From e7ec534cf520477cad629e12158468871a8e53f2 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Mon, 11 May 2009 22:11:30 +0000 Subject: [PATCH] document ok_as_delegate in admin.texinfo pull up r2293, r22304 from trunk ------------------------------------------------------------------------ r22304 | ghudson | 2009-05-03 14:47:27 -0400 (Sun, 03 May 2009) | 2 lines Changed paths: M /trunk/doc/admin.texinfo Fix formatting of ok_as_delegate documentation in admin guide. ------------------------------------------------------------------------ r22293 | ghudson | 2009-04-30 11:08:50 -0400 (Thu, 30 Apr 2009) | 2 lines Changed paths: M /trunk/doc/admin.texinfo Document ok_as_delegate in the admin guide. ticket: 6485 tags: pullup target_version: 1.7 version_fixed: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22342 dc483132-0cff-0310-8789-dd5450dbe970 --- doc/admin.texinfo | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/doc/admin.texinfo b/doc/admin.texinfo index fbfa91f95..0ca5d2568 100644 --- a/doc/admin.texinfo +++ b/doc/admin.texinfo @@ -2274,6 +2274,14 @@ will probably never need to use this option.) ``+password_changing_service'' option sets the KRB5_KDB_PWCHANGE_SERVICE flag on the principal in the database. +@item @{-|+@}ok_as_delegate +The ``+ok_as_delegate'' option sets a flag in tickets issued for the +service principal. Some client programs may recognize this flag as +indicating that it is okay to delegate credentials to the service. If +ok_as_delegate is set on a cross-realm TGT, it indicates that the +foreign realm's ok_as_delegate flags should be honored by clients in +the local realm. The default is ``-ok_as_delegate''. + @item -randkey Sets the key for the principal to a random value (@code{add_principal} only). @value{COMPANY} recommends using this option for host keys. @@ -3101,6 +3109,13 @@ hardware device before being allowed to kinit. (Sets the @samp{KRB5_KDB_REQURES_HW_AUTH} flag.) @code{-requires_hwauth} clears this flag. +@itemx @{-|+@}ok_as_delegate +@code{+ok_as_delegate} sets the OK-AS-DELEGATE flag on tickets issued for use +with this principal as the service, which clients may use as a hint that +credentials can and should be delegated when authenticating to the service. +(Sets the @samp{KRB5_KDB_OK_AS_DELEGATE} flag.) @code{-ok_as_delegate} clears +this flag. + @itemx @{-|+@}allow_svr @code{-allow_svr} prohibits the issuance of service tickets for principals. (Sets the @samp{KRB5_KDB_DISALLOW_SVR} flag.) @code{+allow_svr} clears this flag. -- 2.26.2