From ebc76acfeeadb9db1e2c78470eca8300bef38ffc Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 27 May 2003 23:20:25 +0000 Subject: [PATCH] Docs for admin keytab changes... only this one change need pullup * admin.texinfo (realms (kdc.conf)): Update to reflect that kadm5.keytab is only used by legacy admin daemons. * install.texinfo (Create a kadmind Keytab (optional)): Update to reflect that kadm5.keytab is only used by legacy admin daemons. ticket: 1372 version_fixed: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15510 dc483132-0cff-0310-8789-dd5450dbe970 --- doc/ChangeLog | 6 ++++++ doc/admin.texinfo | 6 +++--- doc/install.texinfo | 25 +++++++++++++------------ 3 files changed, 22 insertions(+), 15 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 5934a4081..fa79ec649 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,11 @@ 2003-05-27 Tom Yu + * admin.texinfo (realms (kdc.conf)): Update to reflect that + kadm5.keytab is only used by legacy admin daemons. + + * install.texinfo (Create a kadmind Keytab (optional)): Update to + reflect that kadm5.keytab is only used by legacy admin daemons. + * build.texinfo (HPUX): Make HPUX compiler flags simpler. 2003-05-23 Ken Raeburn diff --git a/doc/admin.texinfo b/doc/admin.texinfo index 468d63309..314ad1335 100644 --- a/doc/admin.texinfo +++ b/doc/admin.texinfo @@ -1116,9 +1116,9 @@ uses to determine which principals are allowed which permissions on the database. The default is @code{@value{DefaultAclFile}}. @itemx admin_keytab -(String.) Location of the keytab file that kadmin uses to authenticate -to the database. The default is -@code{@value{DefaultAdminKeytab}}. +(String.) Location of the keytab file that the legacy administration +daemons @code{kadmind4} and @code{v5passwdd} use to authenticate to +the database. The default is @code{@value{DefaultAdminKeytab}}. @itemx database_name (String.) Location of the Kerberos database for this realm. The diff --git a/doc/install.texinfo b/doc/install.texinfo index c9f2df6a3..f406fdc4a 100644 --- a/doc/install.texinfo +++ b/doc/install.texinfo @@ -374,7 +374,7 @@ first few steps must be done on the master KDC. * Create the Database:: * Add Administrators to the Acl File:: * Add Administrators to the Kerberos Database:: -* Create a kadmind Keytab:: +* Create a kadmind Keytab (optional):: * Start the Kerberos Daemons:: @end menu @@ -516,7 +516,7 @@ filename should match the value you have set for ``acl_file'' in your @include kadm5acl.texinfo -@node Add Administrators to the Kerberos Database, Create a kadmind Keytab, Add Administrators to the Acl File, Install the Master KDC +@node Add Administrators to the Kerberos Database, Create a kadmind Keytab (optional), Add Administrators to the Acl File, Install the Master KDC @subsubsection Add Administrators to the Kerberos Database Next you need to add administrative principals to the Kerberos database. @@ -551,17 +551,18 @@ kadmin.local:} -@node Create a kadmind Keytab, Start the Kerberos Daemons, Add Administrators to the Kerberos Database, Install the Master KDC -@subsubsection Create a kadmind Keytab +@node Create a kadmind Keytab (optional), Start the Kerberos Daemons, Add Administrators to the Kerberos Database, Install the Master KDC +@subsubsection Create a kadmind Keytab (optional) -The kadmind keytab is the key that kadmind will use to decrypt -administrators' Kerberos tickets to determine whether or not it should -give them access to the database. You need to create the kadmin keytab -with entries for the principals @code{kadmin/admin} and +The kadmind keytab is the key that the legacy admininstration daemons +@code{kadmind4} and @code{v5passwdd} will use to decrypt +administrators' or clients' Kerberos tickets to determine whether or +not they should have access to the database. You need to create the +kadmin keytab with entries for the principals @code{kadmin/admin} and @code{kadmin/changepw}. (These principals are placed in the Kerberos database automatically when you create it.) To create the kadmin -keytab, run @code{kadmin.local} and use the @code{ktadd} command, as in -the following example. (The line beginning with @result{} is a +keytab, run @code{kadmin.local} and use the @code{ktadd} command, as +in the following example. (The line beginning with @result{} is a continuation of the previous line.): @smallexample @@ -593,7 +594,7 @@ The filename you use must be the one specified in your @code{kdc.conf} file. @need 2000 -@node Start the Kerberos Daemons, , Create a kadmind Keytab, Install the Master KDC +@node Start the Kerberos Daemons, , Create a kadmind Keytab (optional), Install the Master KDC @subsubsection Start the Kerberos Daemons on the Master KDC At this point, you are ready to start the Kerberos daemons on the Master @@ -973,7 +974,7 @@ On the @emph{new} master KDC: @enumerate @item -Create a database keytab. (@xref{Create a kadmind Keytab}.) +Create a database keytab. (@xref{Create a kadmind Keytab (optional)}.) @item Start the @code{kadmind} daemon. (@xref{Start the Kerberos Daemons}.) -- 2.26.2