From f1217cd1d6b5424c223bf9459e897cf479a243b5 Mon Sep 17 00:00:00 2001 From: Michael Shanzer Date: Mon, 17 Jan 1994 18:40:12 +0000 Subject: [PATCH] more fixes to make spec up to date git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3352 dc483132-0cff-0310-8789-dd5450dbe970 --- doc/kadm5/api-funcspec.tex | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/doc/kadm5/api-funcspec.tex b/doc/kadm5/api-funcspec.tex index c92f2650c..47895ca5c 100644 --- a/doc/kadm5/api-funcspec.tex +++ b/doc/kadm5/api-funcspec.tex @@ -29,7 +29,8 @@ The Admin API Password Quality mechanism provides the following controls. Note that two strings are defined to be ``significantly -different'' if they differ by at least two characters. +different'' if they differ by at least one character. The compare is not +case sensitive. \begin{itemize} \item A minimum length can be required; a password with @@ -133,8 +134,9 @@ changed, as a Kerberos timestamp. \item[pw_expiration] The expire time of the user's current password, as a Kerberos timestamp. No application service tickets will be issued for the -principal once the password expire time has passed. Note that the -user can still obtain ticket-granting tickets. +principal once the password expire time has passed. Note that the user can +only obtain tickets for services that have the PW_CHANGE_SERVICE bit set in +the attributes field. \item[max_life] The maximum lifetime of any Kerberos ticket issued to this principal. @@ -470,6 +472,11 @@ Each Admin API operation authenticated to the ovsec_kadm/admin service requires a specific authorization to run. This version uses a simple named privilege system with the following names and meanings: +The Authorization checks only happen if you are using the RPC mechanism. +If you are using the server side API functions locally on the admin server, +the only authorization check is if you can access the approporiate local +files. + \begin{description} \item[Get] Able to examine the attributes (NOT key data) of principals and policies. -- 2.26.2