 @@ In the following example, the logging messages from the KDC will go to the console and to the system log under the facility LOG_DAEMON with default severity of LOG_INFO; and the logging messages from the administrative server will be appended to the file -``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``.:: +``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``. + :: [logging] kdc = CONSOLE @@ -604,7 +612,8 @@ For example, ``ANL.GOV``, ``PNL.GOV``, and ``NERSC.GOV`` all wish to use the ``ES.NET`` realm as an intermediate realm. ``ANL`` has a sub realm of ``TEST.ANL.GOV`` which will authenticate with ``NERSC.GOV`` but not ``PNL.GOV``. The [capaths] section for ``ANL.GOV`` systems -would look like this:: +would look like this: + :: [capaths] ANL.GOV = { @@ -627,7 +636,8 @@ would look like this:: } The [capaths] section of the configuration file used on ``NERSC.GOV`` -systems would look like this:: +systems would look like this: + :: [capaths] NERSC.GOV = { @@ -809,7 +819,8 @@ Each tag in the [appdefaults] section names a Kerberos V5 application or an option that is used by some Kerberos V5 application[s]. The value of the tag defines the default behaviors for that application. -For example:: +For example: + :: [appdefaults] telnet = { @@ -947,21 +958,24 @@ PKINIT options does not add to, a generic [libdefaults] specification. The search order is: -1. realm-specific subsection of [libdefaults] :: +1. realm-specific subsection of [libdefaults] : + :: [libdefaults] EXAMPLE.COM = { pkinit_anchors = FILE\:/usr/local/example.com.crt } -2. realm-specific value in the [realms] section, :: +2. realm-specific value in the [realms] section, + :: [realms] OTHERREALM.ORG = { pkinit_anchors = FILE\:/usr/local/otherrealm.org.crt } -3. generic value in the [libdefaults] section. :: +3. generic value in the [libdefaults] section. + :: [libdefaults] pkinit_anchors = DIR\:/usr/local/generic_trusted_cas/ @@ -1095,7 +1109,8 @@ PKINIT krb5.conf options * digitalSignature * keyEncipherment - Examples:: + Examples: + :: pkinit_cert_match = ||.*DoE.*.*@EXAMPLE.COM pkinit_cert_match = &&msScLogin,clientAuth.*DoE.* @@ -1188,7 +1203,8 @@ PKINIT krb5.conf options Sample krb5.conf file --------------------- -Here is an example of a generic krb5.conf file:: +Here is an example of a generic krb5.conf file: + :: [libdefaults] default_realm = ATHENA.MIT.EDU diff --git a/doc/rst_source/krb_users/user_commands/k5identity.rst b/doc/rst_source/krb_users/user_commands/k5identity.rst index fb97497e1..06195d2e6 100644 --- a/doc/rst_source/krb_users/user_commands/k5identity.rst +++ b/doc/rst_source/krb_users/user_commands/k5identity.rst @@ -56,7 +56,8 @@ The following example .k5identity file selects the client principal ``alice@KRBTEST.COM`` if the server principal is within that realm, the principal ``alice/root@EXAMPLE.COM`` if the server host is within a servers subdomain, and the principal ``alice/mail@EXAMPLE.COM`` when -accessing the IMAP service on ``mail.example.com``:: +accessing the IMAP service on ``mail.example.com``: + :: alice@KRBTEST.COM realm=KRBTEST.COM alice/root@EXAMPLE.COM host=*.servers.example.com diff --git a/doc/rst_source/krb_users/user_commands/k5login.rst b/doc/rst_source/krb_users/user_commands/k5login.rst index fc046dad9..6f6fa59a0 100644 --- a/doc/rst_source/krb_users/user_commands/k5login.rst +++ b/doc/rst_source/krb_users/user_commands/k5login.rst @@ -23,7 +23,8 @@ EXAMPLES -------- Suppose the user ``alice`` had a .k5login file in her home directory -containing the following line:: +containing the following line: + :: bob@FOOBAR.ORG @@ -33,7 +34,8 @@ access ``alice``'s account, using ``bob``'s Kerberos tickets. Let us further suppose that ``alice`` is a system administrator. Alice and the other system administrators would have their principals -in root's .k5login file on each host:: +in root's .k5login file on each host: + :: alice@BLEEP.COM diff --git a/doc/rst_source/krb_users/user_commands/kinit.rst b/doc/rst_source/krb_users/user_commands/kinit.rst index 0728c306d..3b98522f2 100644 --- a/doc/rst_source/krb_users/user_commands/kinit.rst +++ b/doc/rst_source/krb_users/user_commands/kinit.rst @@ -44,7 +44,8 @@ OPTIONS **-l** *lifetime* requests a ticket with the lifetime lifetime. The value for lifetime must be followed immediately by one - of the following delimiters:: + of the following delimiters: + :: s seconds m minutes diff --git a/doc/rst_source/krb_users/user_commands/klist.rst b/doc/rst_source/krb_users/user_commands/klist.rst index 63b0b1c06..4b610b51e 100644 --- a/doc/rst_source/krb_users/user_commands/klist.rst +++ b/doc/rst_source/krb_users/user_commands/klist.rst @@ -43,7 +43,8 @@ OPTIONS **-f** Shows the flags present in the credentials, using the following - abbreviations:: + abbreviations: + :: F Forwardable f forwarded diff --git a/doc/rst_source/krb_users/user_commands/kpasswd.rst b/doc/rst_source/krb_users/user_commands/kpasswd.rst index 00629259e..f7c484064 100644 --- a/doc/rst_source/krb_users/user_commands/kpasswd.rst +++ b/doc/rst_source/krb_users/user_commands/kpasswd.rst @@ -39,7 +39,8 @@ OPTIONS PORTS ----- -kpasswd looks first for:: +kpasswd looks first for + :: kpasswd_server = host:port diff --git a/doc/rst_source/krb_users/user_commands/ksu.rst b/doc/rst_source/krb_users/user_commands/ksu.rst index 9ab03eb9f..9acbcbe36 100644 --- a/doc/rst_source/krb_users/user_commands/ksu.rst +++ b/doc/rst_source/krb_users/user_commands/ksu.rst @@ -84,7 +84,8 @@ user's home directory, ksu attempts to access two authorization files: contains the name of a principal that is authorized to access the account. -For example:: +For example: + :: jqpublic@USC.EDU jqpublic/secure@USC.EDU @@ -216,7 +217,8 @@ OPTIONS defined the source cache name is set to ``krb5cc_``. The target cache name is automatically set to ``krb5cc_.(gen_sym())``, where gen_sym generates a new number such that - the resulting cache does not already exist. For example:: + the resulting cache does not already exist. For example: + :: krb5cc_1984.2 @@ -276,7 +278,8 @@ Ticket granting ticket options: **-e** *command* [*args* ...] ksu proceeds exactly the same as if it was invoked without the **-e** option, except instead of executing the target shell, ksu - executes the specified command Example of usage:: + executes the specified command. Example of usage: + :: ksu bob -e ls -lag @@ -295,7 +298,8 @@ Ticket granting ticket options: list of commands that the principal is authorized to execute. A principal name followed by a ``*`` means that the user is authorized to execute any command. Thus, in the following - example:: + example: + :: jqpublic@USC.EDU ls mail /local/kerberos/klist jqpublic/secure@USC.EDU * @@ -327,7 +331,8 @@ Ticket granting ticket options: thus all options intended for ksu must precede **-a**. The **-a** option can be used to simulate the **-e** option if - used as follows:: + used as follows: + :: -a -c [command [arguments]]. @@ -364,7 +369,8 @@ ksu can be compiled with the following four flags: called to obtain the names of "legal shells". Note that the target user's shell is obtained from the passwd file. -Sample configuration:: +Sample configuration: + :: KSU_OPTS = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /usr/ucb /local/bin" -- 2.26.2