From ee5da7e74fcd9535ac6450eaac25defe6fd520c0 Mon Sep 17 00:00:00 2001 From: Jonathan Kamens Date: Thu, 18 Aug 1994 18:30:07 +0000 Subject: [PATCH] Minor updates git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4182 dc483132-0cff-0310-8789-dd5450dbe970 --- doc/kadm5/api-server-design.tex | 35 +++++++++++++++++---------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/doc/kadm5/api-server-design.tex b/doc/kadm5/api-server-design.tex index b330e9ce0..ecc64bac0 100644 --- a/doc/kadm5/api-server-design.tex +++ b/doc/kadm5/api-server-design.tex @@ -1,6 +1,13 @@ -\documentstyle[12pt,fullpage,changebar]{article} +\documentstyle[12pt,fullpage,changebar,rcsid]{article} -% $Id$ +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% Make _ actually generate an _, and allow line-breaking after it. +\let\underscore=\_ +\catcode`_=13 +\def_{\underscore\penalty75\relax} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +\rcs$Id$ \setlength{\parskip}{.7\baselineskip} \setlength{\parindent}{0pt} @@ -9,19 +16,12 @@ \def\v#1{\verb+#1+} \def\k#1{K$_#1$} -\title{OV*Secure Admin Server \\ Implementation Design} +\title{OV*Secure Admin Server \\ Implementation Design\thanks{\rcsId}} \author{Barry Jaspan} -\date{DRAFT --- \today} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% Make _ actually generate an _, and allow line-breaking after it. -\let\underscore=\_ -\catcode`_=13 -\def_{\underscore\penalty75\relax} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{document} +\sloppy \maketitle {\setlength{\parskip}{0pt}\tableofcontents} @@ -39,7 +39,6 @@ wire. The RPC mechanism does, however, allow the server to access the underlying authentication credentials for authorization purposes. The admin server accesses a total of three databases. - \begin{itemize} \item The master Kerberos database is used to store all the information that the Kerberos server understands, thus allowing the @@ -54,12 +53,14 @@ information. The per-principal information stored in the admin principal database consists of the principal's policy name and an array of the principal's previous keys. The old keys are stored encrypted in the -key of the special principal ``kadmin/history'' that is created by -ovsec_kadm_create. Since a change in kadmin/history's key renders +key of the special principal ``ovsec_adm/history'' that is created by +ovsec_adm_create. Since a change in ovsec_adm/history's key renders every principal's key history array useless, it can only be changed -using the ovsec_kadm_edit utility; that program will reencrypt every -principal's key history in the new key. The admin server refuses all -requests to change kdamin/history's key. +using the ovsec_adm_edit utility; that program will reencrypt every +principal's key history in the new key.\footnote{ovsec_adm_edit has +not yet been implemented, and there are currently no plans to +implement it.} The admin server refuses all requests to change +ovsec_adm/history's key. \section{Main} -- 2.26.2