Documentation components of this software distribution are licensed
under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
-(http://creativecommons.org/licenses/by-sa/3.0/)
+(https://creativecommons.org/licenses/by-sa/3.0/)
Individual source code files are copyright MIT, Cygnus Support,
Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems,
The implementation of the AES encryption algorithm in
"src/lib/crypto/builtin/aes" has the following copyright:
- Copyright (C) 2001, Dr Brian Gladman "brg@gladman.uk.net", Worcester, UK.
- All rights reserved.
+ Copyright (C) 2001, Dr Brian Gladman "brg@gladman.uk.net",
+ Worcester, UK.
+ All rights reserved.
LICENSE TERMS
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
- 2. distributions in binary form include the above copyright notice,
- this list of conditions and the following disclaimer in the
- documentation and/or other associated materials;
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
plug-in framework and the NSS crypto implementation, contain the
following copyright:
- Copyright (C) 2006 Red Hat, Inc.
- Portions copyright (C) 2006 Massachusetts Institute of Technology
- All Rights Reserved.
+ Copyright (C) 2006 Red Hat, Inc.
+ Portions copyright (C) 2006 Massachusetts Institute of Technology
+ All Rights Reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in
- the documentation and/or other materials provided with the
- distribution.
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
* Neither the name of Red Hat, Inc., nor the names of its
contributors may be used to endorse or promote products derived
University of California at Berkeley, which includes this copyright
notice:
- Copyright (C) 1983 Regents of the University of California.
- All rights reserved.
+ Copyright (C) 1983 Regents of the University of California.
+ All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
Portions contributed by Novell, Inc., including the LDAP database
backend, are subject to the following license:
- Copyright (C) 2004-2005, Novell, Inc.
- All rights reserved.
+ Copyright (C) 2004-2005, Novell, Inc.
+ All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in
- the documentation and/or other materials provided with the
- distribution.
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
* The copyright holder's name is not used to endorse or promote
products derived from this software without specific prior
Integration, including the PKINIT implementation, are subject to the
following license:
- COPYRIGHT (C) 2006-2007
- THE REGENTS OF THE UNIVERSITY OF MICHIGAN
- ALL RIGHTS RESERVED
+ COPYRIGHT (C) 2006-2007
+ THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ ALL RIGHTS RESERVED
Permission is granted to use, copy, create derivative works and
redistribute this software and such derivative works for any
The pkcs11.h file included in the PKINIT code has the following
license:
- Copyright 2006 g10 Code GmbH
- Copyright 2006 Andreas Jellinghaus
+ Copyright 2006 g10 Code GmbH
+ Copyright 2006 Andreas Jellinghaus
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
src/lib/krb5/unicode are subject to the following copyright and
permission notice:
- The OpenLDAP Public License
- Version 2.8, 17 August 2003
+ The OpenLDAP Public License
+ Version 2.8, 17 August 2003
Redistribution and use of this software and associated
documentation ("Software"), with or without modification, are
permitted provided that the following conditions are met:
- 1. Redistributions in source form must retain copyright statements
- and notices,
+ 1. Redistributions in source form must retain copyright
+ statements and notices,
2. Redistributions in binary form must reproduce applicable
copyright statements and notices, this list of conditions, and
the following disclaimer in the documentation and/or other
materials provided with the distribution, and
- 3. Redistributions must contain a verbatim copy of this document.
+ 3. Redistributions must contain a verbatim copy of this
+ document.
The OpenLDAP Foundation may revise this license from time to time.
Each revision is distinguished by a version number. You may use
Marked test programs in src/lib/krb5/krb have the following copyright:
- Copyright (C) 2006 Kungliga Tekniska Högskola
- (Royal Institute of Technology, Stockholm, Sweden).
- All rights reserved.
+ Copyright (C) 2006 Kungliga Tekniska Högskola
+ (Royal Institute of Technology, Stockholm, Sweden).
+ All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
- 3. Neither the name of KTH nor the names of its contributors may be
- used to endorse or promote products derived from this software
- without specific prior written permission.
+ 3. Neither the name of KTH nor the names of its contributors may
+ be used to endorse or promote products derived from this
+ software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
modification, are permitted provided that the following conditions
are met:
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
- 3. Neither the name of the "Oracle America, Inc." nor the names of
- its contributors may be used to endorse or promote products
+ 3. Neither the name of the "Oracle America, Inc." nor the names
+ of its contributors may be used to endorse or promote products
derived from this software without specific prior written
permission.
modification, are permitted provided that the following conditions
are met:
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer as
- the first lines of this file unmodified.
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer as the first lines of this file unmodified.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER
RESULTING FROM THE USE OF THIS SOFTWARE.
-======================================================================
-
-Portions extracted from Internet RFCs have the following copyright
-notice:
-
- Copyright (C) The Internet Society (2006).
-
- This document is subject to the rights, licenses and restrictions
- contained in BCP 78, and except as set forth therein, the authors
- retain all their rights.
-
- This document and the information contained herein are provided on
- an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
- REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND
- THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES,
- EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT
- THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
- ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
- PARTICULAR PURPOSE.
-
======================================================================
Copyright (C) 1991, 1992, 1994 by Cygnus Support.
Portions of the implementation of the Fortuna-like PRNG are subject to
the following notice:
- Copyright (C) 2005 Marko Kreen
- All rights reserved.
+ Copyright (C) 2005 Marko Kreen
+ All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
======================================================================
- Copyright (C) 1995
- The President and Fellows of Harvard University
+ Copyright (C) 1995
+ The President and Fellows of Harvard University
This code is derived from software contributed to Harvard by Jeremy
Rassen.
modification, are permitted provided that the following conditions
are met:
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
======================================================================
- Copyright (C) 2008 by the Massachusetts Institute of Technology.
- Copyright 1995 by Richard P. Basch. All Rights Reserved.
- Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved.
+ Copyright (C) 2008 by the Massachusetts Institute of Technology.
+ Copyright 1995 by Richard P. Basch. All Rights Reserved.
+ Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved.
Export of this software from the United States of America may
require a specific license from the United States Government. It
The following notice applies to "src/lib/krb5/krb/strptime.c" and
"src/include/k5-queue.h".
- Copyright (C) 1997, 1998 The NetBSD Foundation, Inc.
- All rights reserved.
+ Copyright (C) 1997, 1998 The NetBSD Foundation, Inc.
+ All rights reserved.
This code was contributed to The NetBSD Foundation by Klaus Klein.
modification, are permitted provided that the following conditions
are met:
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
This product includes software developed by the NetBSD
Foundation, Inc. and its contributors.
- 4. Neither the name of The NetBSD Foundation nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
+ 4. Neither the name of The NetBSD Foundation nor the names of
+ its contributors may be used to endorse or promote products
+ derived from this software without specific prior written
+ permission.
THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
The following notice applies to Unicode library files in
"src/lib/krb5/unicode":
- Copyright 1997, 1998, 1999 Computing Research Labs,
- New Mexico State University
+ Copyright 1997, 1998, 1999 Computing Research Labs,
+ New Mexico State University
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
modification, are permitted provided that the following conditions
are met:
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
Portions of "src/lib/krb5" are subject to the following notice:
- Copyright (C) 1994 CyberSAFE Corporation.
- Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
- All Rights Reserved.
+ Copyright (C) 1994 CyberSAFE Corporation.
+ Copyright 1990,1991,2007,2008 by the Massachusetts
+ Institute of Technology.
+ All Rights Reserved.
Export of this software from the United States of America may
require a specific license from the United States Government. It
modification, are permitted provided that the following conditions
are met:
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in
- the documentation and/or other materials provided with the
- distribution.
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
Files copied from the Intel AESNI Sample Library are subject to the
following license:
- Copyright (C) 2010, Intel Corporation
- All rights reserved.
+ Copyright (C) 2010, Intel Corporation All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
+ * Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
#! /bin/sh
# Attempt to guess a canonical system name.
-# Copyright 1992-2017 Free Software Foundation, Inc.
+# Copyright 1992-2018 Free Software Foundation, Inc.
-timestamp='2017-11-07'
+timestamp='2018-08-29'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright 1992-2017 Free Software Foundation, Inc.
+Copyright 1992-2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
exit 1
fi
-trap 'exit 1' 1 2 15
-
# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
# compiler to aid in system detection is discouraged as it requires
# temporary files to be created and, as you can see below, it is a
# Portable tmp directory creation inspired by the Autoconf team.
-set_cc_for_build='
-trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
-trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
-: ${TMPDIR=/tmp} ;
- { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
- { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
- { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
- { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
-dummy=$tmp/dummy ;
-tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
-case $CC_FOR_BUILD,$HOST_CC,$CC in
- ,,) echo "int x;" > $dummy.c ;
- for c in cc gcc c89 c99 ; do
- if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
- CC_FOR_BUILD="$c"; break ;
- fi ;
- done ;
- if test x"$CC_FOR_BUILD" = x ; then
- CC_FOR_BUILD=no_compiler_found ;
- fi
- ;;
- ,,*) CC_FOR_BUILD=$CC ;;
- ,*,*) CC_FOR_BUILD=$HOST_CC ;;
-esac ; set_cc_for_build= ;'
+tmp=
+# shellcheck disable=SC2172
+trap 'test -z "$tmp" || rm -fr "$tmp"' 1 2 13 15
+trap 'exitcode=$?; test -z "$tmp" || rm -fr "$tmp"; exit $exitcode' 0
+
+set_cc_for_build() {
+ : "${TMPDIR=/tmp}"
+ # shellcheck disable=SC2039
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; }
+ dummy=$tmp/dummy
+ case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in
+ ,,) echo "int x;" > "$dummy.c"
+ for driver in cc gcc c89 c99 ; do
+ if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then
+ CC_FOR_BUILD="$driver"
+ break
+ fi
+ done
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+ esac
+}
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 1994-08-24)
-if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+if test -f /.attbin/uname ; then
PATH=$PATH:/.attbin ; export PATH
fi
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
-case "${UNAME_SYSTEM}" in
+case "$UNAME_SYSTEM" in
Linux|GNU|GNU/*)
# If the system lacks a compiler, then just pick glibc.
# We could probably try harder.
LIBC=gnu
- eval $set_cc_for_build
- cat <<-EOF > $dummy.c
+ set_cc_for_build
+ cat <<-EOF > "$dummy.c"
#include <features.h>
#if defined(__UCLIBC__)
LIBC=uclibc
LIBC=gnu
#endif
EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
+ eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`"
+
+ # If ldd exists, use it to detect musl libc.
+ if command -v ldd >/dev/null && \
+ ldd --version 2>&1 | grep -q ^musl
+ then
+ LIBC=musl
+ fi
;;
esac
# Note: order is significant - the case branches are not exclusive.
-case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
*:NetBSD:*:*)
# NetBSD (nbsd) targets should (where applicable) match one or
# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
- /sbin/$sysctl 2>/dev/null || \
- /usr/sbin/$sysctl 2>/dev/null || \
+ "/sbin/$sysctl" 2>/dev/null || \
+ "/usr/sbin/$sysctl" 2>/dev/null || \
echo unknown)`
- case "${UNAME_MACHINE_ARCH}" in
+ case "$UNAME_MACHINE_ARCH" in
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
sh5el) machine=sh5le-unknown ;;
earmv*)
- arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
- endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
- machine=${arch}${endian}-unknown
+ arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
+ endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'`
+ machine="${arch}${endian}"-unknown
;;
- *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+ *) machine="$UNAME_MACHINE_ARCH"-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently (or will in the future) and ABI.
- case "${UNAME_MACHINE_ARCH}" in
+ case "$UNAME_MACHINE_ARCH" in
earm*)
os=netbsdelf
;;
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
- eval $set_cc_for_build
+ set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ELF__
then
;;
esac
# Determine ABI tags.
- case "${UNAME_MACHINE_ARCH}" in
+ case "$UNAME_MACHINE_ARCH" in
earm*)
expr='s/^earmv[0-9]/-eabi/;s/eb$//'
- abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
+ abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"`
;;
esac
# The OS release
# thus, need a distinct triplet. However, they do not need
# kernel version information, so it can be replaced with a
# suitable tag, in the style of linux-gnu.
- case "${UNAME_VERSION}" in
+ case "$UNAME_VERSION" in
Debian*)
release='-gnu'
;;
*)
- release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
+ release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2`
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
- echo "${machine}-${os}${release}${abi}"
+ echo "$machine-${os}${release}${abi-}"
exit ;;
*:Bitrig:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
- echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE}
+ echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE"
exit ;;
*:OpenBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
- echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE"
exit ;;
*:LibertyBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
- echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE}
+ echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE"
exit ;;
*:MidnightBSD:*:*)
- echo ${UNAME_MACHINE}-unknown-midnightbsd${UNAME_RELEASE}
+ echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE"
exit ;;
*:ekkoBSD:*:*)
- echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE"
exit ;;
*:SolidBSD:*:*)
- echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+ echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE"
exit ;;
macppc:MirBSD:*:*)
- echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+ echo powerpc-unknown-mirbsd"$UNAME_RELEASE"
exit ;;
*:MirBSD:*:*)
- echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE"
exit ;;
*:Sortix:*:*)
- echo ${UNAME_MACHINE}-unknown-sortix
+ echo "$UNAME_MACHINE"-unknown-sortix
exit ;;
*:Redox:*:*)
- echo ${UNAME_MACHINE}-unknown-redox
+ echo "$UNAME_MACHINE"-unknown-redox
exit ;;
+ mips:OSF1:*.*)
+ echo mips-dec-osf1
+ exit ;;
alpha:OSF1:*:*)
case $UNAME_RELEASE in
*4.0)
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
- echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
+ echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`"
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
exitcode=$?
trap '' 0
echo m68k-unknown-sysv4
exit ;;
*:[Aa]miga[Oo][Ss]:*:*)
- echo ${UNAME_MACHINE}-unknown-amigaos
+ echo "$UNAME_MACHINE"-unknown-amigaos
exit ;;
*:[Mm]orph[Oo][Ss]:*:*)
- echo ${UNAME_MACHINE}-unknown-morphos
+ echo "$UNAME_MACHINE"-unknown-morphos
exit ;;
*:OS/390:*:*)
echo i370-ibm-openedition
echo powerpc-ibm-os400
exit ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
- echo arm-acorn-riscix${UNAME_RELEASE}
+ echo arm-acorn-riscix"$UNAME_RELEASE"
exit ;;
arm*:riscos:*:*|arm*:RISCOS:*:*)
echo arm-unknown-riscos
sparc) echo sparc-icl-nx7; exit ;;
esac ;;
s390x:SunOS:*:*)
- echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
exit ;;
sun4H:SunOS:5.*:*)
- echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
exit ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
- echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
exit ;;
i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
- echo i386-pc-auroraux${UNAME_RELEASE}
+ echo i386-pc-auroraux"$UNAME_RELEASE"
exit ;;
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
- eval $set_cc_for_build
- SUN_ARCH=i386
- # If there is a compiler, see if it is configured for 64-bit objects.
- # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
- # This test works for both compilers.
- if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
- if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
- (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
- grep IS_64BIT_ARCH >/dev/null
- then
- SUN_ARCH=x86_64
- fi
- fi
- echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ UNAME_REL="`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
+ case `isainfo -b` in
+ 32)
+ echo i386-pc-solaris2"$UNAME_REL"
+ ;;
+ 64)
+ echo x86_64-pc-solaris2"$UNAME_REL"
+ ;;
+ esac
exit ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
# it's likely to be more like Solaris than SunOS4.
- echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
exit ;;
sun4*:SunOS:*:*)
case "`/usr/bin/arch -k`" in
;;
esac
# Japanese Language versions have a version number like `4.1.3-JL'.
- echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`"
exit ;;
sun3*:SunOS:*:*)
- echo m68k-sun-sunos${UNAME_RELEASE}
+ echo m68k-sun-sunos"$UNAME_RELEASE"
exit ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
- test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3
+ test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3
case "`/bin/arch`" in
sun3)
- echo m68k-sun-sunos${UNAME_RELEASE}
+ echo m68k-sun-sunos"$UNAME_RELEASE"
;;
sun4)
- echo sparc-sun-sunos${UNAME_RELEASE}
+ echo sparc-sun-sunos"$UNAME_RELEASE"
;;
esac
exit ;;
aushp:SunOS:*:*)
- echo sparc-auspex-sunos${UNAME_RELEASE}
+ echo sparc-auspex-sunos"$UNAME_RELEASE"
exit ;;
# The situation for MiNT is a little confusing. The machine name
# can be virtually everything (everything which is not
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
+ echo m68k-atari-mint"$UNAME_RELEASE"
exit ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
+ echo m68k-atari-mint"$UNAME_RELEASE"
exit ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
+ echo m68k-atari-mint"$UNAME_RELEASE"
exit ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
- echo m68k-milan-mint${UNAME_RELEASE}
+ echo m68k-milan-mint"$UNAME_RELEASE"
exit ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
- echo m68k-hades-mint${UNAME_RELEASE}
+ echo m68k-hades-mint"$UNAME_RELEASE"
exit ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
- echo m68k-unknown-mint${UNAME_RELEASE}
+ echo m68k-unknown-mint"$UNAME_RELEASE"
exit ;;
m68k:machten:*:*)
- echo m68k-apple-machten${UNAME_RELEASE}
+ echo m68k-apple-machten"$UNAME_RELEASE"
exit ;;
powerpc:machten:*:*)
- echo powerpc-apple-machten${UNAME_RELEASE}
+ echo powerpc-apple-machten"$UNAME_RELEASE"
exit ;;
RISC*:Mach:*:*)
echo mips-dec-mach_bsd4.3
exit ;;
RISC*:ULTRIX:*:*)
- echo mips-dec-ultrix${UNAME_RELEASE}
+ echo mips-dec-ultrix"$UNAME_RELEASE"
exit ;;
VAX*:ULTRIX*:*:*)
- echo vax-dec-ultrix${UNAME_RELEASE}
+ echo vax-dec-ultrix"$UNAME_RELEASE"
exit ;;
2020:CLIX:*:* | 2430:CLIX:*:*)
- echo clipper-intergraph-clix${UNAME_RELEASE}
+ echo clipper-intergraph-clix"$UNAME_RELEASE"
exit ;;
mips:*:*:UMIPS | mips:*:*:RISCos)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
+ set_cc_for_build
+ sed 's/^ //' << EOF > "$dummy.c"
#ifdef __cplusplus
#include <stdio.h> /* for printf() prototype */
int main (int argc, char *argv[]) {
exit (-1);
}
EOF
- $CC_FOR_BUILD -o $dummy $dummy.c &&
- dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
- SYSTEM_NAME=`$dummy $dummyarg` &&
+ $CC_FOR_BUILD -o "$dummy" "$dummy.c" &&
+ dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`"$dummy" "$dummyarg"` &&
{ echo "$SYSTEM_NAME"; exit; }
- echo mips-mips-riscos${UNAME_RELEASE}
+ echo mips-mips-riscos"$UNAME_RELEASE"
exit ;;
Motorola:PowerMAX_OS:*:*)
echo powerpc-motorola-powermax
AViiON:dgux:*:*)
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
- if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+ if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ]
then
- if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
- [ ${TARGET_BINARY_INTERFACE}x = x ]
+ if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \
+ [ "$TARGET_BINARY_INTERFACE"x = x ]
then
- echo m88k-dg-dgux${UNAME_RELEASE}
+ echo m88k-dg-dgux"$UNAME_RELEASE"
else
- echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ echo m88k-dg-dguxbcs"$UNAME_RELEASE"
fi
else
- echo i586-dg-dgux${UNAME_RELEASE}
+ echo i586-dg-dgux"$UNAME_RELEASE"
fi
exit ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m68k-tektronix-bsd
exit ;;
*:IRIX*:*:*)
- echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`"
exit ;;
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
else
- IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
fi
- echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+ echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV"
exit ;;
*:AIX:2:3)
if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
+ set_cc_for_build
+ sed 's/^ //' << EOF > "$dummy.c"
#include <sys/systemcfg.h>
main()
exit(0);
}
EOF
- if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"`
then
echo "$SYSTEM_NAME"
else
exit ;;
*:AIX:*:[4567])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
- if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+ if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
else
IBM_ARCH=powerpc
IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
else
- IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
fi
- echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ echo "$IBM_ARCH"-ibm-aix"$IBM_REV"
exit ;;
*:AIX:*:*)
echo rs6000-ibm-aix
echo romp-ibm-bsd4.4
exit ;;
ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
- echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to
exit ;; # report: romp-ibm BSD 4.3
*:BOSX:*:*)
echo rs6000-bull-bosx
echo m68k-hp-bsd4.4
exit ;;
9000/[34678]??:HP-UX:*:*)
- HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
- case "${UNAME_MACHINE}" in
+ HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
+ case "$UNAME_MACHINE" in
9000/31?) HP_ARCH=m68000 ;;
9000/[34]??) HP_ARCH=m68k ;;
9000/[678][0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
- case "${sc_cpu_version}" in
+ case "$sc_cpu_version" in
523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
- case "${sc_kernel_bits}" in
+ case "$sc_kernel_bits" in
32) HP_ARCH=hppa2.0n ;;
64) HP_ARCH=hppa2.0w ;;
'') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
esac ;;
esac
fi
- if [ "${HP_ARCH}" = "" ]; then
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
+ if [ "$HP_ARCH" = "" ]; then
+ set_cc_for_build
+ sed 's/^ //' << EOF > "$dummy.c"
#define _HPUX_SOURCE
#include <stdlib.h>
exit (0);
}
EOF
- (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"`
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
- if [ ${HP_ARCH} = hppa2.0w ]
+ if [ "$HP_ARCH" = hppa2.0w ]
then
- eval $set_cc_for_build
+ set_cc_for_build
# hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
# 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
HP_ARCH=hppa64
fi
fi
- echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ echo "$HP_ARCH"-hp-hpux"$HPUX_REV"
exit ;;
ia64:HP-UX:*:*)
- HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
- echo ia64-hp-hpux${HPUX_REV}
+ HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux"$HPUX_REV"
exit ;;
3050*:HI-UX:*:*)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
+ set_cc_for_build
+ sed 's/^ //' << EOF > "$dummy.c"
#include <unistd.h>
int
main ()
exit (0);
}
EOF
- $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` &&
{ echo "$SYSTEM_NAME"; exit; }
echo unknown-hitachi-hiuxwe2
exit ;;
exit ;;
i*86:OSF1:*:*)
if [ -x /usr/sbin/sysversion ] ; then
- echo ${UNAME_MACHINE}-unknown-osf1mk
+ echo "$UNAME_MACHINE"-unknown-osf1mk
else
- echo ${UNAME_MACHINE}-unknown-osf1
+ echo "$UNAME_MACHINE"-unknown-osf1
fi
exit ;;
parisc*:Lites*:*:*)
echo c4-convex-bsd
exit ;;
CRAY*Y-MP:*:*:*)
- echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
exit ;;
CRAY*[A-Z]90:*:*:*)
- echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \
| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
-e 's/\.[^.]*$/.X/'
exit ;;
CRAY*TS:*:*:*)
- echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
exit ;;
CRAY*T3E:*:*:*)
- echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
exit ;;
CRAY*SV1:*:*:*)
- echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
exit ;;
*:UNICOS/mp:*:*)
- echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
5000:UNIX_System_V:4.*:*)
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
+ FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
- echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE"
exit ;;
sparc*:BSD/OS:*:*)
- echo sparc-unknown-bsdi${UNAME_RELEASE}
+ echo sparc-unknown-bsdi"$UNAME_RELEASE"
exit ;;
*:BSD/OS:*:*)
- echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+ echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE"
+ exit ;;
+ arm:FreeBSD:*:*)
+ UNAME_PROCESSOR=`uname -p`
+ set_cc_for_build
+ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_PCS_VFP
+ then
+ echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabi
+ else
+ echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabihf
+ fi
exit ;;
*:FreeBSD:*:*)
UNAME_PROCESSOR=`/usr/bin/uname -p`
- case ${UNAME_PROCESSOR} in
+ case "$UNAME_PROCESSOR" in
amd64)
UNAME_PROCESSOR=x86_64 ;;
i386)
UNAME_PROCESSOR=i586 ;;
esac
- echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
exit ;;
i*:CYGWIN*:*)
- echo ${UNAME_MACHINE}-pc-cygwin
+ echo "$UNAME_MACHINE"-pc-cygwin
exit ;;
*:MINGW64*:*)
- echo ${UNAME_MACHINE}-pc-mingw64
+ echo "$UNAME_MACHINE"-pc-mingw64
exit ;;
*:MINGW*:*)
- echo ${UNAME_MACHINE}-pc-mingw32
+ echo "$UNAME_MACHINE"-pc-mingw32
exit ;;
*:MSYS*:*)
- echo ${UNAME_MACHINE}-pc-msys
+ echo "$UNAME_MACHINE"-pc-msys
exit ;;
i*:PW*:*)
- echo ${UNAME_MACHINE}-pc-pw32
+ echo "$UNAME_MACHINE"-pc-pw32
exit ;;
*:Interix*:*)
- case ${UNAME_MACHINE} in
+ case "$UNAME_MACHINE" in
x86)
- echo i586-pc-interix${UNAME_RELEASE}
+ echo i586-pc-interix"$UNAME_RELEASE"
exit ;;
authenticamd | genuineintel | EM64T)
- echo x86_64-unknown-interix${UNAME_RELEASE}
+ echo x86_64-unknown-interix"$UNAME_RELEASE"
exit ;;
IA64)
- echo ia64-unknown-interix${UNAME_RELEASE}
+ echo ia64-unknown-interix"$UNAME_RELEASE"
exit ;;
esac ;;
i*:UWIN*:*)
- echo ${UNAME_MACHINE}-pc-uwin
+ echo "$UNAME_MACHINE"-pc-uwin
exit ;;
amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
- echo x86_64-unknown-cygwin
+ echo x86_64-pc-cygwin
exit ;;
prep*:SunOS:5.*:*)
- echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
exit ;;
*:GNU:*:*)
# the GNU system
- echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`"
exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
- echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+ echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC"
exit ;;
- i*86:Minix:*:*)
- echo ${UNAME_MACHINE}-pc-minix
+ *:Minix:*:*)
+ echo "$UNAME_MACHINE"-unknown-minix
exit ;;
aarch64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
aarch64_be:Linux:*:*)
UNAME_MACHINE=aarch64_be
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
arc:Linux:*:* | arceb:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
arm*:Linux:*:*)
- eval $set_cc_for_build
+ set_cc_for_build
if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_EABI__
then
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
else
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_PCS_VFP
then
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi
else
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf
fi
fi
exit ;;
avr32*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
cris:Linux:*:*)
- echo ${UNAME_MACHINE}-axis-linux-${LIBC}
+ echo "$UNAME_MACHINE"-axis-linux-"$LIBC"
exit ;;
crisv32:Linux:*:*)
- echo ${UNAME_MACHINE}-axis-linux-${LIBC}
+ echo "$UNAME_MACHINE"-axis-linux-"$LIBC"
exit ;;
e2k:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
frv:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
hexagon:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
i*86:Linux:*:*)
- echo ${UNAME_MACHINE}-pc-linux-${LIBC}
+ echo "$UNAME_MACHINE"-pc-linux-"$LIBC"
exit ;;
ia64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
k1om:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
m32r*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
m68*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
mips:Linux:*:* | mips64:Linux:*:*)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
+ set_cc_for_build
+ sed 's/^ //' << EOF > "$dummy.c"
#undef CPU
#undef ${UNAME_MACHINE}
#undef ${UNAME_MACHINE}el
#endif
#endif
EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
- test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
+ eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`"
+ test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; }
;;
mips64el:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
openrisc*:Linux:*:*)
- echo or1k-unknown-linux-${LIBC}
+ echo or1k-unknown-linux-"$LIBC"
exit ;;
or32:Linux:*:* | or1k*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
padre:Linux:*:*)
- echo sparc-unknown-linux-${LIBC}
+ echo sparc-unknown-linux-"$LIBC"
exit ;;
parisc64:Linux:*:* | hppa64:Linux:*:*)
- echo hppa64-unknown-linux-${LIBC}
+ echo hppa64-unknown-linux-"$LIBC"
exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
- PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
- PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
- *) echo hppa-unknown-linux-${LIBC} ;;
+ PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;;
+ PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;;
+ *) echo hppa-unknown-linux-"$LIBC" ;;
esac
exit ;;
ppc64:Linux:*:*)
- echo powerpc64-unknown-linux-${LIBC}
+ echo powerpc64-unknown-linux-"$LIBC"
exit ;;
ppc:Linux:*:*)
- echo powerpc-unknown-linux-${LIBC}
+ echo powerpc-unknown-linux-"$LIBC"
exit ;;
ppc64le:Linux:*:*)
- echo powerpc64le-unknown-linux-${LIBC}
+ echo powerpc64le-unknown-linux-"$LIBC"
exit ;;
ppcle:Linux:*:*)
- echo powerpcle-unknown-linux-${LIBC}
+ echo powerpcle-unknown-linux-"$LIBC"
exit ;;
riscv32:Linux:*:* | riscv64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
- echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
+ echo "$UNAME_MACHINE"-ibm-linux-"$LIBC"
exit ;;
sh64*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
sh*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
sparc:Linux:*:* | sparc64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
tile*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
vax:Linux:*:*)
- echo ${UNAME_MACHINE}-dec-linux-${LIBC}
+ echo "$UNAME_MACHINE"-dec-linux-"$LIBC"
exit ;;
x86_64:Linux:*:*)
- echo ${UNAME_MACHINE}-pc-linux-${LIBC}
+ echo "$UNAME_MACHINE"-pc-linux-"$LIBC"
exit ;;
xtensa*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
# I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
# Use sysv4.2uw... so that sysv4* matches it.
- echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+ echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION"
exit ;;
i*86:OS/2:*:*)
# If we were able to find `uname', then EMX Unix compatibility
# is probably installed.
- echo ${UNAME_MACHINE}-pc-os2-emx
+ echo "$UNAME_MACHINE"-pc-os2-emx
exit ;;
i*86:XTS-300:*:STOP)
- echo ${UNAME_MACHINE}-unknown-stop
+ echo "$UNAME_MACHINE"-unknown-stop
exit ;;
i*86:atheos:*:*)
- echo ${UNAME_MACHINE}-unknown-atheos
+ echo "$UNAME_MACHINE"-unknown-atheos
exit ;;
i*86:syllable:*:*)
- echo ${UNAME_MACHINE}-pc-syllable
+ echo "$UNAME_MACHINE"-pc-syllable
exit ;;
i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
- echo i386-unknown-lynxos${UNAME_RELEASE}
+ echo i386-unknown-lynxos"$UNAME_RELEASE"
exit ;;
i*86:*DOS:*:*)
- echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ echo "$UNAME_MACHINE"-pc-msdosdjgpp
exit ;;
i*86:*:4.*:*)
- UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'`
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
- echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+ echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL"
else
- echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL"
fi
exit ;;
i*86:*:5:[678]*)
*Pentium) UNAME_MACHINE=i586 ;;
*Pent*|*Celeron) UNAME_MACHINE=i686 ;;
esac
- echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}"
exit ;;
i*86:*:3.2:*)
if test -f /usr/options/cb.name; then
UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
- echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ echo "$UNAME_MACHINE"-pc-isc"$UNAME_REL"
elif /bin/uname -X 2>/dev/null >/dev/null ; then
UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
&& UNAME_MACHINE=i686
(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
&& UNAME_MACHINE=i686
- echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL"
else
- echo ${UNAME_MACHINE}-pc-sysv32
+ echo "$UNAME_MACHINE"-pc-sysv32
fi
exit ;;
pc:*:*:*)
exit ;;
i860:*:4.*:*) # i860-SVR4
if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
- echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4
else # Add other i860-SVR4 vendors below as they are discovered.
- echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4
fi
exit ;;
mini*:CTIX:SYS*5:*)
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ && { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
- && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& { echo i486-ncr-sysv4; exit; } ;;
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ && { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
- && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ && { echo i586-ncr-sysv4.3"$OS_REL"; exit; }
/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
- && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
- echo m68k-unknown-lynxos${UNAME_RELEASE}
+ echo m68k-unknown-lynxos"$UNAME_RELEASE"
exit ;;
mc68030:UNIX_System_V:4.*:*)
echo m68k-atari-sysv4
exit ;;
TSUNAMI:LynxOS:2.*:*)
- echo sparc-unknown-lynxos${UNAME_RELEASE}
+ echo sparc-unknown-lynxos"$UNAME_RELEASE"
exit ;;
rs6000:LynxOS:2.*:*)
- echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ echo rs6000-unknown-lynxos"$UNAME_RELEASE"
exit ;;
PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
- echo powerpc-unknown-lynxos${UNAME_RELEASE}
+ echo powerpc-unknown-lynxos"$UNAME_RELEASE"
exit ;;
SM[BE]S:UNIX_SV:*:*)
- echo mips-dde-sysv${UNAME_RELEASE}
+ echo mips-dde-sysv"$UNAME_RELEASE"
exit ;;
RM*:ReliantUNIX-*:*:*)
echo mips-sni-sysv4
*:SINIX-*:*:*)
if uname -p 2>/dev/null >/dev/null ; then
UNAME_MACHINE=`(uname -p) 2>/dev/null`
- echo ${UNAME_MACHINE}-sni-sysv4
+ echo "$UNAME_MACHINE"-sni-sysv4
else
echo ns32k-sni-sysv
fi
exit ;;
i*86:VOS:*:*)
# From Paul.Green@stratus.com.
- echo ${UNAME_MACHINE}-stratus-vos
+ echo "$UNAME_MACHINE"-stratus-vos
exit ;;
*:VOS:*:*)
# From Paul.Green@stratus.com.
echo hppa1.1-stratus-vos
exit ;;
mc68*:A/UX:*:*)
- echo m68k-apple-aux${UNAME_RELEASE}
+ echo m68k-apple-aux"$UNAME_RELEASE"
exit ;;
news*:NEWS-OS:6*:*)
echo mips-sony-newsos6
exit ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
- echo mips-nec-sysv${UNAME_RELEASE}
+ echo mips-nec-sysv"$UNAME_RELEASE"
else
- echo mips-unknown-sysv${UNAME_RELEASE}
+ echo mips-unknown-sysv"$UNAME_RELEASE"
fi
exit ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo x86_64-unknown-haiku
exit ;;
SX-4:SUPER-UX:*:*)
- echo sx4-nec-superux${UNAME_RELEASE}
+ echo sx4-nec-superux"$UNAME_RELEASE"
exit ;;
SX-5:SUPER-UX:*:*)
- echo sx5-nec-superux${UNAME_RELEASE}
+ echo sx5-nec-superux"$UNAME_RELEASE"
exit ;;
SX-6:SUPER-UX:*:*)
- echo sx6-nec-superux${UNAME_RELEASE}
+ echo sx6-nec-superux"$UNAME_RELEASE"
exit ;;
SX-7:SUPER-UX:*:*)
- echo sx7-nec-superux${UNAME_RELEASE}
+ echo sx7-nec-superux"$UNAME_RELEASE"
exit ;;
SX-8:SUPER-UX:*:*)
- echo sx8-nec-superux${UNAME_RELEASE}
+ echo sx8-nec-superux"$UNAME_RELEASE"
exit ;;
SX-8R:SUPER-UX:*:*)
- echo sx8r-nec-superux${UNAME_RELEASE}
+ echo sx8r-nec-superux"$UNAME_RELEASE"
exit ;;
SX-ACE:SUPER-UX:*:*)
- echo sxace-nec-superux${UNAME_RELEASE}
+ echo sxace-nec-superux"$UNAME_RELEASE"
exit ;;
Power*:Rhapsody:*:*)
- echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ echo powerpc-apple-rhapsody"$UNAME_RELEASE"
exit ;;
*:Rhapsody:*:*)
- echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+ echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE"
exit ;;
*:Darwin:*:*)
UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
- eval $set_cc_for_build
+ set_cc_for_build
if test "$UNAME_PROCESSOR" = unknown ; then
UNAME_PROCESSOR=powerpc
fi
- if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
+ if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
# that Apple uses in portable devices.
UNAME_PROCESSOR=x86_64
fi
- echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE"
exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
UNAME_PROCESSOR=i386
UNAME_MACHINE=pc
fi
- echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+ echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE"
exit ;;
*:QNX:*:4*)
echo i386-pc-qnx
exit ;;
NEO-*:NONSTOP_KERNEL:*:*)
- echo neo-tandem-nsk${UNAME_RELEASE}
+ echo neo-tandem-nsk"$UNAME_RELEASE"
exit ;;
NSE-*:NONSTOP_KERNEL:*:*)
- echo nse-tandem-nsk${UNAME_RELEASE}
+ echo nse-tandem-nsk"$UNAME_RELEASE"
exit ;;
NSR-*:NONSTOP_KERNEL:*:*)
- echo nsr-tandem-nsk${UNAME_RELEASE}
+ echo nsr-tandem-nsk"$UNAME_RELEASE"
+ exit ;;
+ NSV-*:NONSTOP_KERNEL:*:*)
+ echo nsv-tandem-nsk"$UNAME_RELEASE"
exit ;;
NSX-*:NONSTOP_KERNEL:*:*)
- echo nsx-tandem-nsk${UNAME_RELEASE}
+ echo nsx-tandem-nsk"$UNAME_RELEASE"
exit ;;
*:NonStop-UX:*:*)
echo mips-compaq-nonstopux
echo bs2000-siemens-sysv
exit ;;
DS/*:UNIX_System_V:*:*)
- echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+ echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE"
exit ;;
*:Plan9:*:*)
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
+ # shellcheck disable=SC2154
if test "$cputype" = 386; then
UNAME_MACHINE=i386
else
UNAME_MACHINE="$cputype"
fi
- echo ${UNAME_MACHINE}-unknown-plan9
+ echo "$UNAME_MACHINE"-unknown-plan9
exit ;;
*:TOPS-10:*:*)
echo pdp10-unknown-tops10
echo pdp10-unknown-its
exit ;;
SEI:*:*:SEIUX)
- echo mips-sei-seiux${UNAME_RELEASE}
+ echo mips-sei-seiux"$UNAME_RELEASE"
exit ;;
*:DragonFly:*:*)
- echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
exit ;;
*:*VMS:*:*)
UNAME_MACHINE=`(uname -p) 2>/dev/null`
- case "${UNAME_MACHINE}" in
+ case "$UNAME_MACHINE" in
A*) echo alpha-dec-vms ; exit ;;
I*) echo ia64-dec-vms ; exit ;;
V*) echo vax-dec-vms ; exit ;;
echo i386-pc-xenix
exit ;;
i*86:skyos:*:*)
- echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
+ echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`"
exit ;;
i*86:rdos:*:*)
- echo ${UNAME_MACHINE}-pc-rdos
+ echo "$UNAME_MACHINE"-pc-rdos
exit ;;
i*86:AROS:*:*)
- echo ${UNAME_MACHINE}-pc-aros
+ echo "$UNAME_MACHINE"-pc-aros
exit ;;
x86_64:VMkernel:*:*)
- echo ${UNAME_MACHINE}-unknown-esx
+ echo "$UNAME_MACHINE"-unknown-esx
exit ;;
amd64:Isilon\ OneFS:*:*)
echo x86_64-unknown-onefs
echo "$0: unable to guess system type" >&2
-case "${UNAME_MACHINE}:${UNAME_SYSTEM}" in
+case "$UNAME_MACHINE:$UNAME_SYSTEM" in
mips:Linux | mips64:Linux)
# If we got here on MIPS GNU/Linux, output extra information.
cat >&2 <<EOF
/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
-UNAME_MACHINE = ${UNAME_MACHINE}
-UNAME_RELEASE = ${UNAME_RELEASE}
-UNAME_SYSTEM = ${UNAME_SYSTEM}
-UNAME_VERSION = ${UNAME_VERSION}
+UNAME_MACHINE = "$UNAME_MACHINE"
+UNAME_RELEASE = "$UNAME_RELEASE"
+UNAME_SYSTEM = "$UNAME_SYSTEM"
+UNAME_VERSION = "$UNAME_VERSION"
EOF
exit 1
# Local variables:
-# eval: (add-hook 'write-file-functions 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
#! /bin/sh
# Configuration validation subroutine script.
-# Copyright 1992-2017 Free Software Foundation, Inc.
+# Copyright 1992-2018 Free Software Foundation, Inc.
-timestamp='2017-11-23'
+timestamp='2018-08-29'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
version="\
GNU config.sub ($timestamp)
-Copyright 1992-2017 Free Software Foundation, Inc.
+Copyright 1992-2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
- ) # Use stdin as input.
break ;;
-* )
- echo "$me: invalid option $1$help"
+ echo "$me: invalid option $1$help" >&2
exit 1 ;;
*local*)
# First pass through any local machine types.
- echo $1
+ echo "$1"
exit ;;
* )
exit 1;;
esac
-# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
-# Here we must recognize all the valid KERNEL-OS combinations.
-maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
-case $maybe_os in
- nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
- linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
- knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
- kopensolaris*-gnu* | cloudabi*-eabi* | \
- storm-chaos* | os2-emx* | rtmk-nova*)
- os=-$maybe_os
- basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
- ;;
- android-linux)
- os=-linux-android
- basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
- ;;
- *)
- basic_machine=`echo $1 | sed 's/-[^-]*$//'`
- if [ $basic_machine != $1 ]
- then os=`echo $1 | sed 's/.*-/-/'`
- else os=; fi
- ;;
-esac
+# Split fields of configuration type
+IFS="-" read -r field1 field2 field3 field4 <<EOF
+$1
+EOF
-### Let's recognize common machines as not being operating systems so
-### that things like config.sub decstation-3100 work. We also
-### recognize some manufacturers as not being operating systems, so we
-### can provide default operating systems below.
-case $os in
- -sun*os*)
- # Prevent following clause from handling this invalid input.
- ;;
- -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
- -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
- -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
- -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
- -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
- -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
- -apple | -axis | -knuth | -cray | -microblaze*)
- os=
- basic_machine=$1
- ;;
- -bluegene*)
- os=-cnk
- ;;
- -sim | -cisco | -oki | -wec | -winbond)
- os=
- basic_machine=$1
- ;;
- -scout)
- ;;
- -wrs)
- os=-vxworks
- basic_machine=$1
- ;;
- -chorusos*)
- os=-chorusos
- basic_machine=$1
- ;;
- -chorusrdb)
- os=-chorusrdb
- basic_machine=$1
- ;;
- -hiux*)
- os=-hiuxwe2
- ;;
- -sco6)
- os=-sco5v6
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco5)
- os=-sco3.2v5
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco4)
- os=-sco3.2v4
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco3.2.[4-9]*)
- os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco3.2v[4-9]*)
- # Don't forget version if it is 3.2v4 or newer.
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco5v6*)
- # Don't forget version if it is 3.2v4 or newer.
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco*)
- os=-sco3.2v2
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -udk*)
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -isc)
- os=-isc2.2
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -clix*)
- basic_machine=clipper-intergraph
- ;;
- -isc*)
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -lynx*178)
- os=-lynxos178
- ;;
- -lynx*5)
- os=-lynxos5
+# Separate into logical components for further validation
+case $1 in
+ *-*-*-*-*)
+ echo Invalid configuration \`"$1"\': more than four components >&2
+ exit 1
;;
- -lynx*)
- os=-lynxos
+ *-*-*-*)
+ basic_machine=$field1-$field2
+ os=$field3-$field4
;;
- -ptx*)
- basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ *-*-*)
+ # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two
+ # parts
+ maybe_os=$field2-$field3
+ case $maybe_os in
+ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc \
+ | linux-newlib* | linux-musl* | linux-uclibc* | uclinux-uclibc* \
+ | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \
+ | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \
+ | storm-chaos* | os2-emx* | rtmk-nova*)
+ basic_machine=$field1
+ os=$maybe_os
+ ;;
+ android-linux)
+ basic_machine=$field1-unknown
+ os=linux-android
+ ;;
+ *)
+ basic_machine=$field1-$field2
+ os=$field3
+ ;;
+ esac
;;
- -psos*)
- os=-psos
+ *-*)
+ # A lone config we happen to match not fitting any pattern
+ case $field1-$field2 in
+ decstation-3100)
+ basic_machine=mips-dec
+ os=
+ ;;
+ *-*)
+ # Second component is usually, but not always the OS
+ case $field2 in
+ # Prevent following clause from handling this valid os
+ sun*os*)
+ basic_machine=$field1
+ os=$field2
+ ;;
+ # Manufacturers
+ dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \
+ | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \
+ | unicom* | ibm* | next | hp | isi* | apollo | altos* \
+ | convergent* | ncr* | news | 32* | 3600* | 3100* \
+ | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \
+ | ultra | tti* | harris | dolphin | highlevel | gould \
+ | cbm | ns | masscomp | apple | axis | knuth | cray \
+ | microblaze* | sim | cisco \
+ | oki | wec | wrs | winbond)
+ basic_machine=$field1-$field2
+ os=
+ ;;
+ *)
+ basic_machine=$field1
+ os=$field2
+ ;;
+ esac
+ ;;
+ esac
;;
- -mint | -mint[0-9]*)
- basic_machine=m68k-atari
- os=-mint
+ *)
+ # Convert single-component short-hands not valid as part of
+ # multi-component configurations.
+ case $field1 in
+ 386bsd)
+ basic_machine=i386-pc
+ os=bsd
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=udi
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=scout
+ ;;
+ alliant)
+ basic_machine=fx80-alliant
+ os=
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ os=
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=bsd
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=sysv
+ ;;
+ amiga)
+ basic_machine=m68k-unknown
+ os=
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=bsd
+ ;;
+ aros)
+ basic_machine=i386-pc
+ os=aros
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=dynix
+ ;;
+ blackfin)
+ basic_machine=bfin-unknown
+ os=linux
+ ;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=cegcc
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=bsd
+ ;;
+ cray)
+ basic_machine=j90-cray
+ os=unicos
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ os=
+ ;;
+ da30)
+ basic_machine=m68k-da30
+ os=
+ ;;
+ decstation | pmax | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ os=
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=sysv3
+ ;;
+ dicos)
+ basic_machine=i686-pc
+ os=dicos
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=msdosdjgpp
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=ebmon
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=ose
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=go32
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=sysv3
+ ;;
+ hp300)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=hpux
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=proelf
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=mach
+ ;;
+ vsta)
+ basic_machine=i386-pc
+ os=vsta
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=sysv
+ ;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ os=linux
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=sysv
+ ;;
+ mingw64)
+ basic_machine=x86_64-pc
+ os=mingw64
+ ;;
+ mingw32)
+ basic_machine=i686-pc
+ os=mingw32
+ ;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ os=mingw32ce
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=morphos
+ ;;
+ moxiebox)
+ basic_machine=moxie-unknown
+ os=moxiebox
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=msdos
+ ;;
+ msys)
+ basic_machine=i686-pc
+ os=msys
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=mvs
+ ;;
+ nacl)
+ basic_machine=le32-unknown
+ os=nacl
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-pc
+ os=netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=sysv
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=nonstopux
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=os68k
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=osf
+ ;;
+ parisc)
+ basic_machine=hppa-unknown
+ os=linux
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=pw32
+ ;;
+ rdos | rdos64)
+ basic_machine=x86_64-pc
+ os=rdos
+ ;;
+ rdos32)
+ basic_machine=i386-pc
+ os=rdos
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=coff
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=udi
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ os=
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=sysv2
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ os=
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=sysv4
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ os=
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=sunos4
+ ;;
+ sun3)
+ basic_machine=m68k-sun
+ os=
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=sunos4
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ os=
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=solaris2
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ os=
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=unicos
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=tops20
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=vms
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=vxworks
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ os=mingw32
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=unicos
+ ;;
+ *)
+ basic_machine=$1
+ os=
+ ;;
+ esac
;;
esac
-# Decode aliases for certain CPU-COMPANY combinations.
+# Decode 1-component or ad-hoc basic machines
case $basic_machine in
- # Recognize the basic CPU types without company name.
- # Some are omitted here because they have special meanings below.
- 1750a | 580 \
- | a29k \
- | aarch64 | aarch64_be \
- | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
- | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
- | am33_2.0 \
- | arc | arceb \
- | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
- | avr | avr32 \
- | ba \
- | be32 | be64 \
- | bfin \
- | c4x | c8051 | clipper \
- | d10v | d30v | dlx | dsp16xx \
- | e2k | epiphany \
- | fido | fr30 | frv | ft32 \
- | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
- | hexagon \
- | i370 | i860 | i960 | ia16 | ia64 \
- | ip2k | iq2000 \
- | k1om \
- | le32 | le64 \
- | lm32 \
- | m32c | m32r | m32rle | m68000 | m68k | m88k \
- | maxq | mb | microblaze | microblazeel | mcore | mep | metag \
- | mips | mipsbe | mipseb | mipsel | mipsle \
- | mips16 \
- | mips64 | mips64el \
- | mips64octeon | mips64octeonel \
- | mips64orion | mips64orionel \
- | mips64r5900 | mips64r5900el \
- | mips64vr | mips64vrel \
- | mips64vr4100 | mips64vr4100el \
- | mips64vr4300 | mips64vr4300el \
- | mips64vr5000 | mips64vr5000el \
- | mips64vr5900 | mips64vr5900el \
- | mipsisa32 | mipsisa32el \
- | mipsisa32r2 | mipsisa32r2el \
- | mipsisa32r6 | mipsisa32r6el \
- | mipsisa64 | mipsisa64el \
- | mipsisa64r2 | mipsisa64r2el \
- | mipsisa64r6 | mipsisa64r6el \
- | mipsisa64sb1 | mipsisa64sb1el \
- | mipsisa64sr71k | mipsisa64sr71kel \
- | mipsr5900 | mipsr5900el \
- | mipstx39 | mipstx39el \
- | mn10200 | mn10300 \
- | moxie \
- | mt \
- | msp430 \
- | nds32 | nds32le | nds32be \
- | nios | nios2 | nios2eb | nios2el \
- | ns16k | ns32k \
- | open8 | or1k | or1knd | or32 \
- | pdp10 | pdp11 | pj | pjl \
- | powerpc | powerpc64 | powerpc64le | powerpcle \
- | pru \
- | pyramid \
- | riscv32 | riscv64 \
- | rl78 | rx \
- | score \
- | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
- | sh64 | sh64le \
- | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
- | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
- | spu \
- | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
- | ubicom32 \
- | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
- | visium \
- | wasm32 \
- | x86 | xc16x | xstormy16 | xtensa \
- | z8k | z80)
- basic_machine=$basic_machine-unknown
- ;;
- c54x)
- basic_machine=tic54x-unknown
- ;;
- c55x)
- basic_machine=tic55x-unknown
- ;;
- c6x)
- basic_machine=tic6x-unknown
- ;;
- leon|leon[3-9])
- basic_machine=sparc-$basic_machine
- ;;
- m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
- basic_machine=$basic_machine-unknown
- os=-none
+ # Here we handle the default manufacturer of certain CPU types. It is in
+ # some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ cpu=hppa1.1
+ vendor=winbond
;;
- m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ op50n)
+ cpu=hppa1.1
+ vendor=oki
;;
- ms1)
- basic_machine=mt-unknown
+ op60c)
+ cpu=hppa1.1
+ vendor=oki
;;
-
- strongarm | thumb | xscale)
- basic_machine=arm-unknown
+ ibm*)
+ cpu=i370
+ vendor=ibm
;;
- xgate)
- basic_machine=$basic_machine-unknown
- os=-none
+ orion105)
+ cpu=clipper
+ vendor=highlevel
;;
- xscaleeb)
- basic_machine=armeb-unknown
+ mac | mpw | mac-mpw)
+ cpu=m68k
+ vendor=apple
;;
-
- xscaleel)
- basic_machine=armel-unknown
+ pmac | pmac-mpw)
+ cpu=powerpc
+ vendor=apple
;;
- # We use `pc' rather than `unknown'
- # because (1) that's what they normally are, and
- # (2) the word "unknown" tends to confuse beginning users.
- i*86 | x86_64)
- basic_machine=$basic_machine-pc
- ;;
- # Object if more than one company name word.
- *-*-*)
- echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
- exit 1
- ;;
- # Recognize the basic CPU types with company name.
- 580-* \
- | a29k-* \
- | aarch64-* | aarch64_be-* \
- | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
- | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
- | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
- | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
- | avr-* | avr32-* \
- | ba-* \
- | be32-* | be64-* \
- | bfin-* | bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c4x-* \
- | c8051-* | clipper-* | craynv-* | cydra-* \
- | d10v-* | d30v-* | dlx-* \
- | e2k-* | elxsi-* \
- | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
- | h8300-* | h8500-* \
- | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
- | hexagon-* \
- | i*86-* | i860-* | i960-* | ia16-* | ia64-* \
- | ip2k-* | iq2000-* \
- | k1om-* \
- | le32-* | le64-* \
- | lm32-* \
- | m32c-* | m32r-* | m32rle-* \
- | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
- | microblaze-* | microblazeel-* \
- | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
- | mips16-* \
- | mips64-* | mips64el-* \
- | mips64octeon-* | mips64octeonel-* \
- | mips64orion-* | mips64orionel-* \
- | mips64r5900-* | mips64r5900el-* \
- | mips64vr-* | mips64vrel-* \
- | mips64vr4100-* | mips64vr4100el-* \
- | mips64vr4300-* | mips64vr4300el-* \
- | mips64vr5000-* | mips64vr5000el-* \
- | mips64vr5900-* | mips64vr5900el-* \
- | mipsisa32-* | mipsisa32el-* \
- | mipsisa32r2-* | mipsisa32r2el-* \
- | mipsisa32r6-* | mipsisa32r6el-* \
- | mipsisa64-* | mipsisa64el-* \
- | mipsisa64r2-* | mipsisa64r2el-* \
- | mipsisa64r6-* | mipsisa64r6el-* \
- | mipsisa64sb1-* | mipsisa64sb1el-* \
- | mipsisa64sr71k-* | mipsisa64sr71kel-* \
- | mipsr5900-* | mipsr5900el-* \
- | mipstx39-* | mipstx39el-* \
- | mmix-* \
- | mt-* \
- | msp430-* \
- | nds32-* | nds32le-* | nds32be-* \
- | nios-* | nios2-* | nios2eb-* | nios2el-* \
- | none-* | np1-* | ns16k-* | ns32k-* \
- | open8-* \
- | or1k*-* \
- | orion-* \
- | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
- | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
- | pru-* \
- | pyramid-* \
- | riscv32-* | riscv64-* \
- | rl78-* | romp-* | rs6000-* | rx-* \
- | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
- | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
- | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
- | sparclite-* \
- | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
- | tahoe-* \
- | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
- | tile*-* \
- | tron-* \
- | ubicom32-* \
- | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
- | vax-* \
- | visium-* \
- | wasm32-* \
- | we32k-* \
- | x86-* | x86_64-* | xc16x-* | xps100-* \
- | xstormy16-* | xtensa*-* \
- | ymp-* \
- | z8k-* | z80-*)
- ;;
- # Recognize the basic CPU types without company name, with glob match.
- xtensa*)
- basic_machine=$basic_machine-unknown
- ;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
- 386bsd)
- basic_machine=i386-unknown
- os=-bsd
- ;;
3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
- basic_machine=m68000-att
+ cpu=m68000
+ vendor=att
;;
3b*)
- basic_machine=we32k-att
- ;;
- a29khif)
- basic_machine=a29k-amd
- os=-udi
- ;;
- abacus)
- basic_machine=abacus-unknown
- ;;
- adobe68k)
- basic_machine=m68010-adobe
- os=-scout
- ;;
- alliant | fx80)
- basic_machine=fx80-alliant
- ;;
- altos | altos3068)
- basic_machine=m68k-altos
- ;;
- am29k)
- basic_machine=a29k-none
- os=-bsd
- ;;
- amd64)
- basic_machine=x86_64-pc
- ;;
- amd64-*)
- basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- amdahl)
- basic_machine=580-amdahl
- os=-sysv
- ;;
- amiga | amiga-*)
- basic_machine=m68k-unknown
- ;;
- amigaos | amigados)
- basic_machine=m68k-unknown
- os=-amigaos
- ;;
- amigaunix | amix)
- basic_machine=m68k-unknown
- os=-sysv4
- ;;
- apollo68)
- basic_machine=m68k-apollo
- os=-sysv
- ;;
- apollo68bsd)
- basic_machine=m68k-apollo
- os=-bsd
- ;;
- aros)
- basic_machine=i386-pc
- os=-aros
- ;;
- asmjs)
- basic_machine=asmjs-unknown
- ;;
- aux)
- basic_machine=m68k-apple
- os=-aux
- ;;
- balance)
- basic_machine=ns32k-sequent
- os=-dynix
- ;;
- blackfin)
- basic_machine=bfin-unknown
- os=-linux
- ;;
- blackfin-*)
- basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
- os=-linux
+ cpu=we32k
+ vendor=att
;;
bluegene*)
- basic_machine=powerpc-ibm
- os=-cnk
- ;;
- c54x-*)
- basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- c55x-*)
- basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- c6x-*)
- basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- c90)
- basic_machine=c90-cray
- os=-unicos
- ;;
- cegcc)
- basic_machine=arm-unknown
- os=-cegcc
- ;;
- convex-c1)
- basic_machine=c1-convex
- os=-bsd
- ;;
- convex-c2)
- basic_machine=c2-convex
- os=-bsd
- ;;
- convex-c32)
- basic_machine=c32-convex
- os=-bsd
- ;;
- convex-c34)
- basic_machine=c34-convex
- os=-bsd
- ;;
- convex-c38)
- basic_machine=c38-convex
- os=-bsd
- ;;
- cray | j90)
- basic_machine=j90-cray
- os=-unicos
- ;;
- craynv)
- basic_machine=craynv-cray
- os=-unicosmp
- ;;
- cr16 | cr16-*)
- basic_machine=cr16-unknown
- os=-elf
- ;;
- crds | unos)
- basic_machine=m68k-crds
- ;;
- crisv32 | crisv32-* | etraxfs*)
- basic_machine=crisv32-axis
- ;;
- cris | cris-* | etrax*)
- basic_machine=cris-axis
- ;;
- crx)
- basic_machine=crx-unknown
- os=-elf
- ;;
- da30 | da30-*)
- basic_machine=m68k-da30
- ;;
- decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
- basic_machine=mips-dec
+ cpu=powerpc
+ vendor=ibm
+ os=cnk
;;
decsystem10* | dec10*)
- basic_machine=pdp10-dec
- os=-tops10
+ cpu=pdp10
+ vendor=dec
+ os=tops10
;;
decsystem20* | dec20*)
- basic_machine=pdp10-dec
- os=-tops20
+ cpu=pdp10
+ vendor=dec
+ os=tops20
;;
delta | 3300 | motorola-3300 | motorola-delta \
| 3300-motorola | delta-motorola)
- basic_machine=m68k-motorola
- ;;
- delta88)
- basic_machine=m88k-motorola
- os=-sysv3
- ;;
- dicos)
- basic_machine=i686-pc
- os=-dicos
- ;;
- djgpp)
- basic_machine=i586-pc
- os=-msdosdjgpp
- ;;
- dpx20 | dpx20-*)
- basic_machine=rs6000-bull
- os=-bosx
+ cpu=m68k
+ vendor=motorola
;;
dpx2*)
- basic_machine=m68k-bull
- os=-sysv3
- ;;
- e500v[12])
- basic_machine=powerpc-unknown
- os=$os"spe"
- ;;
- e500v[12]-*)
- basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
- os=$os"spe"
- ;;
- ebmon29k)
- basic_machine=a29k-amd
- os=-ebmon
- ;;
- elxsi)
- basic_machine=elxsi-elxsi
- os=-bsd
+ cpu=m68k
+ vendor=bull
+ os=sysv3
;;
encore | umax | mmax)
- basic_machine=ns32k-encore
+ cpu=ns32k
+ vendor=encore
;;
- es1800 | OSE68k | ose68k | ose | OSE)
- basic_machine=m68k-ericsson
- os=-ose
+ elxsi)
+ cpu=elxsi
+ vendor=elxsi
+ os=${os:-bsd}
;;
fx2800)
- basic_machine=i860-alliant
+ cpu=i860
+ vendor=alliant
;;
genix)
- basic_machine=ns32k-ns
- ;;
- gmicro)
- basic_machine=tron-gmicro
- os=-sysv
- ;;
- go32)
- basic_machine=i386-pc
- os=-go32
+ cpu=ns32k
+ vendor=ns
;;
h3050r* | hiux*)
- basic_machine=hppa1.1-hitachi
- os=-hiuxwe2
- ;;
- h8300hms)
- basic_machine=h8300-hitachi
- os=-hms
- ;;
- h8300xray)
- basic_machine=h8300-hitachi
- os=-xray
- ;;
- h8500hms)
- basic_machine=h8500-hitachi
- os=-hms
- ;;
- harris)
- basic_machine=m88k-harris
- os=-sysv3
- ;;
- hp300-*)
- basic_machine=m68k-hp
- ;;
- hp300bsd)
- basic_machine=m68k-hp
- os=-bsd
- ;;
- hp300hpux)
- basic_machine=m68k-hp
- os=-hpux
+ cpu=hppa1.1
+ vendor=hitachi
+ os=hiuxwe2
;;
hp3k9[0-9][0-9] | hp9[0-9][0-9])
- basic_machine=hppa1.0-hp
+ cpu=hppa1.0
+ vendor=hp
;;
hp9k2[0-9][0-9] | hp9k31[0-9])
- basic_machine=m68000-hp
+ cpu=m68000
+ vendor=hp
;;
hp9k3[2-9][0-9])
- basic_machine=m68k-hp
+ cpu=m68k
+ vendor=hp
;;
hp9k6[0-9][0-9] | hp6[0-9][0-9])
- basic_machine=hppa1.0-hp
+ cpu=hppa1.0
+ vendor=hp
;;
hp9k7[0-79][0-9] | hp7[0-79][0-9])
- basic_machine=hppa1.1-hp
+ cpu=hppa1.1
+ vendor=hp
;;
hp9k78[0-9] | hp78[0-9])
# FIXME: really hppa2.0-hp
- basic_machine=hppa1.1-hp
+ cpu=hppa1.1
+ vendor=hp
;;
hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
# FIXME: really hppa2.0-hp
- basic_machine=hppa1.1-hp
+ cpu=hppa1.1
+ vendor=hp
;;
hp9k8[0-9][13679] | hp8[0-9][13679])
- basic_machine=hppa1.1-hp
+ cpu=hppa1.1
+ vendor=hp
;;
hp9k8[0-9][0-9] | hp8[0-9][0-9])
- basic_machine=hppa1.0-hp
- ;;
- hppa-next)
- os=-nextstep3
- ;;
- hppaosf)
- basic_machine=hppa1.1-hp
- os=-osf
- ;;
- hppro)
- basic_machine=hppa1.1-hp
- os=-proelf
- ;;
- i370-ibm* | ibm*)
- basic_machine=i370-ibm
+ cpu=hppa1.0
+ vendor=hp
;;
i*86v32)
- basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
- os=-sysv32
+ cpu=`echo "$1" | sed -e 's/86.*/86/'`
+ vendor=pc
+ os=sysv32
;;
i*86v4*)
- basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
- os=-sysv4
+ cpu=`echo "$1" | sed -e 's/86.*/86/'`
+ vendor=pc
+ os=sysv4
;;
i*86v)
- basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
- os=-sysv
+ cpu=`echo "$1" | sed -e 's/86.*/86/'`
+ vendor=pc
+ os=sysv
;;
i*86sol2)
- basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
- os=-solaris2
+ cpu=`echo "$1" | sed -e 's/86.*/86/'`
+ vendor=pc
+ os=solaris2
;;
- i386mach)
- basic_machine=i386-mach
- os=-mach
- ;;
- i386-vsta | vsta)
- basic_machine=i386-unknown
- os=-vsta
+ j90 | j90-cray)
+ cpu=j90
+ vendor=cray
+ os=${os:-unicos}
;;
iris | iris4d)
- basic_machine=mips-sgi
+ cpu=mips
+ vendor=sgi
case $os in
- -irix*)
+ irix*)
;;
*)
- os=-irix4
+ os=irix4
;;
esac
;;
- isi68 | isi)
- basic_machine=m68k-isi
- os=-sysv
- ;;
- leon-*|leon[3-9]-*)
- basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'`
- ;;
- m68knommu)
- basic_machine=m68k-unknown
- os=-linux
- ;;
- m68knommu-*)
- basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
- os=-linux
- ;;
- m88k-omron*)
- basic_machine=m88k-omron
- ;;
- magnum | m3230)
- basic_machine=mips-mips
- os=-sysv
- ;;
- merlin)
- basic_machine=ns32k-utek
- os=-sysv
- ;;
- microblaze*)
- basic_machine=microblaze-xilinx
- ;;
- mingw64)
- basic_machine=x86_64-pc
- os=-mingw64
- ;;
- mingw32)
- basic_machine=i686-pc
- os=-mingw32
- ;;
- mingw32ce)
- basic_machine=arm-unknown
- os=-mingw32ce
- ;;
miniframe)
- basic_machine=m68000-convergent
- ;;
- *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
- basic_machine=m68k-atari
- os=-mint
- ;;
- mips3*-*)
- basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
- ;;
- mips3*)
- basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
- ;;
- monitor)
- basic_machine=m68k-rom68k
- os=-coff
- ;;
- morphos)
- basic_machine=powerpc-unknown
- os=-morphos
- ;;
- moxiebox)
- basic_machine=moxie-unknown
- os=-moxiebox
- ;;
- msdos)
- basic_machine=i386-pc
- os=-msdos
- ;;
- ms1-*)
- basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
- ;;
- msys)
- basic_machine=i686-pc
- os=-msys
- ;;
- mvs)
- basic_machine=i370-ibm
- os=-mvs
+ cpu=m68000
+ vendor=convergent
;;
- nacl)
- basic_machine=le32-unknown
- os=-nacl
- ;;
- ncr3000)
- basic_machine=i486-ncr
- os=-sysv4
- ;;
- netbsd386)
- basic_machine=i386-unknown
- os=-netbsd
- ;;
- netwinder)
- basic_machine=armv4l-rebel
- os=-linux
- ;;
- news | news700 | news800 | news900)
- basic_machine=m68k-sony
- os=-newsos
- ;;
- news1000)
- basic_machine=m68030-sony
- os=-newsos
+ *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ cpu=m68k
+ vendor=atari
+ os=mint
;;
news-3600 | risc-news)
- basic_machine=mips-sony
- os=-newsos
- ;;
- necv70)
- basic_machine=v70-nec
- os=-sysv
+ cpu=mips
+ vendor=sony
+ os=newsos
;;
next | m*-next)
- basic_machine=m68k-next
+ cpu=m68k
+ vendor=next
case $os in
- -nextstep* )
+ nextstep* )
;;
- -ns2*)
- os=-nextstep2
+ ns2*)
+ os=nextstep2
;;
*)
- os=-nextstep3
+ os=nextstep3
;;
esac
;;
- nh3000)
- basic_machine=m68k-harris
- os=-cxux
- ;;
- nh[45]000)
- basic_machine=m88k-harris
- os=-cxux
- ;;
- nindy960)
- basic_machine=i960-intel
- os=-nindy
- ;;
- mon960)
- basic_machine=i960-intel
- os=-mon960
- ;;
- nonstopux)
- basic_machine=mips-compaq
- os=-nonstopux
- ;;
np1)
- basic_machine=np1-gould
- ;;
- neo-tandem)
- basic_machine=neo-tandem
- ;;
- nse-tandem)
- basic_machine=nse-tandem
- ;;
- nsr-tandem)
- basic_machine=nsr-tandem
- ;;
- nsx-tandem)
- basic_machine=nsx-tandem
+ cpu=np1
+ vendor=gould
;;
op50n-* | op60c-*)
- basic_machine=hppa1.1-oki
- os=-proelf
- ;;
- openrisc | openrisc-*)
- basic_machine=or32-unknown
- ;;
- os400)
- basic_machine=powerpc-ibm
- os=-os400
- ;;
- OSE68000 | ose68000)
- basic_machine=m68000-ericsson
- os=-ose
- ;;
- os68k)
- basic_machine=m68k-none
- os=-os68k
+ cpu=hppa1.1
+ vendor=oki
+ os=proelf
;;
pa-hitachi)
- basic_machine=hppa1.1-hitachi
- os=-hiuxwe2
- ;;
- paragon)
- basic_machine=i860-intel
- os=-osf
- ;;
- parisc)
- basic_machine=hppa-unknown
- os=-linux
- ;;
- parisc-*)
- basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
- os=-linux
+ cpu=hppa1.1
+ vendor=hitachi
+ os=hiuxwe2
;;
pbd)
- basic_machine=sparc-tti
+ cpu=sparc
+ vendor=tti
;;
pbb)
- basic_machine=m68k-tti
+ cpu=m68k
+ vendor=tti
;;
- pc532 | pc532-*)
- basic_machine=ns32k-pc532
- ;;
- pc98)
- basic_machine=i386-pc
- ;;
- pc98-*)
- basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- pentium | p5 | k5 | k6 | nexgen | viac3)
- basic_machine=i586-pc
- ;;
- pentiumpro | p6 | 6x86 | athlon | athlon_*)
- basic_machine=i686-pc
- ;;
- pentiumii | pentium2 | pentiumiii | pentium3)
- basic_machine=i686-pc
- ;;
- pentium4)
- basic_machine=i786-pc
- ;;
- pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
- basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- pentiumpro-* | p6-* | 6x86-* | athlon-*)
- basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
- basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- pentium4-*)
- basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ pc532)
+ cpu=ns32k
+ vendor=pc532
;;
pn)
- basic_machine=pn-gould
- ;;
- power) basic_machine=power-ibm
- ;;
- ppc | ppcbe) basic_machine=powerpc-unknown
- ;;
- ppc-* | ppcbe-*)
- basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- ppcle | powerpclittle)
- basic_machine=powerpcle-unknown
+ cpu=pn
+ vendor=gould
;;
- ppcle-* | powerpclittle-*)
- basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- ppc64) basic_machine=powerpc64-unknown
- ;;
- ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- ppc64le | powerpc64little)
- basic_machine=powerpc64le-unknown
- ;;
- ppc64le-* | powerpc64little-*)
- basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ power)
+ cpu=power
+ vendor=ibm
;;
ps2)
- basic_machine=i386-ibm
- ;;
- pw32)
- basic_machine=i586-unknown
- os=-pw32
- ;;
- rdos | rdos64)
- basic_machine=x86_64-pc
- os=-rdos
- ;;
- rdos32)
- basic_machine=i386-pc
- os=-rdos
- ;;
- rom68k)
- basic_machine=m68k-rom68k
- os=-coff
+ cpu=i386
+ vendor=ibm
;;
rm[46]00)
- basic_machine=mips-siemens
+ cpu=mips
+ vendor=siemens
;;
rtpc | rtpc-*)
- basic_machine=romp-ibm
- ;;
- s390 | s390-*)
- basic_machine=s390-ibm
- ;;
- s390x | s390x-*)
- basic_machine=s390x-ibm
- ;;
- sa29200)
- basic_machine=a29k-amd
- os=-udi
- ;;
- sb1)
- basic_machine=mipsisa64sb1-unknown
- ;;
- sb1el)
- basic_machine=mipsisa64sb1el-unknown
+ cpu=romp
+ vendor=ibm
;;
sde)
- basic_machine=mipsisa32-sde
- os=-elf
+ cpu=mipsisa32
+ vendor=sde
+ os=${os:-elf}
;;
- sei)
- basic_machine=mips-sei
- os=-seiux
+ simso-wrs)
+ cpu=sparclite
+ vendor=wrs
+ os=vxworks
;;
- sequent)
- basic_machine=i386-sequent
+ tower | tower-32)
+ cpu=m68k
+ vendor=ncr
;;
- sh)
- basic_machine=sh-hitachi
- os=-hms
+ vpp*|vx|vx-*)
+ cpu=f301
+ vendor=fujitsu
;;
- sh5el)
- basic_machine=sh5le-unknown
+ w65)
+ cpu=w65
+ vendor=wdc
;;
- sh64)
- basic_machine=sh64-unknown
+ w89k-*)
+ cpu=hppa1.1
+ vendor=winbond
+ os=proelf
;;
- sparclite-wrs | simso-wrs)
- basic_machine=sparclite-wrs
- os=-vxworks
+ none)
+ cpu=none
+ vendor=none
;;
- sps7)
- basic_machine=m68k-bull
- os=-sysv2
+ leon|leon[3-9])
+ cpu=sparc
+ vendor=$basic_machine
;;
- spur)
- basic_machine=spur-unknown
+ leon-*|leon[3-9]-*)
+ cpu=sparc
+ vendor=`echo "$basic_machine" | sed 's/-.*//'`
;;
- st2000)
- basic_machine=m68k-tandem
+
+ *-*)
+ IFS="-" read -r cpu vendor <<EOF
+$basic_machine
+EOF
;;
- stratus)
- basic_machine=i860-stratus
- os=-sysv4
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ cpu=$basic_machine
+ vendor=pc
;;
- strongarm-* | thumb-*)
- basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+ # These rules are duplicated from below for sake of the special case above;
+ # i.e. things that normalized to x86 arches should also default to "pc"
+ pc98)
+ cpu=i386
+ vendor=pc
;;
- sun2)
- basic_machine=m68000-sun
+ x64 | amd64)
+ cpu=x86_64
+ vendor=pc
;;
- sun2os3)
- basic_machine=m68000-sun
- os=-sunos3
+ # Recognize the basic CPU types without company name.
+ *)
+ cpu=$basic_machine
+ vendor=unknown
;;
- sun2os4)
- basic_machine=m68000-sun
- os=-sunos4
+esac
+
+unset -v basic_machine
+
+# Decode basic machines in the full and proper CPU-Company form.
+case $cpu-$vendor in
+ # Here we handle the default manufacturer of certain CPU types in canonical form. It is in
+ # some cases the only manufacturer, in others, it is the most popular.
+ craynv-unknown)
+ vendor=cray
+ os=${os:-unicosmp}
;;
- sun3os3)
- basic_machine=m68k-sun
- os=-sunos3
+ c90-unknown | c90-cray)
+ vendor=cray
+ os=${os:-unicos}
;;
- sun3os4)
- basic_machine=m68k-sun
- os=-sunos4
+ fx80-unknown)
+ vendor=alliant
;;
- sun4os3)
- basic_machine=sparc-sun
- os=-sunos3
+ romp-unknown)
+ vendor=ibm
;;
- sun4os4)
- basic_machine=sparc-sun
- os=-sunos4
+ mmix-unknown)
+ vendor=knuth
;;
- sun4sol2)
- basic_machine=sparc-sun
- os=-solaris2
+ microblaze-unknown | microblazeel-unknown)
+ vendor=xilinx
;;
- sun3 | sun3-*)
- basic_machine=m68k-sun
+ rs6000-unknown)
+ vendor=ibm
;;
- sun4)
- basic_machine=sparc-sun
+ vax-unknown)
+ vendor=dec
;;
- sun386 | sun386i | roadrunner)
- basic_machine=i386-sun
+ pdp11-unknown)
+ vendor=dec
;;
- sv1)
- basic_machine=sv1-cray
- os=-unicos
+ we32k-unknown)
+ vendor=att
;;
- symmetry)
- basic_machine=i386-sequent
- os=-dynix
+ cydra-unknown)
+ vendor=cydrome
;;
- t3e)
- basic_machine=alphaev5-cray
- os=-unicos
+ i370-ibm*)
+ vendor=ibm
;;
- t90)
- basic_machine=t90-cray
- os=-unicos
+ orion-unknown)
+ vendor=highlevel
;;
- tile*)
- basic_machine=$basic_machine-unknown
- os=-linux-gnu
+ xps-unknown | xps100-unknown)
+ cpu=xps100
+ vendor=honeywell
;;
- tx39)
- basic_machine=mipstx39-unknown
+
+ # Here we normalize CPU types with a missing or matching vendor
+ dpx20-unknown | dpx20-bull)
+ cpu=rs6000
+ vendor=bull
+ os=${os:-bosx}
;;
- tx39el)
- basic_machine=mipstx39el-unknown
+
+ # Here we normalize CPU types irrespective of the vendor
+ amd64-*)
+ cpu=x86_64
;;
- toad1)
- basic_machine=pdp10-xkl
- os=-tops20
+ blackfin-*)
+ cpu=bfin
+ os=linux
;;
- tower | tower-32)
- basic_machine=m68k-ncr
+ c54x-*)
+ cpu=tic54x
;;
- tpf)
- basic_machine=s390x-ibm
- os=-tpf
+ c55x-*)
+ cpu=tic55x
;;
- udi29k)
- basic_machine=a29k-amd
- os=-udi
+ c6x-*)
+ cpu=tic6x
;;
- ultra3)
- basic_machine=a29k-nyu
- os=-sym1
+ e500v[12]-*)
+ cpu=powerpc
+ os=$os"spe"
;;
- v810 | necv810)
- basic_machine=v810-nec
- os=-none
+ mips3*-*)
+ cpu=mips64
;;
- vaxv)
- basic_machine=vax-dec
- os=-sysv
+ ms1-*)
+ cpu=mt
;;
- vms)
- basic_machine=vax-dec
- os=-vms
+ m68knommu-*)
+ cpu=m68k
+ os=linux
;;
- vpp*|vx|vx-*)
- basic_machine=f301-fujitsu
+ m9s12z-* | m68hcs12z-* | hcs12z-* | s12z-*)
+ cpu=s12z
;;
- vxworks960)
- basic_machine=i960-wrs
- os=-vxworks
+ openrisc-*)
+ cpu=or32
;;
- vxworks68)
- basic_machine=m68k-wrs
- os=-vxworks
+ parisc-*)
+ cpu=hppa
+ os=linux
;;
- vxworks29k)
- basic_machine=a29k-wrs
- os=-vxworks
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ cpu=i586
;;
- wasm32)
- basic_machine=wasm32-unknown
+ pentiumpro-* | p6-* | 6x86-* | athlon-* | athalon_*-*)
+ cpu=i686
;;
- w65*)
- basic_machine=w65-wdc
- os=-none
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ cpu=i686
;;
- w89k-*)
- basic_machine=hppa1.1-winbond
- os=-proelf
+ pentium4-*)
+ cpu=i786
;;
- x64)
- basic_machine=x86_64-pc
+ pc98-*)
+ cpu=i386
;;
- xbox)
- basic_machine=i686-pc
- os=-mingw32
+ ppc-* | ppcbe-*)
+ cpu=powerpc
;;
- xps | xps100)
- basic_machine=xps100-honeywell
+ ppcle-* | powerpclittle-*)
+ cpu=powerpcle
;;
- xscale-* | xscalee[bl]-*)
- basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+ ppc64-*)
+ cpu=powerpc64
;;
- ymp)
- basic_machine=ymp-cray
- os=-unicos
+ ppc64le-* | powerpc64little-*)
+ cpu=powerpc64le
;;
- z8k-*-coff)
- basic_machine=z8k-unknown
- os=-sim
+ sb1-*)
+ cpu=mipsisa64sb1
;;
- z80-*-coff)
- basic_machine=z80-unknown
- os=-sim
+ sb1el-*)
+ cpu=mipsisa64sb1el
;;
- none)
- basic_machine=none-none
- os=-none
+ sh5e[lb]-*)
+ cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'`
;;
-
-# Here we handle the default manufacturer of certain CPU types. It is in
-# some cases the only manufacturer, in others, it is the most popular.
- w89k)
- basic_machine=hppa1.1-winbond
+ spur-*)
+ cpu=spur
;;
- op50n)
- basic_machine=hppa1.1-oki
+ strongarm-* | thumb-*)
+ cpu=arm
;;
- op60c)
- basic_machine=hppa1.1-oki
+ tx39-*)
+ cpu=mipstx39
;;
- romp)
- basic_machine=romp-ibm
+ tx39el-*)
+ cpu=mipstx39el
;;
- mmix)
- basic_machine=mmix-knuth
+ x64-*)
+ cpu=x86_64
;;
- rs6000)
- basic_machine=rs6000-ibm
+ xscale-* | xscalee[bl]-*)
+ cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
;;
- vax)
- basic_machine=vax-dec
+
+ # Recognize the canonical CPU Types that limit and/or modify the
+ # company names they are paired with.
+ cr16-*)
+ os=${os:-elf}
;;
- pdp10)
- # there are many clones, so DEC is not a safe bet
- basic_machine=pdp10-unknown
+ crisv32-* | etraxfs*-*)
+ cpu=crisv32
+ vendor=axis
;;
- pdp11)
- basic_machine=pdp11-dec
+ cris-* | etrax*-*)
+ cpu=cris
+ vendor=axis
;;
- we32k)
- basic_machine=we32k-att
+ crx-*)
+ os=${os:-elf}
;;
- sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
- basic_machine=sh-unknown
+ neo-tandem)
+ cpu=neo
+ vendor=tandem
;;
- sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
- basic_machine=sparc-sun
+ nse-tandem)
+ cpu=nse
+ vendor=tandem
;;
- cydra)
- basic_machine=cydra-cydrome
+ nsr-tandem)
+ cpu=nsr
+ vendor=tandem
;;
- orion)
- basic_machine=orion-highlevel
+ nsv-tandem)
+ cpu=nsv
+ vendor=tandem
;;
- orion105)
- basic_machine=clipper-highlevel
+ nsx-tandem)
+ cpu=nsx
+ vendor=tandem
;;
- mac | mpw | mac-mpw)
- basic_machine=m68k-apple
+ s390-*)
+ cpu=s390
+ vendor=ibm
;;
- pmac | pmac-mpw)
- basic_machine=powerpc-apple
+ s390x-*)
+ cpu=s390x
+ vendor=ibm
;;
- *-unknown)
- # Make sure to match an already-canonicalized machine name.
+ tile*-*)
+ os=${os:-linux-gnu}
;;
+
*)
- echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
- exit 1
+ # Recognize the canonical CPU types that are allowed with any
+ # company name.
+ case $cpu in
+ 1750a | 580 \
+ | a29k \
+ | aarch64 | aarch64_be \
+ | abacus \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \
+ | alphapca5[67] | alpha64pca5[67] \
+ | am33_2.0 \
+ | arc | arceb \
+ | arm | arm[lb]e | arme[lb] | armv* \
+ | avr | avr32 \
+ | asmjs \
+ | ba \
+ | be32 | be64 \
+ | bfin | bs2000 \
+ | c[123]* | c30 | [cjt]90 | c4x \
+ | c8051 | clipper | craynv | csky | cydra \
+ | d10v | d30v | dlx | dsp16xx \
+ | e2k | elxsi | epiphany \
+ | f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \
+ | h8300 | h8500 \
+ | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | hexagon \
+ | i370 | i*86 | i860 | i960 | ia16 | ia64 \
+ | ip2k | iq2000 \
+ | k1om \
+ | le32 | le64 \
+ | lm32 \
+ | m32c | m32r | m32rle \
+ | m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k | v70 | w65 \
+ | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip \
+ | m88110 | m88k | maxq | mb | mcore | mep | metag \
+ | microblaze | microblazeel \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64octeon | mips64octeonel \
+ | mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa32r6 | mipsisa32r6el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64r6 | mipsisa64r6el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipsr5900 | mipsr5900el \
+ | mipstx39 | mipstx39el \
+ | mmix \
+ | mn10200 | mn10300 \
+ | moxie \
+ | mt \
+ | msp430 \
+ | nds32 | nds32le | nds32be \
+ | nfp \
+ | nios | nios2 | nios2eb | nios2el \
+ | none | np1 | ns16k | ns32k \
+ | open8 \
+ | or1k* \
+ | or32 \
+ | orion \
+ | pdp10 | pdp11 | pj | pjl | pn | power \
+ | powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \
+ | pru \
+ | pyramid \
+ | riscv | riscv32 | riscv64 \
+ | rl78 | romp | rs6000 | rx \
+ | score \
+ | sh | sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \
+ | sh[1234]e[lb] | sh[12345][lb]e | sh[23]ele | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \
+ | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \
+ | spu \
+ | tahoe \
+ | tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \
+ | tron \
+ | ubicom32 \
+ | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \
+ | vax \
+ | visium \
+ | wasm32 \
+ | we32k \
+ | x86 | x86_64 | xc16x | xgate | xps100 \
+ | xstormy16 | xtensa* \
+ | ymp \
+ | z8k | z80)
+ ;;
+
+ *)
+ echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2
+ exit 1
+ ;;
+ esac
;;
esac
# Here we canonicalize certain aliases for manufacturers.
-case $basic_machine in
- *-digital*)
- basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+case $vendor in
+ digital*)
+ vendor=dec
;;
- *-commodore*)
- basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ commodore*)
+ vendor=cbm
;;
*)
;;
# Decode manufacturer-specific aliases for certain operating systems.
-if [ x"$os" != x"" ]
+if [ x$os != x ]
then
case $os in
# First match some system type aliases that might get confused
# with valid system types.
- # -solaris* is a basic system type, with this one exception.
- -auroraux)
- os=-auroraux
+ # solaris* is a basic system type, with this one exception.
+ auroraux)
+ os=auroraux
;;
- -solaris1 | -solaris1.*)
- os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ bluegene*)
+ os=cnk
;;
- -solaris)
- os=-solaris2
+ solaris1 | solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
;;
- -svr4*)
- os=-sysv4
+ solaris)
+ os=solaris2
;;
- -unixware*)
- os=-sysv4.2uw
+ unixware*)
+ os=sysv4.2uw
;;
- -gnu/linux*)
+ gnu/linux*)
os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
;;
+ # es1800 is here to avoid being matched by es* (a different OS)
+ es1800*)
+ os=ose
+ ;;
+ # Some version numbers need modification
+ chorusos*)
+ os=chorusos
+ ;;
+ isc)
+ os=isc2.2
+ ;;
+ sco6)
+ os=sco5v6
+ ;;
+ sco5)
+ os=sco3.2v5
+ ;;
+ sco4)
+ os=sco3.2v4
+ ;;
+ sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ ;;
+ sco3.2v[4-9]* | sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ ;;
+ scout)
+ # Don't match below
+ ;;
+ sco*)
+ os=sco3.2v2
+ ;;
+ psos*)
+ os=psos
+ ;;
# Now accept the basic system types.
# The portable systems comes first.
# Each alternative MUST end in a * to match a version number.
- # -sysv* is not here because it comes later, after sysvr4.
- -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
- | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
- | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
- | -sym* | -kopensolaris* | -plan9* \
- | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* | -aros* | -cloudabi* | -sortix* \
- | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
- | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
- | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
- | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
- | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
- | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
- | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
- | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
- | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \
- | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
- | -linux-newlib* | -linux-musl* | -linux-uclibc* \
- | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
- | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
- | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
- | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
- | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
- | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
- | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
- | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
- | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox*)
+ # sysv* is not here because it comes later, after sysvr4.
+ gnu* | bsd* | mach* | minix* | genix* | ultrix* | irix* \
+ | *vms* | esix* | aix* | cnk* | sunos | sunos[34]*\
+ | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \
+ | sym* | kopensolaris* | plan9* \
+ | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \
+ | aos* | aros* | cloudabi* | sortix* \
+ | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \
+ | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \
+ | knetbsd* | mirbsd* | netbsd* \
+ | bitrig* | openbsd* | solidbsd* | libertybsd* \
+ | ekkobsd* | kfreebsd* | freebsd* | riscix* | lynxos* \
+ | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \
+ | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \
+ | udi* | eabi* | lites* | ieee* | go32* | aux* | hcos* \
+ | chorusrdb* | cegcc* | glidix* \
+ | cygwin* | msys* | pe* | moss* | proelf* | rtems* \
+ | midipix* | mingw32* | mingw64* | linux-gnu* | linux-android* \
+ | linux-newlib* | linux-musl* | linux-uclibc* \
+ | uxpv* | beos* | mpeix* | udk* | moxiebox* \
+ | interix* | uwin* | mks* | rhapsody* | darwin* \
+ | openstep* | oskit* | conix* | pw32* | nonstopux* \
+ | storm-chaos* | tops10* | tenex* | tops20* | its* \
+ | os2* | vos* | palmos* | uclinux* | nucleus* \
+ | morphos* | superux* | rtmk* | windiss* \
+ | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \
+ | skyos* | haiku* | rdos* | toppers* | drops* | es* \
+ | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
+ | midnightbsd*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
- -qnx*)
- case $basic_machine in
- x86-* | i*86-*)
+ qnx*)
+ case $cpu in
+ x86 | i*86)
;;
*)
- os=-nto$os
+ os=nto-$os
;;
esac
;;
- -nto-qnx*)
+ hiux*)
+ os=hiuxwe2
;;
- -nto*)
- os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ nto-qnx*)
;;
- -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
- | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
- | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
;;
- -mac*)
- os=`echo $os | sed -e 's|mac|macos|'`
+ sim | xray | os68k* | v88r* \
+ | windows* | osx | abug | netware* | os9* \
+ | macos* | mpw* | magic* | mmixware* | mon960* | lnews*)
;;
- -linux-dietlibc)
- os=-linux-dietlibc
+ linux-dietlibc)
+ os=linux-dietlibc
;;
- -linux*)
+ linux*)
os=`echo $os | sed -e 's|linux|linux-gnu|'`
;;
- -sunos5*)
- os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ lynx*178)
+ os=lynxos178
;;
- -sunos6*)
- os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ lynx*5)
+ os=lynxos5
;;
- -opened*)
- os=-openedition
+ lynx*)
+ os=lynxos
;;
- -os400*)
- os=-os400
+ mac*)
+ os=`echo "$os" | sed -e 's|mac|macos|'`
;;
- -wince*)
- os=-wince
+ opened*)
+ os=openedition
;;
- -osfrose*)
- os=-osfrose
+ os400*)
+ os=os400
;;
- -osf*)
- os=-osf
+ sunos5*)
+ os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
;;
- -utek*)
- os=-bsd
+ sunos6*)
+ os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
;;
- -dynix*)
- os=-bsd
+ wince*)
+ os=wince
;;
- -acis*)
- os=-aos
+ utek*)
+ os=bsd
;;
- -atheos*)
- os=-atheos
+ dynix*)
+ os=bsd
;;
- -syllable*)
- os=-syllable
+ acis*)
+ os=aos
;;
- -386bsd)
- os=-bsd
+ atheos*)
+ os=atheos
;;
- -ctix* | -uts*)
- os=-sysv
+ syllable*)
+ os=syllable
;;
- -nova*)
- os=-rtmk-nova
- ;;
- -ns2)
- os=-nextstep2
+ 386bsd)
+ os=bsd
;;
- -nsk*)
- os=-nsk
+ ctix* | uts*)
+ os=sysv
;;
- # Preserve the version number of sinix5.
- -sinix5.*)
- os=`echo $os | sed -e 's|sinix|sysv|'`
+ nova*)
+ os=rtmk-nova
;;
- -sinix*)
- os=-sysv4
+ ns2)
+ os=nextstep2
;;
- -tpf*)
- os=-tpf
+ nsk*)
+ os=nsk
;;
- -triton*)
- os=-sysv3
+ # Preserve the version number of sinix5.
+ sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
;;
- -oss*)
- os=-sysv3
+ sinix*)
+ os=sysv4
;;
- -svr4)
- os=-sysv4
+ tpf*)
+ os=tpf
;;
- -svr3)
- os=-sysv3
+ triton*)
+ os=sysv3
;;
- -sysvr4)
- os=-sysv4
+ oss*)
+ os=sysv3
;;
- # This must come after -sysvr4.
- -sysv*)
+ svr4*)
+ os=sysv4
;;
- -ose*)
- os=-ose
+ svr3)
+ os=sysv3
;;
- -es1800*)
- os=-ose
+ sysvr4)
+ os=sysv4
;;
- -xenix)
- os=-xenix
+ # This must come after sysvr4.
+ sysv*)
;;
- -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
- os=-mint
+ ose*)
+ os=ose
;;
- -aros*)
- os=-aros
+ *mint | mint[0-9]* | *MiNT | MiNT[0-9]*)
+ os=mint
;;
- -zvmoe)
- os=-zvmoe
+ zvmoe)
+ os=zvmoe
;;
- -dicos*)
- os=-dicos
+ dicos*)
+ os=dicos
;;
- -pikeos*)
+ pikeos*)
# Until real need of OS specific support for
# particular features comes up, bare metal
# configurations are quite functional.
- case $basic_machine in
+ case $cpu in
arm*)
- os=-eabi
+ os=eabi
;;
*)
- os=-elf
+ os=elf
;;
esac
;;
- -nacl*)
+ nacl*)
;;
- -ios)
+ ios)
;;
- -none)
+ none)
+ ;;
+ *-eabi)
;;
*)
- # Get rid of the `-' at the beginning of $os.
- os=`echo $os | sed 's/[^-]*-//'`
- echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2
exit 1
;;
esac
# will signal an error saying that MANUFACTURER isn't an operating
# system, and we'll never get to this point.
-case $basic_machine in
+case $cpu-$vendor in
score-*)
- os=-elf
+ os=elf
;;
spu-*)
- os=-elf
+ os=elf
;;
*-acorn)
- os=-riscix1.2
+ os=riscix1.2
;;
arm*-rebel)
- os=-linux
+ os=linux
;;
arm*-semi)
- os=-aout
+ os=aout
;;
c4x-* | tic4x-*)
- os=-coff
+ os=coff
;;
c8051-*)
- os=-elf
+ os=elf
+ ;;
+ clipper-intergraph)
+ os=clix
;;
hexagon-*)
- os=-elf
+ os=elf
;;
tic54x-*)
- os=-coff
+ os=coff
;;
tic55x-*)
- os=-coff
+ os=coff
;;
tic6x-*)
- os=-coff
+ os=coff
;;
# This must come before the *-dec entry.
pdp10-*)
- os=-tops20
+ os=tops20
;;
pdp11-*)
- os=-none
+ os=none
;;
*-dec | vax-*)
- os=-ultrix4.2
+ os=ultrix4.2
;;
m68*-apollo)
- os=-domain
+ os=domain
;;
i386-sun)
- os=-sunos4.0.2
+ os=sunos4.0.2
;;
m68000-sun)
- os=-sunos3
+ os=sunos3
;;
m68*-cisco)
- os=-aout
+ os=aout
;;
mep-*)
- os=-elf
+ os=elf
;;
mips*-cisco)
- os=-elf
+ os=elf
;;
mips*-*)
- os=-elf
+ os=elf
;;
or32-*)
- os=-coff
+ os=coff
;;
*-tti) # must be before sparc entry or we get the wrong os.
- os=-sysv3
+ os=sysv3
;;
sparc-* | *-sun)
- os=-sunos4.1.1
+ os=sunos4.1.1
;;
pru-*)
- os=-elf
+ os=elf
;;
*-be)
- os=-beos
- ;;
- *-haiku)
- os=-haiku
+ os=beos
;;
*-ibm)
- os=-aix
+ os=aix
;;
*-knuth)
- os=-mmixware
+ os=mmixware
;;
*-wec)
- os=-proelf
+ os=proelf
;;
*-winbond)
- os=-proelf
+ os=proelf
;;
*-oki)
- os=-proelf
+ os=proelf
;;
*-hp)
- os=-hpux
+ os=hpux
;;
*-hitachi)
- os=-hiux
+ os=hiux
;;
i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
- os=-sysv
+ os=sysv
;;
*-cbm)
- os=-amigaos
+ os=amigaos
;;
*-dg)
- os=-dgux
+ os=dgux
;;
*-dolphin)
- os=-sysv3
+ os=sysv3
;;
m68k-ccur)
- os=-rtu
+ os=rtu
;;
m88k-omron*)
- os=-luna
+ os=luna
;;
*-next)
- os=-nextstep
+ os=nextstep
;;
*-sequent)
- os=-ptx
+ os=ptx
;;
*-crds)
- os=-unos
+ os=unos
;;
*-ns)
- os=-genix
+ os=genix
;;
i370-*)
- os=-mvs
- ;;
- *-next)
- os=-nextstep3
+ os=mvs
;;
*-gould)
- os=-sysv
+ os=sysv
;;
*-highlevel)
- os=-bsd
+ os=bsd
;;
*-encore)
- os=-bsd
+ os=bsd
;;
*-sgi)
- os=-irix
+ os=irix
;;
*-siemens)
- os=-sysv4
+ os=sysv4
;;
*-masscomp)
- os=-rtu
+ os=rtu
;;
f30[01]-fujitsu | f700-fujitsu)
- os=-uxpv
+ os=uxpv
;;
*-rom68k)
- os=-coff
+ os=coff
;;
*-*bug)
- os=-coff
+ os=coff
;;
*-apple)
- os=-macos
+ os=macos
;;
*-atari*)
- os=-mint
+ os=mint
+ ;;
+ *-wrs)
+ os=vxworks
;;
*)
- os=-none
+ os=none
;;
esac
fi
# Here we handle the case where we know the os, and the CPU type, but not the
# manufacturer. We pick the logical manufacturer.
-vendor=unknown
-case $basic_machine in
- *-unknown)
+case $vendor in
+ unknown)
case $os in
- -riscix*)
+ riscix*)
vendor=acorn
;;
- -sunos*)
+ sunos*)
vendor=sun
;;
- -cnk*|-aix*)
+ cnk*|-aix*)
vendor=ibm
;;
- -beos*)
+ beos*)
vendor=be
;;
- -hpux*)
+ hpux*)
vendor=hp
;;
- -mpeix*)
+ mpeix*)
vendor=hp
;;
- -hiux*)
+ hiux*)
vendor=hitachi
;;
- -unos*)
+ unos*)
vendor=crds
;;
- -dgux*)
+ dgux*)
vendor=dg
;;
- -luna*)
+ luna*)
vendor=omron
;;
- -genix*)
+ genix*)
vendor=ns
;;
- -mvs* | -opened*)
+ clix*)
+ vendor=intergraph
+ ;;
+ mvs* | opened*)
vendor=ibm
;;
- -os400*)
+ os400*)
vendor=ibm
;;
- -ptx*)
+ ptx*)
vendor=sequent
;;
- -tpf*)
+ tpf*)
vendor=ibm
;;
- -vxsim* | -vxworks* | -windiss*)
+ vxsim* | vxworks* | windiss*)
vendor=wrs
;;
- -aux*)
+ aux*)
vendor=apple
;;
- -hms*)
+ hms*)
vendor=hitachi
;;
- -mpw* | -macos*)
+ mpw* | macos*)
vendor=apple
;;
- -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ *mint | mint[0-9]* | *MiNT | MiNT[0-9]*)
vendor=atari
;;
- -vos*)
+ vos*)
vendor=stratus
;;
esac
- basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
;;
esac
-echo $basic_machine$os
+echo "$cpu-$vendor-$os"
exit
# Local variables:
-# eval: (add-hook 'write-file-functions 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- extern.h kdc_util.h realm_data.h replay.c reqstate.h
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hashtab.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h extern.h kdc_util.h \
+ realm_data.h replay.c reqstate.h
$(OUTPRE)kdc_authdata.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-cmocka.h \
$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h extern.h kdc_util.h \
- realm_data.h replay.c reqstate.h t_replay.c
+ $(top_srcdir)/include/k5-hashtab.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ extern.h kdc_util.h realm_data.h replay.c reqstate.h \
+ t_replay.c
$(top_srcdir)/include/socket-utils.h cc-int.h cc_file.c
cc_kcm.so cc_kcm.po $(OUTPRE)cc_kcm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kcm.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h \
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/kcm.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h cc-int.h cc_kcm.c
cc_memory.so cc_memory.po $(OUTPRE)cc_memory.$(OBJEXT): \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(COM_ERR_DEPS) $(srcdir)/../krb/int-proto.h $(top_srcdir)/include/k5-buf.h \
$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h cc-int.h cc_memory.c
+ $(top_srcdir)/include/k5-hashtab.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ cc-int.h cc_memory.c
cc_keyring.so cc_keyring.po $(OUTPRE)cc_keyring.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-/* A Bison parser, made by GNU Bison 3.0.2. */
+/* A Bison parser, made by GNU Bison 3.0.4. */
/* Bison implementation for Yacc-like parsers in C
- Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
+ Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#define YYBISON 1
/* Bison version. */
-#define YYBISON_VERSION "3.0.2"
+#define YYBISON_VERSION "3.0.4"
/* Skeleton name. */
#define YYSKELETON_NAME "yacc.c"
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE YYSTYPE;
+
union YYSTYPE
{
#line 128 "x-deltat.y" /* yacc.c:355 */
#line 203 "deltat.c" /* yacc.c:355 */
};
+
+typedef union YYSTYPE YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define YYSTYPE_IS_DECLARED 1
#endif
/* Copy the second part of user declarations. */
-#line 217 "deltat.c" /* yacc.c:358 */
+#line 219 "deltat.c" /* yacc.c:358 */
#ifdef short
# undef short
case 6:
#line 144 "x-deltat.y" /* yacc.c:1646 */
{ (yyval.val) = - (yyvsp[0].val); }
-#line 1315 "deltat.c" /* yacc.c:1646 */
+#line 1317 "deltat.c" /* yacc.c:1646 */
break;
case 9:
#line 146 "x-deltat.y" /* yacc.c:1646 */
{ (yyval.val) = (yyvsp[0].val); }
-#line 1321 "deltat.c" /* yacc.c:1646 */
+#line 1323 "deltat.c" /* yacc.c:1646 */
break;
case 10:
#line 147 "x-deltat.y" /* yacc.c:1646 */
{ YYERROR; }
-#line 1327 "deltat.c" /* yacc.c:1646 */
+#line 1329 "deltat.c" /* yacc.c:1646 */
break;
case 11:
#line 149 "x-deltat.y" /* yacc.c:1646 */
{ DO ((yyvsp[-2].val), 0, 0, (yyvsp[0].val)); }
-#line 1333 "deltat.c" /* yacc.c:1646 */
+#line 1335 "deltat.c" /* yacc.c:1646 */
break;
case 12:
#line 150 "x-deltat.y" /* yacc.c:1646 */
{ DO ( 0, (yyvsp[-2].val), 0, (yyvsp[0].val)); }
-#line 1339 "deltat.c" /* yacc.c:1646 */
+#line 1341 "deltat.c" /* yacc.c:1646 */
break;
case 13:
#line 151 "x-deltat.y" /* yacc.c:1646 */
{ DO ( 0, 0, (yyvsp[-2].val), (yyvsp[0].val)); }
-#line 1345 "deltat.c" /* yacc.c:1646 */
+#line 1347 "deltat.c" /* yacc.c:1646 */
break;
case 14:
#line 152 "x-deltat.y" /* yacc.c:1646 */
{ DO ( 0, 0, 0, (yyvsp[-1].val)); }
-#line 1351 "deltat.c" /* yacc.c:1646 */
+#line 1353 "deltat.c" /* yacc.c:1646 */
break;
case 15:
#line 153 "x-deltat.y" /* yacc.c:1646 */
{ DO ((yyvsp[-6].val), (yyvsp[-4].val), (yyvsp[-2].val), (yyvsp[0].val)); }
-#line 1357 "deltat.c" /* yacc.c:1646 */
+#line 1359 "deltat.c" /* yacc.c:1646 */
break;
case 16:
#line 154 "x-deltat.y" /* yacc.c:1646 */
{ DO ( 0, (yyvsp[-4].val), (yyvsp[-2].val), (yyvsp[0].val)); }
-#line 1363 "deltat.c" /* yacc.c:1646 */
+#line 1365 "deltat.c" /* yacc.c:1646 */
break;
case 17:
#line 155 "x-deltat.y" /* yacc.c:1646 */
{ DO ( 0, (yyvsp[-2].val), (yyvsp[0].val), 0); }
-#line 1369 "deltat.c" /* yacc.c:1646 */
+#line 1371 "deltat.c" /* yacc.c:1646 */
break;
case 18:
#line 156 "x-deltat.y" /* yacc.c:1646 */
{ DO ( 0, 0, 0, (yyvsp[0].val)); }
-#line 1375 "deltat.c" /* yacc.c:1646 */
+#line 1377 "deltat.c" /* yacc.c:1646 */
break;
case 20:
#line 162 "x-deltat.y" /* yacc.c:1646 */
{ if (HOUR_NOT_OK((yyvsp[-2].val))) YYERROR;
DO_SUM((yyval.val), (yyvsp[-2].val) * 3600, (yyvsp[0].val)); }
-#line 1382 "deltat.c" /* yacc.c:1646 */
+#line 1384 "deltat.c" /* yacc.c:1646 */
break;
case 22:
#line 166 "x-deltat.y" /* yacc.c:1646 */
{ if (MIN_NOT_OK((yyvsp[-2].val))) YYERROR;
DO_SUM((yyval.val), (yyvsp[-2].val) * 60, (yyvsp[0].val)); }
-#line 1389 "deltat.c" /* yacc.c:1646 */
+#line 1391 "deltat.c" /* yacc.c:1646 */
break;
case 23:
#line 169 "x-deltat.y" /* yacc.c:1646 */
{ (yyval.val) = 0; }
-#line 1395 "deltat.c" /* yacc.c:1646 */
+#line 1397 "deltat.c" /* yacc.c:1646 */
break;
-#line 1399 "deltat.c" /* yacc.c:1646 */
+#line 1401 "deltat.c" /* yacc.c:1646 */
default: break;
}
/* User semantic actions sometimes alter yychar, and that requires
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
fast.h get_creds.c int-proto.h
+get_etype_info.so get_etype_info.po $(OUTPRE)get_etype_info.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h fast.h get_etype_info.c \
+ init_creds_ctx.h int-proto.h
get_in_tkt.so get_in_tkt.po $(OUTPRE)get_in_tkt.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h kfree.c
+ $(top_srcdir)/include/k5-spake.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ kfree.c
libdef_parse.so libdef_parse.po $(OUTPRE)libdef_parse.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h int-proto.h preauth_encts.c
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ init_creds_ctx.h int-proto.h preauth_encts.c
preauth_otp.so preauth_otp.po $(OUTPRE)preauth_otp.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
chk_trans.c t_expand.c
+t_get_etype_info.so t_get_etype_info.po $(OUTPRE)t_get_etype_info.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-hex.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+ t_get_etype_info.c
t_pac.so t_pac.po $(OUTPRE)t_pac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/hostrealm_plugin.h \
$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- dnsglue.h hostrealm_dns.c os-proto.h
+ hostrealm_dns.c os-proto.h
hostrealm_domain.so hostrealm_domain.po $(OUTPRE)hostrealm_domain.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
.\" Man page generated from reStructuredText.
.
-.TH "K5IDENTITY" "5" " " "1.16" "MIT Kerberos"
+.TH "K5IDENTITY" "5" " " "1.17" "MIT Kerberos"
.SH NAME
k5identity \- Kerberos V5 client principal selection rules
.
recognized:
.INDENT 0.0
.TP
-.B \fBrealm\fP
+\fBrealm\fP
If the realm of the server principal is known, it is matched
against \fIvalue\fP, which may be a pattern using shell wildcards.
For host\-based server principals, the realm will generally only be
-known if there is a \fIdomain_realm\fP section in
-\fIkrb5.conf(5)\fP with a mapping for the hostname.
+known if there is a domain_realm section in
+krb5.conf(5) with a mapping for the hostname.
.TP
-.B \fBservice\fP
+\fBservice\fP
If the server principal is a host\-based principal, its service
component is matched against \fIvalue\fP, which may be a pattern using
shell wildcards.
.TP
-.B \fBhost\fP
+\fBhost\fP
If the server principal is a host\-based principal, its hostname
component is converted to lower case and matched against \fIvalue\fP,
which may be a pattern using shell wildcards.
.UNINDENT
.SH SEE ALSO
.sp
-kerberos(1), \fIkrb5.conf(5)\fP
+kerberos(1), krb5.conf(5)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "K5LOGIN" "5" " " "1.16" "MIT Kerberos"
+.TH "K5LOGIN" "5" " " "1.17" "MIT Kerberos"
.SH NAME
k5login \- Kerberos V5 acl file for host access
.
This would allow \fBbob\fP to use Kerberos network applications, such as
ssh(1), to access \fBalice\fP\(aqs account, using \fBbob\fP\(aqs Kerberos
tickets. In a default configuration (with \fBk5login_authoritative\fP set
-to true in \fIkrb5.conf(5)\fP), this .k5login file would not let
+to true in krb5.conf(5)), this .k5login file would not let
\fBalice\fP use those network applications to access her account, since
she is not listed! With no .k5login file, or with \fBk5login_authoritative\fP
set to false, a default rule would permit the principal \fBalice\fP in the
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "K5SRVUTIL" "1" " " "1.16" "MIT Kerberos"
+.TH "K5SRVUTIL" "1" " " "1.17" "MIT Kerberos"
.SH NAME
k5srvutil \- host key table (keytab) manipulation utility
.
\fIoperation\fP must be one of the following:
.INDENT 0.0
.TP
-.B \fBlist\fP
+\fBlist\fP
Lists the keys in a keytab, showing version number and principal
name.
.TP
-.B \fBchange\fP
+\fBchange\fP
Uses the kadmin protocol to update the keys in the Kerberos
database to new randomly\-generated keys, and updates the keys in
the keytab to match. If a key\(aqs version number doesn\(aqt match the
tickets continue to work, but \fBdelold\fP should be used after
such tickets expire, to prevent attacks against the old keys.
.TP
-.B \fBdelold\fP
+\fBdelold\fP
Deletes keys that are not the most recent version from the keytab.
This operation should be used some time after a change operation
to remove old keys, after existing tickets issued for the service
have expired. If the \fB\-i\fP flag is given, then k5srvutil will
prompt for confirmation for each principal.
.TP
-.B \fBdelete\fP
+\fBdelete\fP
Deletes particular keys in the keytab, interactively prompting for
each key.
.UNINDENT
In all cases, the default keytab is used unless this is overridden by
the \fB\-f\fP option.
.sp
-k5srvutil uses the \fIkadmin(1)\fP program to edit the keytab in
+k5srvutil uses the kadmin(1) program to edit the keytab in
place.
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkadmin(1)\fP, \fIktutil(1)\fP
+kadmin(1), ktutil(1), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KADM5.ACL" "5" " " "1.16" "MIT Kerberos"
+.TH "KADM5.ACL" "5" " " "1.17" "MIT Kerberos"
.SH NAME
kadm5.acl \- Kerberos ACL file
.
..
.SH DESCRIPTION
.sp
-The Kerberos \fIkadmind(8)\fP daemon uses an Access Control List
+The Kerberos kadmind(8) daemon uses an Access Control List
(ACL) file to manage access rights to the Kerberos database.
For operations that affect principals, the ACL file also controls
which principals can operate on which other principals.
.sp
The default location of the Kerberos ACL file is
\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP unless this is overridden by the \fIacl_file\fP
-variable in \fIkdc.conf(5)\fP\&.
+variable in kdc.conf(5)\&.
.SH SYNTAX
.sp
Empty lines and lines starting with the sharp sign (\fB#\fP) are
T{
p
T} T{
-[Dis]allows the propagation of the principal database (used in \fIincr_db_prop\fP)
+[Dis]allows the propagation of the principal database (used in incr_db_prop)
T}
_
T{
.B {+|\-}\fIflagname\fP
flag is forced to the indicated value. The permissible flags
are the same as those for the \fBdefault_principal_flags\fP
-variable in \fIkdc.conf(5)\fP\&.
+variable in kdc.conf(5)\&.
.TP
.B \fI\-clearpolicy\fP
policy is forced to be empty.
policy is forced to be \fIpol\fP\&.
.TP
.B \-{\fIexpire, pwexpire, maxlife, maxrenewlife\fP} \fItime\fP
-(\fIgetdate\fP string) associated value will be forced to
+(getdate string) associated value will be forced to
MIN(\fItime\fP, requested value).
.UNINDENT
.UNINDENT
.SH MODULE BEHAVIOR
.sp
The ACL file can coexist with other authorization modules in release
-1.16 and later, as configured in the \fIkadm5_auth\fP section of
-\fIkrb5.conf(5)\fP\&. The ACL file will positively authorize
+1.16 and later, as configured in the kadm5_auth section of
+krb5.conf(5)\&. The ACL file will positively authorize
operations according to the rules above, but will never
authoritatively deny an operation, so other modules can authorize
operations in addition to those authorized by the ACL file.
.sp
To operate without an ACL file, set the \fIacl_file\fP variable in
-\fIkdc.conf(5)\fP to the empty string with \fBacl_file = ""\fP\&.
+kdc.conf(5) to the empty string with \fBacl_file = ""\fP\&.
.SH SEE ALSO
.sp
-\fIkdc.conf(5)\fP, \fIkadmind(8)\fP
+kdc.conf(5), kadmind(8)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KADMIN" "1" " " "1.16" "MIT Kerberos"
+.TH "KADMIN" "1" " " "1.17" "MIT Kerberos"
.SH NAME
kadmin \- Kerberos V5 database administration program
.
kadmin and kadmin.local are command\-line interfaces to the Kerberos V5
administration system. They provide nearly identical functionalities;
the difference is that kadmin.local directly accesses the KDC
-database, while kadmin performs operations using \fIkadmind(8)\fP\&.
+database, while kadmin performs operations using kadmind(8)\&.
Except as explicitly noted otherwise, this man page will use "kadmin"
to refer to both versions. kadmin provides for the maintenance of
Kerberos principals, password policies, and service key tables
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
Use \fIrealm\fP as the default database realm.
.TP
-.B \fB\-p\fP \fIprincipal\fP
+\fB\-p\fP \fIprincipal\fP
Use \fIprincipal\fP to authenticate. Otherwise, kadmin will append
\fB/admin\fP to the primary principal name of the default ccache,
the value of the \fBUSER\fP environment variable, or the username as
obtained with getpwuid, in order of preference.
.TP
-.B \fB\-k\fP
+\fB\-k\fP
Use a keytab to decrypt the KDC response instead of prompting for
a password. In this case, the default principal will be
\fBhost/hostname\fP\&. If there is no keytab specified with the
\fB\-t\fP option, then the default keytab will be used.
.TP
-.B \fB\-t\fP \fIkeytab\fP
+\fB\-t\fP \fIkeytab\fP
Use \fIkeytab\fP to decrypt the KDC response. This can only be used
with the \fB\-k\fP option.
.TP
-.B \fB\-n\fP
+\fB\-n\fP
Requests anonymous processing. Two types of anonymous principals
are supported. For fully anonymous Kerberos, configure PKINIT on
the KDC and configure \fBpkinit_anchors\fP in the client\(aqs
-\fIkrb5.conf(5)\fP\&. Then use the \fB\-n\fP option with a principal
+krb5.conf(5)\&. Then use the \fB\-n\fP option with a principal
of the form \fB@REALM\fP (an empty principal name followed by the
at\-sign and a realm name). If permitted by the KDC, an anonymous
ticket will be returned. A second form of anonymous tickets is
principal. As of release 1.8, the MIT Kerberos KDC only supports
fully anonymous operation.
.TP
-.B \fB\-c\fP \fIcredentials_cache\fP
+\fB\-c\fP \fIcredentials_cache\fP
Use \fIcredentials_cache\fP as the credentials cache. The
cache should contain a service ticket for the \fBkadmin/ADMINHOST\fP
(where \fIADMINHOST\fP is the fully\-qualified hostname of the admin
server) or \fBkadmin/admin\fP service; it can be acquired with the
-\fIkinit(1)\fP program. If this option is not specified, kadmin
+kinit(1) program. If this option is not specified, kadmin
requests a new service ticket from the KDC, and stores it in its
own temporary ccache.
.TP
-.B \fB\-w\fP \fIpassword\fP
+\fB\-w\fP \fIpassword\fP
Use \fIpassword\fP instead of prompting for one. Use this option with
care, as it may expose the password to other users on the system
via the process list.
.TP
-.B \fB\-q\fP \fIquery\fP
+\fB\-q\fP \fIquery\fP
Perform the specified query and then exit.
.TP
-.B \fB\-d\fP \fIdbname\fP
+\fB\-d\fP \fIdbname\fP
Specifies the name of the KDC database. This option does not
apply to the LDAP database module.
.TP
-.B \fB\-s\fP \fIadmin_server\fP[:\fIport\fP]
+\fB\-s\fP \fIadmin_server\fP[:\fIport\fP]
Specifies the admin server which kadmin should contact.
.TP
-.B \fB\-m\fP
+\fB\-m\fP
If using kadmin.local, prompt for the database master password
instead of reading it from a stash file.
.TP
-.B \fB\-e\fP "\fIenc\fP:\fIsalt\fP ..."
+\fB\-e\fP "\fIenc\fP:\fIsalt\fP ..."
Sets the keysalt list to be used for any new keys created. See
-\fIKeysalt_lists\fP in \fIkdc.conf(5)\fP for a list of possible
+Keysalt_lists in kdc.conf(5) for a list of possible
values.
.TP
-.B \fB\-O\fP
+\fB\-O\fP
Force use of old AUTH_GSSAPI authentication flavor.
.TP
-.B \fB\-N\fP
+\fB\-N\fP
Prevent fallback to AUTH_GSSAPI authentication flavor.
.TP
-.B \fB\-x\fP \fIdb_args\fP
+\fB\-x\fP \fIdb_args\fP
Specifies the database specific arguments. See the next section
for supported options.
.UNINDENT
.INDENT 3.5
.INDENT 0.0
.TP
-.B \fB\-x dbname=\fP*filename*
+\fB\-x dbname=\fP*filename*
Specifies the base filename of the DB2 database.
.TP
-.B \fB\-x lockiter\fP
+\fB\-x lockiter\fP
Make iteration operations hold the lock for the duration of
the entire operation, rather than temporarily releasing the
lock while handling each principal. This is the default
override of a [dbmodules] setting. First introduced in
release 1.13.
.TP
-.B \fB\-x unlockiter\fP
+\fB\-x unlockiter\fP
Make iteration operations unlock the database for each
principal, instead of holding the lock for the duration of the
entire operation. First introduced in release 1.13.
.INDENT 3.5
.INDENT 0.0
.TP
-.B \fB\-x host=\fP\fIldapuri\fP
+\fB\-x host=\fP\fIldapuri\fP
Specifies the LDAP server to connect to by a LDAP URI.
.TP
-.B \fB\-x binddn=\fP\fIbind_dn\fP
+\fB\-x binddn=\fP\fIbind_dn\fP
Specifies the DN used to bind to the LDAP server.
.TP
-.B \fB\-x bindpwd=\fP\fIpassword\fP
+\fB\-x bindpwd=\fP\fIpassword\fP
Specifies the password or SASL secret used to bind to the LDAP
server. Using this option may expose the password to other
users on the system via the process list; to avoid this,
instead stash the password using the \fBstashsrvpw\fP command of
-\fIkdb5_ldap_util(8)\fP\&.
+kdb5_ldap_util(8)\&.
.TP
-.B \fB\-x sasl_mech=\fP\fImechanism\fP
+\fB\-x sasl_mech=\fP\fImechanism\fP
Specifies the SASL mechanism used to bind to the LDAP server.
The bind DN is ignored if a SASL mechanism is used. New in
release 1.13.
.TP
-.B \fB\-x sasl_authcid=\fP\fIname\fP
+\fB\-x sasl_authcid=\fP\fIname\fP
Specifies the authentication name used when binding to the
LDAP server with a SASL mechanism, if the mechanism requires
one. New in release 1.13.
.TP
-.B \fB\-x sasl_authzid=\fP\fIname\fP
+\fB\-x sasl_authzid=\fP\fIname\fP
Specifies the authorization name used when binding to the LDAP
server with a SASL mechanism. New in release 1.13.
.TP
-.B \fB\-x sasl_realm=\fP\fIrealm\fP
+\fB\-x sasl_realm=\fP\fIrealm\fP
Specifies the realm used when binding to the LDAP server with
a SASL mechanism, if the mechanism uses one. New in release
1.13.
.TP
-.B \fB\-x debug=\fP\fIlevel\fP
+\fB\-x debug=\fP\fIlevel\fP
sets the OpenLDAP client library debug level. \fIlevel\fP is an
integer to be interpreted by the library. Debugging messages
are printed to standard error. New in release 1.12.
.SH COMMANDS
.sp
When using the remote client, available commands may be restricted
-according to the privileges specified in the \fIkadm5.acl(5)\fP file
+according to the privileges specified in the kadm5.acl(5) file
on the admin server.
.SS add_principal
.INDENT 0.0
Options:
.INDENT 0.0
.TP
-.B \fB\-expire\fP \fIexpdate\fP
-(\fIgetdate\fP string) The expiration date of the principal.
+\fB\-expire\fP \fIexpdate\fP
+(getdate string) The expiration date of the principal.
.TP
-.B \fB\-pwexpire\fP \fIpwexpdate\fP
-(\fIgetdate\fP string) The password expiration date.
+\fB\-pwexpire\fP \fIpwexpdate\fP
+(getdate string) The password expiration date.
.TP
-.B \fB\-maxlife\fP \fImaxlife\fP
-(\fIduration\fP or \fIgetdate\fP string) The maximum ticket life
+\fB\-maxlife\fP \fImaxlife\fP
+(duration or getdate string) The maximum ticket life
for the principal.
.TP
-.B \fB\-maxrenewlife\fP \fImaxrenewlife\fP
-(\fIduration\fP or \fIgetdate\fP string) The maximum renewable
+\fB\-maxrenewlife\fP \fImaxrenewlife\fP
+(duration or getdate string) The maximum renewable
life of tickets for the principal.
.TP
-.B \fB\-kvno\fP \fIkvno\fP
+\fB\-kvno\fP \fIkvno\fP
The initial key version number.
.TP
-.B \fB\-policy\fP \fIpolicy\fP
+\fB\-policy\fP \fIpolicy\fP
The password policy used by this principal. If not specified, the
policy \fBdefault\fP is used if it exists (unless \fB\-clearpolicy\fP
is specified).
.TP
-.B \fB\-clearpolicy\fP
+\fB\-clearpolicy\fP
Prevents any policy from being assigned when \fB\-policy\fP is not
specified.
.TP
-.B {\-|+}\fBallow_postdated\fP
+{\-|+}\fBallow_postdated\fP
\fB\-allow_postdated\fP prohibits this principal from obtaining
postdated tickets. \fB+allow_postdated\fP clears this flag.
.TP
-.B {\-|+}\fBallow_forwardable\fP
+{\-|+}\fBallow_forwardable\fP
\fB\-allow_forwardable\fP prohibits this principal from obtaining
forwardable tickets. \fB+allow_forwardable\fP clears this flag.
.TP
-.B {\-|+}\fBallow_renewable\fP
+{\-|+}\fBallow_renewable\fP
\fB\-allow_renewable\fP prohibits this principal from obtaining
renewable tickets. \fB+allow_renewable\fP clears this flag.
.TP
-.B {\-|+}\fBallow_proxiable\fP
+{\-|+}\fBallow_proxiable\fP
\fB\-allow_proxiable\fP prohibits this principal from obtaining
proxiable tickets. \fB+allow_proxiable\fP clears this flag.
.TP
-.B {\-|+}\fBallow_dup_skey\fP
+{\-|+}\fBallow_dup_skey\fP
\fB\-allow_dup_skey\fP disables user\-to\-user authentication for this
-principal by prohibiting this principal from obtaining a session
-key for another user. \fB+allow_dup_skey\fP clears this flag.
+principal by prohibiting others from obtaining a service ticket
+encrypted in this principal\(aqs TGT session key.
+\fB+allow_dup_skey\fP clears this flag.
.TP
-.B {\-|+}\fBrequires_preauth\fP
+{\-|+}\fBrequires_preauth\fP
\fB+requires_preauth\fP requires this principal to preauthenticate
before being allowed to kinit. \fB\-requires_preauth\fP clears this
flag. When \fB+requires_preauth\fP is set on a service principal,
if the client\(aqs initial authentication was performed using
preauthentication.
.TP
-.B {\-|+}\fBrequires_hwauth\fP
+{\-|+}\fBrequires_hwauth\fP
\fB+requires_hwauth\fP requires this principal to preauthenticate
using a hardware device before being allowed to kinit.
\fB\-requires_hwauth\fP clears this flag. When \fB+requires_hwauth\fP is
for that service principal if the client\(aqs initial authentication was
performed using a hardware device to preauthenticate.
.TP
-.B {\-|+}\fBok_as_delegate\fP
+{\-|+}\fBok_as_delegate\fP
\fB+ok_as_delegate\fP sets the \fBokay as delegate\fP flag on tickets
issued with this principal as the service. Clients may use this
flag as a hint that credentials should be delegated when
authenticating to the service. \fB\-ok_as_delegate\fP clears this
flag.
.TP
-.B {\-|+}\fBallow_svr\fP
+{\-|+}\fBallow_svr\fP
\fB\-allow_svr\fP prohibits the issuance of service tickets for this
-principal. \fB+allow_svr\fP clears this flag.
+principal. In release 1.17 and later, user\-to\-user service
+tickets are still allowed unless the \fB\-allow_dup_skey\fP flag is
+also set. \fB+allow_svr\fP clears this flag.
.TP
-.B {\-|+}\fBallow_tgs_req\fP
+{\-|+}\fBallow_tgs_req\fP
\fB\-allow_tgs_req\fP specifies that a Ticket\-Granting Service (TGS)
request for a service ticket for this principal is not permitted.
\fB+allow_tgs_req\fP clears this flag.
.TP
-.B {\-|+}\fBallow_tix\fP
+{\-|+}\fBallow_tix\fP
\fB\-allow_tix\fP forbids the issuance of any tickets for this
principal. \fB+allow_tix\fP clears this flag.
.TP
-.B {\-|+}\fBneedchange\fP
+{\-|+}\fBneedchange\fP
\fB+needchange\fP forces a password change on the next initial
authentication to this principal. \fB\-needchange\fP clears this
flag.
.TP
-.B {\-|+}\fBpassword_changing_service\fP
+{\-|+}\fBpassword_changing_service\fP
\fB+password_changing_service\fP marks this principal as a password
change service principal.
.TP
-.B {\-|+}\fBok_to_auth_as_delegate\fP
+{\-|+}\fBok_to_auth_as_delegate\fP
\fB+ok_to_auth_as_delegate\fP allows this principal to acquire
forwardable tickets to itself from arbitrary users, for use with
constrained delegation.
.TP
-.B {\-|+}\fBno_auth_data_required\fP
+{\-|+}\fBno_auth_data_required\fP
\fB+no_auth_data_required\fP prevents PAC or AD\-SIGNEDPATH data from
being added to service tickets for the principal.
.TP
-.B {\-|+}\fBlockdown_keys\fP
+{\-|+}\fBlockdown_keys\fP
\fB+lockdown_keys\fP prevents keys for this principal from leaving
the KDC via kadmind. The chpass and extract operations are denied
for a principal with this attribute. The chrand operation is
This attribute can be set via the network protocol, but can only
be removed using kadmin.local.
.TP
-.B \fB\-randkey\fP
+\fB\-randkey\fP
Sets the key of the principal to a random value.
.TP
-.B \fB\-nokey\fP
+\fB\-nokey\fP
Causes the principal to be created with no key. New in release
1.12.
.TP
-.B \fB\-pw\fP \fIpassword\fP
+\fB\-pw\fP \fIpassword\fP
Sets the password of the principal to the specified string and
does not prompt for a password. Note: using this option in a
shell script may expose the password to other users on the system
via the process list.
.TP
-.B \fB\-e\fP \fIenc\fP:\fIsalt\fP,...
+\fB\-e\fP \fIenc\fP:\fIsalt\fP,...
Uses the specified keysalt list for setting the keys of the
-principal. See \fIKeysalt_lists\fP in \fIkdc.conf(5)\fP for a
+principal. See Keysalt_lists in kdc.conf(5) for a
list of possible values.
.TP
-.B \fB\-x\fP \fIdb_princ_args\fP
+\fB\-x\fP \fIdb_princ_args\fP
Indicates database\-specific options. The options for the LDAP
database module are:
.INDENT 7.0
.TP
-.B \fB\-x dn=\fP\fIdn\fP
+\fB\-x dn=\fP\fIdn\fP
Specifies the LDAP object that will contain the Kerberos
principal being created.
.TP
-.B \fB\-x linkdn=\fP\fIdn\fP
+\fB\-x linkdn=\fP\fIdn\fP
Specifies the LDAP object to which the newly created Kerberos
principal object will point.
.TP
-.B \fB\-x containerdn=\fP\fIcontainer_dn\fP
+\fB\-x containerdn=\fP\fIcontainer_dn\fP
Specifies the container object under which the Kerberos
principal is to be created.
.TP
-.B \fB\-x tktpolicy=\fP\fIpolicy\fP
+\fB\-x tktpolicy=\fP\fIpolicy\fP
Associates a ticket policy to the Kerberos principal.
.UNINDENT
.sp
Options (in addition to the \fBaddprinc\fP options):
.INDENT 0.0
.TP
-.B \fB\-unlock\fP
+\fB\-unlock\fP
Unlocks a locked principal (one which has received too many failed
authentication attempts without enough time between them according
to its password policy) so that it can successfully authenticate.
The following options are available:
.INDENT 0.0
.TP
-.B \fB\-randkey\fP
+\fB\-randkey\fP
Sets the key of the principal to a random value.
.TP
-.B \fB\-pw\fP \fIpassword\fP
+\fB\-pw\fP \fIpassword\fP
Set the password to the specified string. Using this option in a
script may expose the password to other users on the system via
the process list.
.TP
-.B \fB\-e\fP \fIenc\fP:\fIsalt\fP,...
+\fB\-e\fP \fIenc\fP:\fIsalt\fP,...
Uses the specified keysalt list for setting the keys of the
-principal. See \fIKeysalt_lists\fP in \fIkdc.conf(5)\fP for a
+principal. See Keysalt_lists in kdc.conf(5) for a
list of possible values.
.TP
-.B \fB\-keepold\fP
+\fB\-keepold\fP
Keeps the existing keys in the database. This flag is usually not
necessary except perhaps for \fBkrbtgt\fP principals.
.UNINDENT
KDC:
.INDENT 0.0
.TP
-.B \fBrequire_auth\fP
+\fBrequire_auth\fP
Specifies an authentication indicator which is required to
authenticate to the principal as a service. Multiple indicators
can be specified, separated by spaces; in this case any of the
specified indicators will be accepted. (New in release 1.14.)
.TP
-.B \fBsession_enctypes\fP
+\fBsession_enctypes\fP
Specifies the encryption types supported for session keys when the
principal is authenticated to as a server. See
-\fIEncryption_types\fP in \fIkdc.conf(5)\fP for a list of the
+Encryption_types in kdc.conf(5) for a list of the
accepted values.
.TP
-.B \fBotp\fP
+\fBotp\fP
Enables One Time Passwords (OTP) preauthentication for a client
\fIprincipal\fP\&. The \fIvalue\fP is a JSON string representing an array
of objects, each having optional \fBtype\fP and \fBusername\fP fields.
.TP
-.B \fBpkinit_cert_match\fP
+\fBpkinit_cert_match\fP
Specifies a matching expression that defines the certificate
attributes required for the client certificate used by the
principal during PKINIT authentication. The matching expression
is in the same format as those used by the \fBpkinit_cert_match\fP
-option in \fIkrb5.conf(5)\fP\&. (New in release 1.16.)
+option in krb5.conf(5)\&. (New in release 1.16.)
.UNINDENT
.sp
This command requires the \fBmodify\fP privilege.
The following options are available:
.INDENT 0.0
.TP
-.B \fB\-maxlife\fP \fItime\fP
-(\fIduration\fP or \fIgetdate\fP string) Sets the maximum
+\fB\-maxlife\fP \fItime\fP
+(duration or getdate string) Sets the maximum
lifetime of a password.
.TP
-.B \fB\-minlife\fP \fItime\fP
-(\fIduration\fP or \fIgetdate\fP string) Sets the minimum
+\fB\-minlife\fP \fItime\fP
+(duration or getdate string) Sets the minimum
lifetime of a password.
.TP
-.B \fB\-minlength\fP \fIlength\fP
+\fB\-minlength\fP \fIlength\fP
Sets the minimum length of a password.
.TP
-.B \fB\-minclasses\fP \fInumber\fP
+\fB\-minclasses\fP \fInumber\fP
Sets the minimum number of character classes required in a
password. The five character classes are lower case, upper case,
numbers, punctuation, and whitespace/unprintable characters.
.TP
-.B \fB\-history\fP \fInumber\fP
+\fB\-history\fP \fInumber\fP
Sets the number of past keys kept for a principal. This option is
not supported with the LDAP KDC database module.
.UNINDENT
.INDENT 0.0
.TP
-.B \fB\-maxfailure\fP \fImaxnumber\fP
+\fB\-maxfailure\fP \fImaxnumber\fP
Sets the number of authentication failures before the principal is
locked. Authentication failures are only tracked for principals
which require preauthentication. The counter of failed attempts
.UNINDENT
.INDENT 0.0
.TP
-.B \fB\-failurecountinterval\fP \fIfailuretime\fP
-(\fIduration\fP or \fIgetdate\fP string) Sets the allowable time
+\fB\-failurecountinterval\fP \fIfailuretime\fP
+(duration or getdate string) Sets the allowable time
between authentication failures. If an authentication failure
happens after \fIfailuretime\fP has elapsed since the previous
failure, the number of authentication failures is reset to 1. A
.UNINDENT
.INDENT 0.0
.TP
-.B \fB\-lockoutduration\fP \fIlockouttime\fP
-(\fIduration\fP or \fIgetdate\fP string) Sets the duration for
+\fB\-lockoutduration\fP \fIlockouttime\fP
+(duration or getdate string) Sets the duration for
which the principal is locked from authenticating if too many
authentication failures occur without the specified failure count
interval elapsing. A duration of 0 (the default) means the
principal remains locked out until it is administratively unlocked
with \fBmodprinc \-unlock\fP\&.
.TP
-.B \fB\-allowedkeysalts\fP
+\fB\-allowedkeysalts\fP
Specifies the key/salt tuples supported for long\-term keys when
setting or changing a principal\(aqs password/keys. See
-\fIKeysalt_lists\fP in \fIkdc.conf(5)\fP for a list of the
+Keysalt_lists in kdc.conf(5) for a list of the
accepted values, but note that key/salt tuples must be separated
with commas (\(aq,\(aq) only. To clear the allowed key/salt policy use
a value of \(aq\-\(aq.
The options are:
.INDENT 0.0
.TP
-.B \fB\-k[eytab]\fP \fIkeytab\fP
+\fB\-k[eytab]\fP \fIkeytab\fP
Use \fIkeytab\fP as the keytab file. Otherwise, the default keytab is
used.
.TP
-.B \fB\-e\fP \fIenc\fP:\fIsalt\fP,...
+\fB\-e\fP \fIenc\fP:\fIsalt\fP,...
Uses the specified keysalt list for setting the new keys of the
-principal. See \fIKeysalt_lists\fP in \fIkdc.conf(5)\fP for a
+principal. See Keysalt_lists in kdc.conf(5) for a
list of possible values.
.TP
-.B \fB\-q\fP
+\fB\-q\fP
Display less verbose information.
.TP
-.B \fB\-norandkey\fP
+\fB\-norandkey\fP
Do not randomize the keys. The keys and their version numbers stay
unchanged. This option cannot be specified in combination with the
\fB\-e\fP option.
The options are:
.INDENT 0.0
.TP
-.B \fB\-k[eytab]\fP \fIkeytab\fP
+\fB\-k[eytab]\fP \fIkeytab\fP
Use \fIkeytab\fP as the keytab file. Otherwise, the default keytab is
used.
.TP
-.B \fB\-q\fP
+\fB\-q\fP
Display less verbose information.
.UNINDENT
.sp
.sp
The kadmin program was originally written by Tom Yu at MIT, as an
interface to the OpenVision Kerberos administration program.
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkpasswd(1)\fP, \fIkadmind(8)\fP
+kpasswd(1), kadmind(8), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KADMIND" "8" " " "1.16" "MIT Kerberos"
+.TH "KADMIND" "8" " " "1.17" "MIT Kerberos"
.SH NAME
kadmind \- KADM5 administration server
.
runs on the master Kerberos server, which stores the KDC database. If
the KDC database uses the LDAP module, the administration server and
the KDC server need not run on the same machine. kadmind accepts
-remote requests from programs such as \fIkadmin(1)\fP and
-\fIkpasswd(1)\fP to administer the information in these database.
+remote requests from programs such as kadmin(1) and
+kpasswd(1) to administer the information in these database.
.sp
kadmind requires a number of configuration files to be set up in order
for it to work:
.INDENT 0.0
.TP
-.B \fIkdc.conf(5)\fP
+.B kdc.conf(5)
The KDC configuration file contains configuration information for
the KDC and admin servers. kadmind uses settings in this file to
locate the Kerberos database, and is also affected by the
\fBacl_file\fP, \fBdict_file\fP, \fBkadmind_port\fP, and iprop\-related
settings.
.TP
-.B \fIkadm5.acl(5)\fP
+.B kadm5.acl(5)
kadmind\(aqs ACL (access control list) tells it which principals are
allowed to perform administration actions. The pathname to the
-ACL file can be specified with the \fBacl_file\fP \fIkdc.conf(5)\fP
+ACL file can be specified with the \fBacl_file\fP kdc.conf(5)
variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&.
.UNINDENT
.sp
disassociates itself from its controlling terminal.
.sp
kadmind can be configured for incremental database propagation.
-Incremental propagation allows slave KDC servers to receive principal
-and policy updates incrementally instead of receiving full dumps of
-the database. This facility can be enabled in the \fIkdc.conf(5)\fP
-file with the \fBiprop_enable\fP option. Incremental propagation
-requires the principal \fBkiprop/MASTER\e@REALM\fP (where MASTER is the
-master KDC\(aqs canonical host name, and REALM the realm name). In
-release 1.13, this principal is automatically created and registered
-into the datebase.
+Incremental propagation allows replica KDC servers to receive
+principal and policy updates incrementally instead of receiving full
+dumps of the database. This facility can be enabled in the
+kdc.conf(5) file with the \fBiprop_enable\fP option. Incremental
+propagation requires the principal \fBkiprop/MASTER\e@REALM\fP (where
+MASTER is the master KDC\(aqs canonical host name, and REALM the realm
+name). In release 1.13, this principal is automatically created and
+registered into the datebase.
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
specifies the realm that kadmind will serve; if it is not
specified, the default realm of the host is used.
.TP
-.B \fB\-m\fP
+\fB\-m\fP
causes the master database password to be fetched from the
keyboard (before the server puts itself in the background, if not
invoked with the \fB\-nofork\fP option) rather than from a file on
disk.
.TP
-.B \fB\-nofork\fP
+\fB\-nofork\fP
causes the server to remain in the foreground and remain
associated to the terminal. In normal operation, you should allow
the server to place itself in the background.
.TP
-.B \fB\-proponly\fP
-causes the server to only listen and respond to Kerberos slave
+\fB\-proponly\fP
+causes the server to only listen and respond to Kerberos replica
incremental propagation polling requests. This option can be used
-to set up a hierarchical propagation topology where a slave KDC
-provides incremental updates to other Kerberos slaves.
+to set up a hierarchical propagation topology where a replica KDC
+provides incremental updates to other Kerberos replicas.
.TP
-.B \fB\-port\fP \fIport\-number\fP
+\fB\-port\fP \fIport\-number\fP
specifies the port on which the administration server listens for
connections. The default port is determined by the
-\fBkadmind_port\fP configuration variable in \fIkdc.conf(5)\fP\&.
+\fBkadmind_port\fP configuration variable in kdc.conf(5)\&.
.TP
-.B \fB\-P\fP \fIpid_file\fP
+\fB\-P\fP \fIpid_file\fP
specifies the file to which the PID of kadmind process should be
written after it starts up. This file can be used to identify
whether kadmind is still running and to allow init scripts to stop
the correct process.
.TP
-.B \fB\-p\fP \fIkdb5_util_path\fP
+\fB\-p\fP \fIkdb5_util_path\fP
specifies the path to the kdb5_util command to use when dumping the
KDB in response to full resync requests when iprop is enabled.
.TP
-.B \fB\-K\fP \fIkprop_path\fP
+\fB\-K\fP \fIkprop_path\fP
specifies the path to the kprop command to use to send full dumps
-to slaves in response to full resync requests.
+to replicas in response to full resync requests.
.TP
-.B \fB\-k\fP \fIkprop_port\fP
-specifies the port by which the kprop process that is spawned by kadmind
-connects to the slave kpropd, in order to transfer the dump file during
-an iprop full resync request.
+\fB\-k\fP \fIkprop_port\fP
+specifies the port by which the kprop process that is spawned by
+kadmind connects to the replica kpropd, in order to transfer the
+dump file during an iprop full resync request.
.TP
-.B \fB\-F\fP \fIdump_file\fP
+\fB\-F\fP \fIdump_file\fP
specifies the file path to be used for dumping the KDB in response
to full resync requests when iprop is enabled.
.TP
-.B \fB\-x\fP \fIdb_args\fP
-specifies database\-specific arguments. See \fIDatabase Options\fP in \fIkadmin(1)\fP for supported arguments.
+\fB\-x\fP \fIdb_args\fP
+specifies database\-specific arguments. See Database Options in kadmin(1) for supported arguments.
.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkpasswd(1)\fP, \fIkadmin(1)\fP, \fIkdb5_util(8)\fP,
-\fIkdb5_ldap_util(8)\fP, \fIkadm5.acl(5)\fP
+kpasswd(1), kadmin(1), kdb5_util(8),
+kdb5_ldap_util(8), kadm5.acl(5), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KDB5_LDAP_UTIL" "8" " " "1.16" "MIT Kerberos"
+.TH "KDB5_LDAP_UTIL" "8" " " "1.17" "MIT Kerberos"
.SH NAME
kdb5_ldap_util \- Kerberos configuration utility
.
.SH COMMAND-LINE OPTIONS
.INDENT 0.0
.TP
-.B \fB\-D\fP \fIuser_dn\fP
+\fB\-D\fP \fIuser_dn\fP
Specifies the Distinguished Name (DN) of the user who has
sufficient rights to perform the operation on the LDAP server.
.TP
-.B \fB\-w\fP \fIpasswd\fP
+\fB\-w\fP \fIpasswd\fP
Specifies the password of \fIuser_dn\fP\&. This option is not
recommended.
.TP
-.B \fB\-H\fP \fIldapuri\fP
+\fB\-H\fP \fIldapuri\fP
Specifies the URI of the LDAP server. It is recommended to use
\fBldapi://\fP or \fBldaps://\fP to connect to the LDAP server.
.UNINDENT
Creates realm in directory. Options:
.INDENT 0.0
.TP
-.B \fB\-subtrees\fP \fIsubtree_dn_list\fP
+\fB\-subtrees\fP \fIsubtree_dn_list\fP
Specifies the list of subtrees containing the principals of a
realm. The list contains the DNs of the subtree objects separated
by colon (\fB:\fP).
.TP
-.B \fB\-sscope\fP \fIsearch_scope\fP
+\fB\-sscope\fP \fIsearch_scope\fP
Specifies the scope for searching the principals under the
subtree. The possible values are 1 or one (one level), 2 or sub
(subtrees).
.TP
-.B \fB\-containerref\fP \fIcontainer_reference_dn\fP
+\fB\-containerref\fP \fIcontainer_reference_dn\fP
Specifies the DN of the container object in which the principals
of a realm will be created. If the container reference is not
configured for a realm, the principals will be created in the
realm container.
.TP
-.B \fB\-k\fP \fImkeytype\fP
+\fB\-k\fP \fImkeytype\fP
Specifies the key type of the master key in the database. The
default is given by the \fBmaster_key_type\fP variable in
-\fIkdc.conf(5)\fP\&.
+kdc.conf(5)\&.
.TP
-.B \fB\-kv\fP \fImkeyVNO\fP
+\fB\-kv\fP \fImkeyVNO\fP
Specifies the version number of the master key in the database;
the default is 1. Note that 0 is not allowed.
.TP
-.B \fB\-m\fP
+\fB\-m\fP
Specifies that the master database password should be read from
the TTY rather than fetched from a file on the disk.
.TP
-.B \fB\-P\fP \fIpassword\fP
+\fB\-P\fP \fIpassword\fP
Specifies the master database password. This option is not
recommended.
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
Specifies the Kerberos realm of the database.
.TP
-.B \fB\-sf\fP \fIstashfilename\fP
+\fB\-sf\fP \fIstashfilename\fP
Specifies the stash file of the master database password.
.TP
-.B \fB\-s\fP
+\fB\-s\fP
Specifies that the stash file is to be created.
.TP
-.B \fB\-maxtktlife\fP \fImax_ticket_life\fP
-(\fIgetdate\fP string) Specifies maximum ticket life for
+\fB\-maxtktlife\fP \fImax_ticket_life\fP
+(getdate string) Specifies maximum ticket life for
principals in this realm.
.TP
-.B \fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP
-(\fIgetdate\fP string) Specifies maximum renewable life of
+\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP
+(getdate string) Specifies maximum renewable life of
tickets for principals in this realm.
.TP
.B \fIticket_flags\fP
Specifies global ticket flags for the realm. Allowable flags are
documented in the description of the \fBadd_principal\fP command in
-\fIkadmin(1)\fP\&.
+kadmin(1)\&.
.UNINDENT
.sp
Example:
Modifies the attributes of a realm. Options:
.INDENT 0.0
.TP
-.B \fB\-subtrees\fP \fIsubtree_dn_list\fP
+\fB\-subtrees\fP \fIsubtree_dn_list\fP
Specifies the list of subtrees containing the principals of a
realm. The list contains the DNs of the subtree objects separated
by colon (\fB:\fP). This list replaces the existing list.
.TP
-.B \fB\-sscope\fP \fIsearch_scope\fP
+\fB\-sscope\fP \fIsearch_scope\fP
Specifies the scope for searching the principals under the
subtrees. The possible values are 1 or one (one level), 2 or sub
(subtrees).
.TP
-.B \fB\-containerref\fP \fIcontainer_reference_dn\fP Specifies the DN of the
+\fB\-containerref\fP \fIcontainer_reference_dn\fP Specifies the DN of the
container object in which the principals of a realm will be
created.
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
Specifies the Kerberos realm of the database.
.TP
-.B \fB\-maxtktlife\fP \fImax_ticket_life\fP
-(\fIgetdate\fP string) Specifies maximum ticket life for
+\fB\-maxtktlife\fP \fImax_ticket_life\fP
+(getdate string) Specifies maximum ticket life for
principals in this realm.
.TP
-.B \fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP
-(\fIgetdate\fP string) Specifies maximum renewable life of
+\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP
+(getdate string) Specifies maximum renewable life of
tickets for principals in this realm.
.TP
.B \fIticket_flags\fP
Specifies global ticket flags for the realm. Allowable flags are
documented in the description of the \fBadd_principal\fP command in
-\fIkadmin(1)\fP\&.
+kadmin(1)\&.
.UNINDENT
.sp
Example:
Displays the attributes of a realm. Options:
.INDENT 0.0
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
Specifies the Kerberos realm of the database.
.UNINDENT
.sp
Destroys an existing realm. Options:
.INDENT 0.0
.TP
-.B \fB\-f\fP
+\fB\-f\fP
If specified, will not prompt the user for confirmation.
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
Specifies the Kerberos realm of the database.
.UNINDENT
.sp
to the LDAP server. Options:
.INDENT 0.0
.TP
-.B \fB\-f\fP \fIfilename\fP
+\fB\-f\fP \fIfilename\fP
Specifies the complete path of the service password file. By
default, \fB/usr/local/var/service_passwd\fP is used.
.TP
.B \fIname\fP
Specifies the name of the object whose password is to be stored.
-If \fIkrb5kdc(8)\fP or \fIkadmind(8)\fP are configured for
+If krb5kdc(8) or kadmind(8) are configured for
simple binding, this should be the distinguished name it will
use as given by the \fBldap_kdc_dn\fP or \fBldap_kadmind_dn\fP
-variable in \fIkdc.conf(5)\fP\&. If the KDC or kadmind is
+variable in kdc.conf(5)\&. If the KDC or kadmind is
configured for SASL binding, this should be the authentication
name it will use as given by the \fBldap_kdc_sasl_authcid\fP or
\fBldap_kadmind_sasl_authcid\fP variable.
Creates a ticket policy in the directory. Options:
.INDENT 0.0
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
Specifies the Kerberos realm of the database.
.TP
-.B \fB\-maxtktlife\fP \fImax_ticket_life\fP
-(\fIgetdate\fP string) Specifies maximum ticket life for
+\fB\-maxtktlife\fP \fImax_ticket_life\fP
+(getdate string) Specifies maximum ticket life for
principals.
.TP
-.B \fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP
-(\fIgetdate\fP string) Specifies maximum renewable life of
+\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP
+(getdate string) Specifies maximum renewable life of
tickets for principals.
.TP
.B \fIticket_flags\fP
Specifies the ticket flags. If this option is not specified, by
default, no restriction will be set by the policy. Allowable
flags are documented in the description of the \fBadd_principal\fP
-command in \fIkadmin(1)\fP\&.
+command in kadmin(1)\&.
.TP
.B \fIpolicy_name\fP
Specifies the name of the ticket policy.
Destroys an existing ticket policy. Options:
.INDENT 0.0
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
Specifies the Kerberos realm of the database.
.TP
-.B \fB\-force\fP
+\fB\-force\fP
Forces the deletion of the policy object. If not specified, the
user will be prompted for confirmation before deleting the policy.
.TP
realm. Options:
.INDENT 0.0
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
Specifies the Kerberos realm of the database.
.UNINDENT
.sp
.fi
.UNINDENT
.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkadmin(1)\fP
+kadmin(1), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KDB5_UTIL" "8" " " "1.16" "MIT Kerberos"
+.TH "KDB5_UTIL" "8" " " "1.17" "MIT Kerberos"
.SH NAME
kdb5_util \- Kerberos database maintenance utility
.
[\fB\-r\fP \fIrealm\fP]
[\fB\-d\fP \fIdbname\fP]
[\fB\-k\fP \fImkeytype\fP]
-[\fB\-M\fP \fImkeyname\fP]
[\fB\-kv\fP \fImkeyVNO\fP]
-[\fB\-sf\fP \fIstashfilename\fP]
+[\fB\-M\fP \fImkeyname\fP]
[\fB\-m\fP]
+[\fB\-sf\fP \fIstashfilename\fP]
+[\fB\-P\fP \fIpassword\fP]
+[\fB\-x\fP \fIdb_args\fP]
\fIcommand\fP [\fIcommand_options\fP]
.SH DESCRIPTION
.sp
.SH COMMAND-LINE OPTIONS
.INDENT 0.0
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
specifies the Kerberos realm of the database.
.TP
-.B \fB\-d\fP \fIdbname\fP
+\fB\-d\fP \fIdbname\fP
specifies the name under which the principal database is stored;
-by default the database is that listed in \fIkdc.conf(5)\fP\&. The
+by default the database is that listed in kdc.conf(5)\&. The
password policy database and lock files are also derived from this
value.
.TP
-.B \fB\-k\fP \fImkeytype\fP
+\fB\-k\fP \fImkeytype\fP
specifies the key type of the master key in the database. The
default is given by the \fBmaster_key_type\fP variable in
-\fIkdc.conf(5)\fP\&.
+kdc.conf(5)\&.
.TP
-.B \fB\-kv\fP \fImkeyVNO\fP
+\fB\-kv\fP \fImkeyVNO\fP
Specifies the version number of the master key in the database;
the default is 1. Note that 0 is not allowed.
.TP
-.B \fB\-M\fP \fImkeyname\fP
+\fB\-M\fP \fImkeyname\fP
principal name for the master key in the database. If not
specified, the name is determined by the \fBmaster_key_name\fP
-variable in \fIkdc.conf(5)\fP\&.
+variable in kdc.conf(5)\&.
.TP
-.B \fB\-m\fP
+\fB\-m\fP
specifies that the master database password should be read from
the keyboard rather than fetched from a file on disk.
.TP
-.B \fB\-sf\fP \fIstash_file\fP
+\fB\-sf\fP \fIstash_file\fP
specifies the stash filename of the master database password. If
not specified, the filename is determined by the
-\fBkey_stash_file\fP variable in \fIkdc.conf(5)\fP\&.
+\fBkey_stash_file\fP variable in kdc.conf(5)\&.
.TP
-.B \fB\-P\fP \fIpassword\fP
+\fB\-P\fP \fIpassword\fP
specifies the master database password. Using this option may
expose the password to other users on the system via the process
list.
+.TP
+\fB\-x\fP \fIdb_args\fP
+specifies database\-specific options. See kadmin(1) for
+supported options.
.UNINDENT
.SH COMMANDS
.SS create
.sp
Stores the master principal\(aqs keys in a stash file. The \fB\-f\fP
argument can be used to override the \fIkeyfile\fP specified in
-\fIkdc.conf(5)\fP\&.
+kdc.conf(5)\&.
.SS dump
.INDENT 0.0
.INDENT 3.5
-\fBdump\fP [\fB\-b7\fP|\fB\-ov\fP|\fB\-r13\fP] [\fB\-verbose\fP]
-[\fB\-mkey_convert\fP] [\fB\-new_mkey_file\fP \fImkey_file\fP] [\fB\-rev\fP]
-[\fB\-recurse\fP] [\fIfilename\fP [\fIprincipals\fP\&...]]
+\fBdump\fP [\fB\-b7\fP|\fB\-ov\fP|\fB\-r13\fP|\fB\-r18\fP]
+[\fB\-verbose\fP] [\fB\-mkey_convert\fP] [\fB\-new_mkey_file\fP
+\fImkey_file\fP] [\fB\-rev\fP] [\fB\-recurse\fP] [\fIfilename\fP
+[\fIprincipals\fP\&...]]
.UNINDENT
.UNINDENT
.sp
"\-", the dump is sent to standard output. Options:
.INDENT 0.0
.TP
-.B \fB\-b7\fP
+\fB\-b7\fP
causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util
load_dump version 4"). This was the dump format produced on
releases prior to 1.2.2.
.TP
-.B \fB\-ov\fP
+\fB\-ov\fP
causes the dump to be in "ovsec_adm_export" format.
.TP
-.B \fB\-r13\fP
+\fB\-r13\fP
causes the dump to be in the Kerberos 5 1.3 format ("kdb5_util
load_dump version 5"). This was the dump format produced on
releases prior to 1.8.
.TP
-.B \fB\-r18\fP
+\fB\-r18\fP
causes the dump to be in the Kerberos 5 1.8 format ("kdb5_util
load_dump version 6"). This was the dump format produced on
releases prior to 1.11.
.TP
-.B \fB\-verbose\fP
+\fB\-verbose\fP
causes the name of each principal and policy to be printed as it
is dumped.
.TP
-.B \fB\-mkey_convert\fP
+\fB\-mkey_convert\fP
prompts for a new master key. This new master key will be used to
re\-encrypt principal key data in the dumpfile. The principal keys
themselves will not be changed.
.TP
-.B \fB\-new_mkey_file\fP \fImkey_file\fP
+\fB\-new_mkey_file\fP \fImkey_file\fP
the filename of a stash file. The master key in this stash file
will be used to re\-encrypt the key data in the dumpfile. The key
data in the database will not be changed.
.TP
-.B \fB\-rev\fP
+\fB\-rev\fP
dumps in reverse order. This may recover principals that do not
dump normally, in cases where database corruption has occurred.
.TP
-.B \fB\-recurse\fP
+\fB\-recurse\fP
causes the dump to walk the database recursively (btree only).
This may recover principals that do not dump normally, in cases
where database corruption has occurred. In cases of such
.SS load
.INDENT 0.0
.INDENT 3.5
-\fBload\fP [\fB\-b7\fP|\fB\-ov\fP|\fB\-r13\fP] [\fB\-hash\fP]
-[\fB\-verbose\fP] [\fB\-update\fP] \fIfilename\fP [\fIdbname\fP]
+\fBload\fP [\fB\-b7\fP|\fB\-ov\fP|\fB\-r13\fP|\fB\-r18\fP] [\fB\-hash\fP]
+[\fB\-verbose\fP] [\fB\-update\fP] \fIfilename\fP
.UNINDENT
.UNINDENT
.sp
Options:
.INDENT 0.0
.TP
-.B \fB\-b7\fP
+\fB\-b7\fP
requires the database to be in the Kerberos 5 Beta 7 format
("kdb5_util load_dump version 4"). This was the dump format
produced on releases prior to 1.2.2.
.TP
-.B \fB\-ov\fP
+\fB\-ov\fP
requires the database to be in "ovsec_adm_import" format. Must be
used with the \fB\-update\fP option.
.TP
-.B \fB\-r13\fP
+\fB\-r13\fP
requires the database to be in Kerberos 5 1.3 format ("kdb5_util
load_dump version 5"). This was the dump format produced on
releases prior to 1.8.
.TP
-.B \fB\-r18\fP
+\fB\-r18\fP
requires the database to be in Kerberos 5 1.8 format ("kdb5_util
load_dump version 6"). This was the dump format produced on
releases prior to 1.11.
.TP
-.B \fB\-hash\fP
-requires the database to be stored as a hash. If this option is
-not specified, the database will be stored as a btree. This
-option is not recommended, as databases stored in hash format are
-known to corrupt data and lose principals.
+\fB\-hash\fP
+stores the database in hash format, if using the DB2 database
+type. If this option is not specified, the database will be
+stored in btree format. This option is not recommended, as
+databases stored in hash format are known to corrupt data and lose
+principals.
.TP
-.B \fB\-verbose\fP
+\fB\-verbose\fP
causes the name of each principal and policy to be printed as it
is dumped.
.TP
-.B \fB\-update\fP
+\fB\-update\fP
records from the dump file are added to or updated in the existing
database. Otherwise, a new database is created containing only
what is in the dump file and the old one destroyed upon successful
completion.
.UNINDENT
-.sp
-If specified, \fIdbname\fP overrides the value specified on the command
-line or the default.
.SS ark
.INDENT 0.0
.INDENT 3.5
Adds a new master key to the master key principal, but does not mark
it as active. Existing master keys will remain. The \fB\-e\fP option
specifies the encryption type of the new master key; see
-\fIEncryption_types\fP in \fIkdc.conf(5)\fP for a list of possible
+Encryption_types in kdc.conf(5) for a list of possible
values. The \fB\-s\fP option stashes the new master key in the stash
file, which will be created if it doesn\(aqt already exist.
.sp
-After a new master key is added, it should be propagated to slave
-servers via a manual or periodic invocation of \fIkprop(8)\fP\&. Then,
-the stash files on the slave servers should be updated with the
+After a new master key is added, it should be propagated to replica
+servers via a manual or periodic invocation of kprop(8)\&. Then,
+the stash files on the replica servers should be updated with the
kdb5_util \fBstash\fP command. Once those steps are complete, the key
is ready to be marked active with the kdb5_util \fBuse_mkey\fP command.
.SS use_mkey
Once a master key becomes active, it will be used to encrypt newly
created principal keys. If no \fItime\fP argument is given, the current
time is used, causing the specified master key version to become
-active immediately. The format for \fItime\fP is \fIgetdate\fP string.
+active immediately. The format for \fItime\fP is getdate string.
.sp
After a new master key becomes active, the kdb5_util
\fBupdate_princ_encryption\fP command can be used to update all
.sp
List all master keys, from most recent to earliest, in the master key
principal. The output will show the kvno, enctype, and salt type for
-each mkey, similar to the output of \fIkadmin(1)\fP \fBgetprinc\fP\&. A
+each mkey, similar to the output of kadmin(1) \fBgetprinc\fP\&. A
\fB*\fP following an mkey denotes the currently active master key.
.SS purge_mkeys
.INDENT 0.0
keys all principal keys are protected by a newer master key.
.INDENT 0.0
.TP
-.B \fB\-f\fP
+\fB\-f\fP
does not prompt for confirmation.
.TP
-.B \fB\-n\fP
+\fB\-n\fP
performs a dry run, showing master keys that would be purged, but
not actually purging any keys.
.TP
-.B \fB\-v\fP
+\fB\-v\fP
gives more verbose output.
.UNINDENT
.SS update_princ_encryption
Options:
.INDENT 0.0
.TP
-.B \fB\-H\fP
+\fB\-H\fP
suppress writing the field names in a header line
.TP
-.B \fB\-c\fP
+\fB\-c\fP
use comma separated values (CSV) format, with minimal quoting,
instead of the default tab\-separated (unquoted, unescaped) format
.TP
-.B \fB\-e\fP
+\fB\-e\fP
write empty hexadecimal string fields as empty fields instead of
as "\-1".
.TP
-.B \fB\-n\fP
+\fB\-n\fP
produce numeric output for fields that normally have symbolic
output, such as enctypes and flag names. Also requests output of
time stamps as decimal POSIX time_t values.
.TP
-.B \fB\-o\fP \fIoutfile\fP
+\fB\-o\fP \fIoutfile\fP
write the dump to the specified output file instead of to standard
output
.UNINDENT
Dump types:
.INDENT 0.0
.TP
-.B \fBkeydata\fP
+\fBkeydata\fP
principal encryption key information, including actual key data
(which is still encrypted in the master key)
.INDENT 7.0
.TP
-.B \fBname\fP
+\fBname\fP
principal name
.TP
-.B \fBkeyindex\fP
+\fBkeyindex\fP
index of this key in the principal\(aqs key list
.TP
-.B \fBkvno\fP
+\fBkvno\fP
key version number
.TP
-.B \fBenctype\fP
+\fBenctype\fP
encryption type
.TP
-.B \fBkey\fP
+\fBkey\fP
key data as a hexadecimal string
.TP
-.B \fBsalttype\fP
+\fBsalttype\fP
salt type
.TP
-.B \fBsalt\fP
+\fBsalt\fP
salt data as a hexadecimal string
.UNINDENT
.TP
-.B \fBkeyinfo\fP
+\fBkeyinfo\fP
principal encryption key information (as in \fBkeydata\fP above),
excluding actual key data
.TP
-.B \fBprinc_flags\fP
+\fBprinc_flags\fP
principal boolean attributes. Flag names print as hexadecimal
numbers if the \fB\-n\fP option is specified, and all flag positions
are printed regardless of whether or not they are set. If \fB\-n\fP
set.
.INDENT 7.0
.TP
-.B \fBname\fP
+\fBname\fP
principal name
.TP
-.B \fBflag\fP
+\fBflag\fP
flag name
.TP
-.B \fBvalue\fP
+\fBvalue\fP
boolean value (0 for clear, or 1 for set)
.UNINDENT
.TP
-.B \fBprinc_lockout\fP
+\fBprinc_lockout\fP
state information used for tracking repeated password failures
.INDENT 7.0
.TP
-.B \fBname\fP
+\fBname\fP
principal name
.TP
-.B \fBlast_success\fP
+\fBlast_success\fP
time stamp of most recent successful authentication
.TP
-.B \fBlast_failed\fP
+\fBlast_failed\fP
time stamp of most recent failed authentication
.TP
-.B \fBfail_count\fP
+\fBfail_count\fP
count of failed attempts
.UNINDENT
.TP
-.B \fBprinc_meta\fP
+\fBprinc_meta\fP
principal metadata
.INDENT 7.0
.TP
-.B \fBname\fP
+\fBname\fP
principal name
.TP
-.B \fBmodby\fP
+\fBmodby\fP
name of last principal to modify this principal
.TP
-.B \fBmodtime\fP
+\fBmodtime\fP
timestamp of last modification
.TP
-.B \fBlastpwd\fP
+\fBlastpwd\fP
timestamp of last password change
.TP
-.B \fBpolicy\fP
+\fBpolicy\fP
policy object name
.TP
-.B \fBmkvno\fP
+\fBmkvno\fP
key version number of the master key that encrypts this
principal\(aqs key data
.TP
-.B \fBhist_kvno\fP
+\fBhist_kvno\fP
key version number of the history key that encrypts the key
history data for this principal
.UNINDENT
.TP
-.B \fBprinc_stringattrs\fP
+\fBprinc_stringattrs\fP
string attributes (key/value pairs)
.INDENT 7.0
.TP
-.B \fBname\fP
+\fBname\fP
principal name
.TP
-.B \fBkey\fP
+\fBkey\fP
attribute name
.TP
-.B \fBvalue\fP
+\fBvalue\fP
attribute value
.UNINDENT
.TP
-.B \fBprinc_tktpolicy\fP
+\fBprinc_tktpolicy\fP
per\-principal ticket policy data, including maximum ticket
lifetimes
.INDENT 7.0
.TP
-.B \fBname\fP
+\fBname\fP
principal name
.TP
-.B \fBexpiration\fP
+\fBexpiration\fP
principal expiration date
.TP
-.B \fBpw_expiration\fP
+\fBpw_expiration\fP
password expiration date
.TP
-.B \fBmax_life\fP
+\fBmax_life\fP
maximum ticket lifetime
.TP
-.B \fBmax_renew_life\fP
+\fBmax_renew_life\fP
maximum renewable ticket lifetime
.UNINDENT
.UNINDENT
.fi
.UNINDENT
.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkadmin(1)\fP
+kadmin(1), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KDC.CONF" "5" " " "1.16" "MIT Kerberos"
+.TH "KDC.CONF" "5" " " "1.17" "MIT Kerberos"
.SH NAME
kdc.conf \- Kerberos V5 KDC configuration file
.
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.sp
-The kdc.conf file supplements \fIkrb5.conf(5)\fP for programs which
-are typically only used on a KDC, such as the \fIkrb5kdc(8)\fP and
-\fIkadmind(8)\fP daemons and the \fIkdb5_util(8)\fP program.
+The kdc.conf file supplements krb5.conf(5) for programs which
+are typically only used on a KDC, such as the krb5kdc(8) and
+kadmind(8) daemons and the kdb5_util(8) program.
Relations documented here may also be specified in krb5.conf; for the
KDC programs mentioned, krb5.conf and kdc.conf will be merged into a
single configuration profile.
.SH STRUCTURE
.sp
The kdc.conf file is set up in the same format as the
-\fIkrb5.conf(5)\fP file.
+krb5.conf(5) file.
.SH SECTIONS
.sp
The kdc.conf file may contain the following sections:
.TE
.SS [kdcdefaults]
.sp
-With two exceptions, relations in the [kdcdefaults] section specify
-default values for realm variables, to be used if the [realms]
-subsection does not contain a relation for the tag. See the
-\fI\%[realms]\fP section for the definitions of these relations.
+Some relations in the [kdcdefaults] section specify default values for
+realm variables, to be used if the [realms] subsection does not
+contain a relation for the tag. See the \fI\%[realms]\fP section for
+the definitions of these relations.
.INDENT 0.0
.IP \(bu 2
\fBhost_based_services\fP
.IP \(bu 2
\fBrestrict_anonymous_to_tgt\fP
.UNINDENT
+.sp
+The following [kdcdefaults] variables have no per\-realm equivalent:
.INDENT 0.0
.TP
-.B \fBkdc_max_dgram_reply_size\fP
+\fBkdc_max_dgram_reply_size\fP
Specifies the maximum packet size that can be sent over UDP. The
default value is 4096 bytes.
.TP
-.B \fBkdc_tcp_listen_backlog\fP
+\fBkdc_tcp_listen_backlog\fP
(Integer.) Set the size of the listen queue length for the KDC
daemon. The value may be limited by OS settings. The default
value is 5.
+.TP
+\fBspake_preauth_kdc_challenge\fP
+(String.) Specifies the group for a SPAKE optimistic challenge.
+See the \fBspake_preauth_groups\fP variable in libdefaults
+for possible values. The default is not to issue an optimistic
+challenge. (New in release 1.17.)
.UNINDENT
.SS [realms]
.sp
The following tags may be specified in a [realms] subsection:
.INDENT 0.0
.TP
-.B \fBacl_file\fP
+\fBacl_file\fP
(String.) Location of the access control list file that
-\fIkadmind(8)\fP uses to determine which principals are allowed
+kadmind(8) uses to determine which principals are allowed
which permissions on the Kerberos database. To operate without an
ACL file, set this relation to the empty string with \fBacl_file =
""\fP\&. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. For more
-information on Kerberos ACL file see \fIkadm5.acl(5)\fP\&.
+information on Kerberos ACL file see kadm5.acl(5)\&.
.TP
-.B \fBdatabase_module\fP
+\fBdatabase_module\fP
(String.) This relation indicates the name of the configuration
section under \fI\%[dbmodules]\fP for database\-specific parameters
used by the loadable database library. The default value is the
realm name. If this configuration section does not exist, default
values will be used for all database parameters.
.TP
-.B \fBdatabase_name\fP
+\fBdatabase_name\fP
(String, deprecated.) This relation specifies the location of the
Kerberos database for this realm, if the DB2 module is being used
and the \fI\%[dbmodules]\fP configuration section does not specify a
database name. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP\&.
.TP
-.B \fBdefault_principal_expiration\fP
-(\fIabstime\fP string.) Specifies the default expiration date of
+\fBdefault_principal_expiration\fP
+(abstime string.) Specifies the default expiration date of
principals created in this realm. The default value is 0, which
means no expiration date.
.TP
-.B \fBdefault_principal_flags\fP
+\fBdefault_principal_flags\fP
(Flag string.) Specifies the default attributes of principals
created in this realm. The format for this string is a
comma\-separated list of flags, with \(aq+\(aq before each flag that
There are a number of possible flags:
.INDENT 7.0
.TP
-.B \fBallow\-tickets\fP
+\fBallow\-tickets\fP
Enabling this flag means that the KDC will issue tickets for
this principal. Disabling this flag essentially deactivates
the principal within this realm.
.TP
-.B \fBdup\-skey\fP
-Enabling this flag allows the principal to obtain a session
-key for another user, permitting user\-to\-user authentication
-for this principal.
+\fBdup\-skey\fP
+Enabling this flag allows the KDC to issue user\-to\-user
+service tickets for this principal.
.TP
-.B \fBforwardable\fP
+\fBforwardable\fP
Enabling this flag allows the principal to obtain forwardable
tickets.
.TP
-.B \fBhwauth\fP
+\fBhwauth\fP
If this flag is enabled, then the principal is required to
preauthenticate using a hardware device before receiving any
tickets.
.TP
-.B \fBno\-auth\-data\-required\fP
+\fBno\-auth\-data\-required\fP
Enabling this flag prevents PAC or AD\-SIGNEDPATH data from
being added to service tickets for the principal.
.TP
-.B \fBok\-as\-delegate\fP
+\fBok\-as\-delegate\fP
If this flag is enabled, it hints the client that credentials
can and should be delegated when authenticating to the
service.
.TP
-.B \fBok\-to\-auth\-as\-delegate\fP
+\fBok\-to\-auth\-as\-delegate\fP
Enabling this flag allows the principal to use S4USelf tickets.
.TP
-.B \fBpostdateable\fP
+\fBpostdateable\fP
Enabling this flag allows the principal to obtain postdateable
tickets.
.TP
-.B \fBpreauth\fP
+\fBpreauth\fP
If this flag is enabled on a client principal, then that
principal is required to preauthenticate to the KDC before
receiving any tickets. On a service principal, enabling this
be issued to clients with a TGT that has the preauthenticated
bit set.
.TP
-.B \fBproxiable\fP
+\fBproxiable\fP
Enabling this flag allows the principal to obtain proxy
tickets.
.TP
-.B \fBpwchange\fP
+\fBpwchange\fP
Enabling this flag forces a password change for this
principal.
.TP
-.B \fBpwservice\fP
+\fBpwservice\fP
If this flag is enabled, it marks this principal as a password
change service. This should only be used in special cases,
for example, if a user\(aqs password has expired, then the user
the normal password authentication in order to be able to
change the password.
.TP
-.B \fBrenewable\fP
+\fBrenewable\fP
Enabling this flag allows the principal to obtain renewable
tickets.
.TP
-.B \fBservice\fP
+\fBservice\fP
Enabling this flag allows the the KDC to issue service tickets
-for this principal.
+for this principal. In release 1.17 and later, user\-to\-user
+service tickets are still allowed if the \fBdup\-skey\fP flag is
+set.
.TP
-.B \fBtgt\-based\fP
+\fBtgt\-based\fP
Enabling this flag allows a principal to obtain tickets based
on a ticket\-granting\-ticket, rather than repeating the
authentication process that was used to obtain the TGT.
.UNINDENT
.TP
-.B \fBdict_file\fP
+\fBdict_file\fP
(String.) Location of the dictionary file containing strings that
are not allowed as passwords. The file should contain one string
per line, with no additional whitespace. If none is specified or
if there is no policy assigned to the principal, no dictionary
checks of passwords will be performed.
.TP
-.B \fBencrypted_challenge_indicator\fP
+\fBencrypted_challenge_indicator\fP
(String.) Specifies the authentication indicator value that the KDC
asserts into tickets obtained using FAST encrypted challenge
pre\-authentication. New in 1.16.
.TP
-.B \fBhost_based_services\fP
+\fBhost_based_services\fP
(Whitespace\- or comma\-separated list.) Lists services which will
get host\-based referral processing even if the server principal is
not marked as host\-based by the client.
.TP
-.B \fBiprop_enable\fP
+\fBiprop_enable\fP
(Boolean value.) Specifies whether incremental database
propagation is enabled. The default value is false.
.TP
-.B \fBiprop_master_ulogsize\fP
+\fBiprop_master_ulogsize\fP
(Integer.) Specifies the maximum number of log entries to be
retained for incremental propagation. The default value is 1000.
Prior to release 1.11, the maximum value was 2500.
.TP
-.B \fBiprop_slave_poll\fP
-(Delta time string.) Specifies how often the slave KDC polls for
-new updates from the master. The default value is \fB2m\fP (that
-is, two minutes).
+\fBiprop_replica_poll\fP
+(Delta time string.) Specifies how often the replica KDC polls
+for new updates from the master. The default value is \fB2m\fP
+(that is, two minutes). New in release 1.17.
.TP
-.B \fBiprop_listen\fP
+\fBiprop_slave_poll\fP
+(Delta time string.) The name for \fBiprop_replica_poll\fP prior to
+release 1.17. Its value is used as a fallback if
+\fBiprop_replica_poll\fP is not specified.
+.TP
+\fBiprop_listen\fP
(Whitespace\- or comma\-separated list.) Specifies the iprop RPC
-listening addresses and/or ports for the \fIkadmind(8)\fP daemon.
+listening addresses and/or ports for the kadmind(8) daemon.
Each entry may be an interface address, a port number, or an
address and port number separated by a colon. If the address
contains colons, enclose it in square brackets. If no address is
address at the port specified in \fBiprop_port\fP\&. New in release
1.15.
.TP
-.B \fBiprop_port\fP
+\fBiprop_port\fP
(Port number.) Specifies the port number to be used for
incremental propagation. When \fBiprop_enable\fP is true, this
-relation is required in the slave configuration file, and this
-relation or \fBiprop_listen\fP is required in the master
+relation is required in the replica KDC configuration file, and
+this relation or \fBiprop_listen\fP is required in the master
configuration file, as there is no default port number. Port
numbers specified in \fBiprop_listen\fP entries will override this
-port number for the \fIkadmind(8)\fP daemon.
+port number for the kadmind(8) daemon.
.TP
-.B \fBiprop_resync_timeout\fP
+\fBiprop_resync_timeout\fP
(Delta time string.) Specifies the amount of time to wait for a
full propagation to complete. This is optional in configuration
-files, and is used by slave KDCs only. The default value is 5
+files, and is used by replica KDCs only. The default value is 5
minutes (\fB5m\fP). New in release 1.11.
.TP
-.B \fBiprop_logfile\fP
+\fBiprop_logfile\fP
(File name.) Specifies where the update log file for the realm
database is to be stored. The default is to use the
\fBdatabase_name\fP entry from the realms section of the krb5 config
\fBdatabase_name\fP is used. Determination of the \fBiprop_logfile\fP
default value will not use values from the [dbmodules] section.)
.TP
-.B \fBkadmind_listen\fP
+\fBkadmind_listen\fP
(Whitespace\- or comma\-separated list.) Specifies the kadmin RPC
-listening addresses and/or ports for the \fIkadmind(8)\fP daemon.
+listening addresses and/or ports for the kadmind(8) daemon.
Each entry may be an interface address, a port number, or an
address and port number separated by a colon. If the address
contains colons, enclose it in square brackets. If no address is
in \fBkadmind_port\fP, or the standard kadmin port (749). New in
release 1.15.
.TP
-.B \fBkadmind_port\fP
-(Port number.) Specifies the port on which the \fIkadmind(8)\fP
+\fBkadmind_port\fP
+(Port number.) Specifies the port on which the kadmind(8)
daemon is to listen for this realm. Port numbers specified in
\fBkadmind_listen\fP entries will override this port number. The
assigned port for kadmind is 749, which is used by default.
.TP
-.B \fBkey_stash_file\fP
+\fBkey_stash_file\fP
(String.) Specifies the location where the master key has been
stored (via kdb5_util stash). The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/.k5.REALM\fP, where \fIREALM\fP is the Kerberos realm.
.TP
-.B \fBkdc_listen\fP
+\fBkdc_listen\fP
(Whitespace\- or comma\-separated list.) Specifies the UDP
-listening addresses and/or ports for the \fIkrb5kdc(8)\fP daemon.
+listening addresses and/or ports for the krb5kdc(8) daemon.
Each entry may be an interface address, a port number, or an
address and port number separated by a colon. If the address
contains colons, enclose it in square brackets. If no address is
default is to bind to the wildcard address on the standard port.
New in release 1.15.
.TP
-.B \fBkdc_ports\fP
+\fBkdc_ports\fP
(Whitespace\- or comma\-separated list, deprecated.) Prior to
release 1.15, this relation lists the ports for the
-\fIkrb5kdc(8)\fP daemon to listen on for UDP requests. In
+krb5kdc(8) daemon to listen on for UDP requests. In
release 1.15 and later, it has the same meaning as \fBkdc_listen\fP
if that relation is not defined.
.TP
-.B \fBkdc_tcp_listen\fP
+\fBkdc_tcp_listen\fP
(Whitespace\- or comma\-separated list.) Specifies the TCP
-listening addresses and/or ports for the \fIkrb5kdc(8)\fP daemon.
+listening addresses and/or ports for the krb5kdc(8) daemon.
Each entry may be an interface address, a port number, or an
address and port number separated by a colon. If the address
contains colons, enclose it in square brackets. If no address is
it will fail to start. The default is to bind to the wildcard
address on the standard port. New in release 1.15.
.TP
-.B \fBkdc_tcp_ports\fP
+\fBkdc_tcp_ports\fP
(Whitespace\- or comma\-separated list, deprecated.) Prior to
release 1.15, this relation lists the ports for the
-\fIkrb5kdc(8)\fP daemon to listen on for UDP requests. In
+krb5kdc(8) daemon to listen on for UDP requests. In
release 1.15 and later, it has the same meaning as
\fBkdc_tcp_listen\fP if that relation is not defined.
.TP
-.B \fBkpasswd_listen\fP
+\fBkpasswd_listen\fP
(Comma\-separated list.) Specifies the kpasswd listening addresses
-and/or ports for the \fIkadmind(8)\fP daemon. Each entry may be
+and/or ports for the kadmind(8) daemon. Each entry may be
an interface address, a port number, or an address and port number
separated by a colon. If the address contains colons, enclose it
in square brackets. If no address is specified, the wildcard
wildcard address at the port specified in \fBkpasswd_port\fP, or the
standard kpasswd port (464). New in release 1.15.
.TP
-.B \fBkpasswd_port\fP
-(Port number.) Specifies the port on which the \fIkadmind(8)\fP
+\fBkpasswd_port\fP
+(Port number.) Specifies the port on which the kadmind(8)
daemon is to listen for password change requests for this realm.
Port numbers specified in \fBkpasswd_listen\fP entries will override
this port number. The assigned port for password change requests
is 464, which is used by default.
.TP
-.B \fBmaster_key_name\fP
+\fBmaster_key_name\fP
(String.) Specifies the name of the principal associated with the
master key. The default is \fBK/M\fP\&.
.TP
-.B \fBmaster_key_type\fP
+\fBmaster_key_type\fP
(Key type string.) Specifies the master key\(aqs key type. The
default value for this is \fBaes256\-cts\-hmac\-sha1\-96\fP\&. For a list of all possible
values, see \fI\%Encryption types\fP\&.
.TP
-.B \fBmax_life\fP
-(\fIduration\fP string.) Specifies the maximum time period for
+\fBmax_life\fP
+(duration string.) Specifies the maximum time period for
which a ticket may be valid in this realm. The default value is
24 hours.
.TP
-.B \fBmax_renewable_life\fP
-(\fIduration\fP string.) Specifies the maximum time period
+\fBmax_renewable_life\fP
+(duration string.) Specifies the maximum time period
during which a valid ticket may be renewed in this realm.
The default value is 0.
.TP
-.B \fBno_host_referral\fP
+\fBno_host_referral\fP
(Whitespace\- or comma\-separated list.) Lists services to block
from getting host\-based referral processing, even if the client
marks the server principal as host\-based or the service is also
listed in \fBhost_based_services\fP\&. \fBno_host_referral = *\fP will
disable referral processing altogether.
.TP
-.B \fBdes_crc_session_supported\fP
+\fBdes_crc_session_supported\fP
(Boolean value). If set to true, the KDC will assume that service
principals support des\-cbc\-crc for session key enctype negotiation
-purposes. If \fBallow_weak_crypto\fP in \fIlibdefaults\fP is
+purposes. If \fBallow_weak_crypto\fP in libdefaults is
false, or if des\-cbc\-crc is not a permitted enctype, then this
variable has no effect. Defaults to true. New in release 1.11.
.TP
-.B \fBreject_bad_transit\fP
+\fBreject_bad_transit\fP
(Boolean value.) If set to true, the KDC will check the list of
transited realms for cross\-realm tickets against the transit path
computed from the realm names and the capaths section of its
-\fIkrb5.conf(5)\fP file; if the path in the ticket to be issued
+krb5.conf(5) file; if the path in the ticket to be issued
contains any realms not in the computed path, the ticket will not
be issued, and an error will be returned to the client instead.
If this value is set to false, such tickets will be issued
.sp
The default value is true.
.TP
-.B \fBrestrict_anonymous_to_tgt\fP
+\fBrestrict_anonymous_to_tgt\fP
(Boolean value.) If set to true, the KDC will reject ticket
requests from anonymous principals to service principals other
than the realm\(aqs ticket\-granting service. This option allows
without allowing anonymous authentication to services. The
default value is false. New in release 1.9.
.TP
-.B \fBsupported_enctypes\fP
+\fBspake_preauth_indicator\fP
+(String.) Specifies an authentication indicator value that the
+KDC asserts into tickets obtained using SPAKE pre\-authentication.
+The default is not to add any indicators. This option may be
+specified multiple times. New in release 1.17.
+.TP
+\fBsupported_enctypes\fP
(List of \fIkey\fP:\fIsalt\fP strings.) Specifies the default key/salt
combinations of principals for this realm. Any principals created
-through \fIkadmin(1)\fP will have keys of these types. The
+through kadmin(1) will have keys of these types. The
default value for this tag is \fBaes256\-cts\-hmac\-sha1\-96:normal aes128\-cts\-hmac\-sha1\-96:normal des3\-cbc\-sha1:normal arcfour\-hmac\-md5:normal\fP\&. For lists of
possible values, see \fI\%Keysalt lists\fP\&.
.UNINDENT
The following tags may be specified in a [dbmodules] subsection:
.INDENT 0.0
.TP
-.B \fBdatabase_name\fP
+\fBdatabase_name\fP
This DB2\-specific tag indicates the location of the database in
the filesystem. The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP\&.
.TP
-.B \fBdb_library\fP
+\fBdb_library\fP
This tag indicates the name of the loadable database module. The
-value should be \fBdb2\fP for the DB2 module and \fBkldap\fP for the
-LDAP module.
+value should be \fBdb2\fP for the DB2 module, \fBklmdb\fP for the LMDB
+module, or \fBkldap\fP for the LDAP module.
.TP
-.B \fBdisable_last_success\fP
+\fBdisable_last_success\fP
If set to \fBtrue\fP, suppresses KDC updates to the "Last successful
authentication" field of principal entries requiring
preauthentication. Setting this flag may improve performance.
update the "Last successful authentication" field.). First
introduced in release 1.9.
.TP
-.B \fBdisable_lockout\fP
+\fBdisable_lockout\fP
If set to \fBtrue\fP, suppresses KDC updates to the "Last failed
authentication" and "Failed password attempts" fields of principal
entries requiring preauthentication. Setting this flag may
improve performance, but also disables account lockout. First
introduced in release 1.9.
.TP
-.B \fBldap_conns_per_server\fP
+\fBldap_conns_per_server\fP
This LDAP\-specific tag indicates the number of connections to be
maintained per LDAP server.
.TP
-.B \fBldap_kdc_dn\fP and \fBldap_kadmind_dn\fP
+\fBldap_kdc_dn\fP and \fBldap_kadmind_dn\fP
These LDAP\-specific tags indicate the default DN for binding to
-the LDAP server. The \fIkrb5kdc(8)\fP daemon uses
-\fBldap_kdc_dn\fP, while the \fIkadmind(8)\fP daemon and other
+the LDAP server. The krb5kdc(8) daemon uses
+\fBldap_kdc_dn\fP, while the kadmind(8) daemon and other
administrative programs use \fBldap_kadmind_dn\fP\&. The kadmind DN
must have the rights to read and write the Kerberos data in the
LDAP database. The KDC DN must have the same rights, unless
These tags are ignored if a SASL mechanism is set with
\fBldap_kdc_sasl_mech\fP or \fBldap_kadmind_sasl_mech\fP\&.
.TP
-.B \fBldap_kdc_sasl_mech\fP and \fBldap_kadmind_sasl_mech\fP
+\fBldap_kdc_sasl_mech\fP and \fBldap_kadmind_sasl_mech\fP
These LDAP\-specific tags specify the SASL mechanism (such as
\fBEXTERNAL\fP) to use when binding to the LDAP server. New in
release 1.13.
.TP
-.B \fBldap_kdc_sasl_authcid\fP and \fBldap_kadmind_sasl_authcid\fP
+\fBldap_kdc_sasl_authcid\fP and \fBldap_kadmind_sasl_authcid\fP
These LDAP\-specific tags specify the SASL authentication identity
to use when binding to the LDAP server. Not all SASL mechanisms
require an authentication identity. If the SASL mechanism
\fBldap_service_password_file\fP where the secret is stashed. New
in release 1.13.
.TP
-.B \fBldap_kdc_sasl_authzid\fP and \fBldap_kadmind_sasl_authzid\fP
+\fBldap_kdc_sasl_authzid\fP and \fBldap_kadmind_sasl_authzid\fP
These LDAP\-specific tags specify the SASL authorization identity
to use when binding to the LDAP server. In most circumstances
they do not need to be specified. New in release 1.13.
.TP
-.B \fBldap_kdc_sasl_realm\fP and \fBldap_kadmind_sasl_realm\fP
+\fBldap_kdc_sasl_realm\fP and \fBldap_kadmind_sasl_realm\fP
These LDAP\-specific tags specify the SASL realm to use when
binding to the LDAP server. In most circumstances they do not
need to be set. New in release 1.13.
.TP
-.B \fBldap_kerberos_container_dn\fP
+\fBldap_kerberos_container_dn\fP
This LDAP\-specific tag indicates the DN of the container object
where the realm objects will be located.
.TP
-.B \fBldap_servers\fP
+\fBldap_servers\fP
This LDAP\-specific tag indicates the list of LDAP servers that the
Kerberos servers can connect to. The list of LDAP servers is
whitespace\-separated. The LDAP server is specified by a LDAP URI.
It is recommended to use \fBldapi:\fP or \fBldaps:\fP URLs to connect
to the LDAP server.
.TP
-.B \fBldap_service_password_file\fP
+\fBldap_service_password_file\fP
This LDAP\-specific tag indicates the file containing the stashed
passwords (created by \fBkdb5_ldap_util stashsrvpw\fP) for the
\fBldap_kdc_dn\fP and \fBldap_kadmind_dn\fP objects, or for the
\fBldap_kdc_sasl_authcid\fP or \fBldap_kadmind_sasl_authcid\fP names
for SASL authentication. This file must be kept secure.
.TP
-.B \fBunlockiter\fP
+\fBmapsize\fP
+This LMDB\-specific tag indicates the maximum size of the two
+database environments in megabytes. The default value is 128.
+Increase this value to address "Environment mapsize limit reached"
+errors. New in release 1.17.
+.TP
+\fBmax_readers\fP
+This LMDB\-specific tag indicates the maximum number of concurrent
+reading processes for the databases. The default value is 128.
+New in release 1.17.
+.TP
+\fBnosync\fP
+This LMDB\-specific tag can be set to improve the throughput of
+kadmind and other administrative agents, at the expense of
+durability (recent database changes may not survive a power outage
+or other sudden reboot). It does not affect the throughput of the
+KDC. The default value is false. New in release 1.17.
+.TP
+\fBunlockiter\fP
If set to \fBtrue\fP, this DB2\-specific tag causes iteration
operations to release the database lock while processing each
principal. Setting this flag to \fBtrue\fP can prevent extended
section to control where database modules are loaded from:
.INDENT 0.0
.TP
-.B \fBdb_module_dir\fP
+\fBdb_module_dir\fP
This tag controls where the plugin system looks for database
modules. The value should be an absolute path.
.UNINDENT
.SS [logging]
.sp
-The [logging] section indicates how \fIkrb5kdc(8)\fP and
-\fIkadmind(8)\fP perform logging. It may contain the following
+The [logging] section indicates how krb5kdc(8) and
+kadmind(8) perform logging. It may contain the following
relations:
.INDENT 0.0
.TP
-.B \fBadmin_server\fP
-Specifies how \fIkadmind(8)\fP performs logging.
+\fBadmin_server\fP
+Specifies how kadmind(8) performs logging.
.TP
-.B \fBkdc\fP
-Specifies how \fIkrb5kdc(8)\fP performs logging.
+\fBkdc\fP
+Specifies how krb5kdc(8) performs logging.
.TP
-.B \fBdefault\fP
+\fBdefault\fP
Specifies how either daemon performs logging in the absence of
relations specific to the daemon.
.TP
-.B \fBdebug\fP
+\fBdebug\fP
(Boolean value.) Specifies whether debugging messages are
included in log outputs other than SYSLOG. Debugging messages are
always included in the system log output because syslog performs
Logging specifications may have the following forms:
.INDENT 0.0
.TP
-.B \fBFILE=\fP\fIfilename\fP or \fBFILE:\fP\fIfilename\fP
+\fBFILE=\fP\fIfilename\fP or \fBFILE:\fP\fIfilename\fP
This value causes the daemon\(aqs logging messages to go to the
\fIfilename\fP\&. If the \fB=\fP form is used, the file is overwritten.
If the \fB:\fP form is used, the file is appended to.
.TP
-.B \fBSTDERR\fP
+\fBSTDERR\fP
This value causes the daemon\(aqs logging messages to go to its
standard error stream.
.TP
-.B \fBCONSOLE\fP
+\fBCONSOLE\fP
This value causes the daemon\(aqs logging messages to go to the
console, if the system supports it.
.TP
-.B \fBDEVICE=\fP\fI<devicename>\fP
+\fBDEVICE=\fP\fI<devicename>\fP
This causes the daemon\(aqs logging messages to go to the specified
device.
.TP
-.B \fBSYSLOG\fP[\fB:\fP\fIseverity\fP[\fB:\fP\fIfacility\fP]]
+\fBSYSLOG\fP[\fB:\fP\fIseverity\fP[\fB:\fP\fIfacility\fP]]
This causes the daemon\(aqs logging messages to go to the system log.
.sp
-The severity argument specifies the default severity of system log
-messages. This may be any of the following severities supported
-by the syslog(3) call, minus the \fBLOG_\fP prefix: \fBEMERG\fP,
-\fBALERT\fP, \fBCRIT\fP, \fBERR\fP, \fBWARNING\fP, \fBNOTICE\fP, \fBINFO\fP,
-and \fBDEBUG\fP\&.
+For backward compatibility, a severity argument may be specified,
+and must be specified in order to specify a facility. This
+argument will be ignored.
.sp
The facility argument specifies the facility under which the
messages are logged. This may be any of the following facilities
supported by the syslog(3) call minus the LOG_ prefix: \fBKERN\fP,
\fBUSER\fP, \fBMAIL\fP, \fBDAEMON\fP, \fBAUTH\fP, \fBLPR\fP, \fBNEWS\fP,
-\fBUUCP\fP, \fBCRON\fP, and \fBLOCAL0\fP through \fBLOCAL7\fP\&.
-.sp
-If no severity is specified, the default is \fBERR\fP\&. If no
+\fBUUCP\fP, \fBCRON\fP, and \fBLOCAL0\fP through \fBLOCAL7\fP\&. If no
facility is specified, the default is \fBAUTH\fP\&.
.UNINDENT
.sp
For each token type, the following tags may be specified:
.INDENT 0.0
.TP
-.B \fBserver\fP
+\fBserver\fP
This is the server to send the RADIUS request to. It can be a
hostname with optional port, an ip address with optional port, or
a Unix domain socket address. The default is
\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/<name>.socket\fP\&.
.TP
-.B \fBsecret\fP
+\fBsecret\fP
This tag indicates a filename (which may be relative to \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP)
containing the secret used to encrypt the RADIUS packets. The
secret should appear in the first line of the file by itself;
is optional, and an empty secret will be used if it is not
specified. Otherwise, this tag is required.
.TP
-.B \fBtimeout\fP
+\fBtimeout\fP
An integer which specifies the time in seconds during which the
KDC should attempt to contact the RADIUS server. This tag is the
total time across all retries and should be less than the time
which an OTP value remains valid for. The default is 5 seconds.
.TP
-.B \fBretries\fP
+\fBretries\fP
This tag specifies the number of retries to make to the RADIUS
server. The default is 3 retries (4 tries).
.TP
-.B \fBstrip_realm\fP
+\fBstrip_realm\fP
If this tag is \fBtrue\fP, the principal without the realm will be
passed to the RADIUS server. Otherwise, the realm will be
included. The default value is \fBtrue\fP\&.
.TP
-.B \fBindicator\fP
+\fBindicator\fP
This tag specifies an authentication indicator to be included in
the ticket if this token type is used to authenticate. This
option may be specified multiple times. (New in release 1.14.)
.UNINDENT
.sp
For information about the syntax of some of these options, see
-\fISpecifying PKINIT identity information\fP in
-\fIkrb5.conf(5)\fP\&.
+Specifying PKINIT identity information in
+krb5.conf(5)\&.
.INDENT 0.0
.TP
-.B \fBpkinit_anchors\fP
+\fBpkinit_anchors\fP
Specifies the location of trusted anchor (root) certificates which
the KDC trusts to sign client certificates. This option is
required if pkinit is to be supported by the KDC. This option may
be specified multiple times.
.TP
-.B \fBpkinit_dh_min_bits\fP
+\fBpkinit_dh_min_bits\fP
Specifies the minimum number of bits the KDC is willing to accept
for a client\(aqs Diffie\-Hellman key. The default is 2048.
.TP
-.B \fBpkinit_allow_upn\fP
+\fBpkinit_allow_upn\fP
Specifies that the KDC is willing to accept client certificates
with the Microsoft UserPrincipalName (UPN) Subject Alternative
Name (SAN). This means the KDC accepts the binding of the UPN in
the id\-pkinit\-san as defined in \fI\%RFC 4556\fP\&. There is currently
no option to disable SAN checking in the KDC.
.TP
-.B \fBpkinit_eku_checking\fP
+\fBpkinit_eku_checking\fP
This option specifies what Extended Key Usage (EKU) values the KDC
is willing to accept in client certificates. The values
recognized in the kdc.conf file are:
.INDENT 7.0
.TP
-.B \fBkpClientAuth\fP
+\fBkpClientAuth\fP
This is the default value and specifies that client
certificates must have the id\-pkinit\-KPClientAuth EKU as
defined in \fI\%RFC 4556\fP\&.
.TP
-.B \fBscLogin\fP
+\fBscLogin\fP
If scLogin is specified, client certificates with the
Microsoft Smart Card Login EKU (id\-ms\-kp\-sc\-logon) will be
accepted.
.TP
-.B \fBnone\fP
+\fBnone\fP
If none is specified, then client certificates will not be
checked to verify they have an acceptable EKU. The use of
this option is not recommended.
.UNINDENT
.TP
-.B \fBpkinit_identity\fP
+\fBpkinit_identity\fP
Specifies the location of the KDC\(aqs X.509 identity information.
This option is required if pkinit is to be supported by the KDC.
.TP
-.B \fBpkinit_indicator\fP
+\fBpkinit_indicator\fP
Specifies an authentication indicator to include in the ticket if
pkinit is used to authenticate. This option may be specified
multiple times. (New in release 1.14.)
.TP
-.B \fBpkinit_pool\fP
+\fBpkinit_pool\fP
Specifies the location of intermediate certificates which may be
used by the KDC to complete the trust chain between a client\(aqs
certificate and a trusted anchor. This option may be specified
multiple times.
.TP
-.B \fBpkinit_revoke\fP
+\fBpkinit_revoke\fP
Specifies the location of Certificate Revocation List (CRL)
information to be used by the KDC when verifying the validity of
client certificates. This option may be specified multiple times.
.TP
-.B \fBpkinit_require_crl_checking\fP
+\fBpkinit_require_crl_checking\fP
The default certificate verification process will always check the
available revocation information to see if a certificate has been
revoked. If a match is found for the certificate in a CRL,
.sp
\fBpkinit_require_crl_checking\fP should be set to true if the
policy is such that up\-to\-date CRLs must be present for every CA.
+.TP
+\fBpkinit_require_freshness\fP
+Specifies whether to require clients to include a freshness token
+in PKINIT requests. The default value is false. (New in release
+1.17.)
.UNINDENT
.SH ENCRYPTION TYPES
.sp
\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kdc.conf\fP
.SH SEE ALSO
.sp
-\fIkrb5.conf(5)\fP, \fIkrb5kdc(8)\fP, \fIkadm5.acl(5)\fP
+krb5.conf(5), krb5kdc(8), kadm5.acl(5)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KDESTROY" "1" " " "1.16" "MIT Kerberos"
+.TH "KDESTROY" "1" " " "1.17" "MIT Kerberos"
.SH NAME
kdestroy \- destroy Kerberos tickets
.
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-A\fP
+\fB\-A\fP
Destroys all caches in the collection, if a cache collection is
-available.
+available. May be used with the \fB\-c\fP option to specify the
+collection to be destroyed.
.TP
-.B \fB\-q\fP
+\fB\-q\fP
Run quietly. Normally kdestroy beeps if it fails to destroy the
user\(aqs tickets. The \fB\-q\fP flag suppresses this behavior.
.TP
-.B \fB\-c\fP \fIcache_name\fP
+\fB\-c\fP \fIcache_name\fP
Use \fIcache_name\fP as the credentials (ticket) cache name and
location; if this option is not used, the default cache name and
location are used.
The default credentials cache may vary between systems. If the
\fBKRB5CCNAME\fP environment variable is set, its value is used to
name the default ticket cache.
+.TP
+\fB\-p\fP \fIprinc_name\fP
+If a cache collection is available, destroy the cache for
+\fIprinc_name\fP instead of the primary cache. May be used with the
+\fB\-c\fP option to specify the collection to be searched.
.UNINDENT
.SH NOTE
.sp
when you log out.
.SH ENVIRONMENT
.sp
-kdestroy uses the following environment variable:
-.INDENT 0.0
-.TP
-.B \fBKRB5CCNAME\fP
-Location of the default Kerberos 5 credentials (ticket) cache, in
-the form \fItype\fP:\fIresidual\fP\&. If no \fItype\fP prefix is present, the
-\fBFILE\fP type is assumed. The type of the default cache may
-determine the availability of a cache collection; for instance, a
-default cache of type \fBDIR\fP causes caches within the directory
-to be present in the collection.
-.UNINDENT
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH FILES
.INDENT 0.0
.TP
.UNINDENT
.SH SEE ALSO
.sp
-\fIkinit(1)\fP, \fIklist(1)\fP
+kinit(1), klist(1), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KINIT" "1" " " "1.16" "MIT Kerberos"
+.TH "KINIT" "1" " " "1.17" "MIT Kerberos"
.SH NAME
kinit \- obtain and cache Kerberos ticket-granting ticket
.
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-V\fP
+\fB\-V\fP
display verbose output.
.TP
-.B \fB\-l\fP \fIlifetime\fP
-(\fIduration\fP string.) Requests a ticket with the lifetime
+\fB\-l\fP \fIlifetime\fP
+(duration string.) Requests a ticket with the lifetime
\fIlifetime\fP\&.
.sp
For example, \fBkinit \-l 5:30\fP or \fBkinit \-l 5h30m\fP\&.
longer than the maximum ticket lifetime (configured by each site)
will not override the configured maximum ticket lifetime.
.TP
-.B \fB\-s\fP \fIstart_time\fP
-(\fIduration\fP string.) Requests a postdated ticket. Postdated
+\fB\-s\fP \fIstart_time\fP
+(duration string.) Requests a postdated ticket. Postdated
tickets are issued with the \fBinvalid\fP flag set, and need to be
resubmitted to the KDC for validation before use.
.sp
\fIstart_time\fP specifies the duration of the delay before the ticket
can become valid.
.TP
-.B \fB\-r\fP \fIrenewable_life\fP
-(\fIduration\fP string.) Requests renewable tickets, with a total
+\fB\-r\fP \fIrenewable_life\fP
+(duration string.) Requests renewable tickets, with a total
lifetime of \fIrenewable_life\fP\&.
.TP
-.B \fB\-f\fP
+\fB\-f\fP
requests forwardable tickets.
.TP
-.B \fB\-F\fP
+\fB\-F\fP
requests non\-forwardable tickets.
.TP
-.B \fB\-p\fP
+\fB\-p\fP
requests proxiable tickets.
.TP
-.B \fB\-P\fP
+\fB\-P\fP
requests non\-proxiable tickets.
.TP
-.B \fB\-a\fP
+\fB\-a\fP
requests tickets restricted to the host\(aqs local address[es].
.TP
-.B \fB\-A\fP
+\fB\-A\fP
requests tickets not restricted by address.
.TP
-.B \fB\-C\fP
+\fB\-C\fP
requests canonicalization of the principal name, and allows the
KDC to reply with a different client principal from the one
requested.
.TP
-.B \fB\-E\fP
+\fB\-E\fP
treats the principal name as an enterprise name (implies the
\fB\-C\fP option).
.TP
-.B \fB\-v\fP
+\fB\-v\fP
requests that the ticket\-granting ticket in the cache (with the
\fBinvalid\fP flag set) be passed to the KDC for validation. If the
ticket is within its requested time range, the cache is replaced
with the validated ticket.
.TP
-.B \fB\-R\fP
+\fB\-R\fP
requests renewal of the ticket\-granting ticket. Note that an
expired ticket cannot be renewed, even if the ticket is still
within its renewable life.
.sp
Note that renewable tickets that have expired as reported by
-\fIklist(1)\fP may sometimes be renewed using this option,
+klist(1) may sometimes be renewed using this option,
because the KDC applies a grace period to account for client\-KDC
-clock skew. See \fIkrb5.conf(5)\fP \fBclockskew\fP setting.
+clock skew. See krb5.conf(5) \fBclockskew\fP setting.
.TP
-.B \fB\-k\fP [\fB\-i\fP | \fB\-t\fP \fIkeytab_file\fP]
+\fB\-k\fP [\fB\-i\fP | \fB\-t\fP \fIkeytab_file\fP]
requests a ticket, obtained from a key in the local host\(aqs keytab.
The location of the keytab may be specified with the \fB\-t\fP
\fIkeytab_file\fP option, or with the \fB\-i\fP option to specify the use
administrator to obtain tickets as any principal that supports
authentication based on the key.
.TP
-.B \fB\-n\fP
+\fB\-n\fP
Requests anonymous processing. Two types of anonymous principals
are supported.
.sp
For fully anonymous Kerberos, configure pkinit on the KDC and
-configure \fBpkinit_anchors\fP in the client\(aqs \fIkrb5.conf(5)\fP\&.
+configure \fBpkinit_anchors\fP in the client\(aqs krb5.conf(5)\&.
Then use the \fB\-n\fP option with a principal of the form \fB@REALM\fP
(an empty principal name followed by the at\-sign and a realm
name). If permitted by the KDC, an anonymous ticket will be
.UNINDENT
.INDENT 0.0
.TP
-.B \fB\-T\fP \fIarmor_ccache\fP
+\fB\-T\fP \fIarmor_ccache\fP
Specifies the name of a credentials cache that already contains a
ticket. If supported by the KDC, this cache will be used to armor
the request, preventing offline dictionary attacks and allowing
makes sure that the response from the KDC is not modified in
transit.
.TP
-.B \fB\-c\fP \fIcache_name\fP
+\fB\-c\fP \fIcache_name\fP
use \fIcache_name\fP as the Kerberos 5 credentials (ticket) cache
location. If this option is not used, the default cache location
is used.
primary cache. Otherwise, any existing contents of the default
cache are destroyed by kinit.
.TP
-.B \fB\-S\fP \fIservice_name\fP
+\fB\-S\fP \fIservice_name\fP
specify an alternate service name to use when getting initial
tickets.
.TP
-.B \fB\-X\fP \fIattribute\fP[=\fIvalue\fP]
+\fB\-X\fP \fIattribute\fP[=\fIvalue\fP]
specify a pre\-authentication \fIattribute\fP and \fIvalue\fP to be
interpreted by pre\-authentication modules. The acceptable
attribute and value values vary from module to module. This
pre\-authentication mechanism:
.INDENT 7.0
.TP
-.B \fBX509_user_identity\fP=\fIvalue\fP
+\fBX509_user_identity\fP=\fIvalue\fP
specify where to find user\(aqs X509 identity information
.TP
-.B \fBX509_anchors\fP=\fIvalue\fP
+\fBX509_anchors\fP=\fIvalue\fP
specify where to find trusted X509 anchor information
.TP
-.B \fBflag_RSA_PROTOCOL\fP[\fB=yes\fP]
+\fBflag_RSA_PROTOCOL\fP[\fB=yes\fP]
specify use of RSA, rather than the default Diffie\-Hellman
protocol
+.TP
+\fBdisable_freshness\fP[\fB=yes\fP]
+disable sending freshness tokens (for testing purposes only)
.UNINDENT
.UNINDENT
.SH ENVIRONMENT
.sp
-kinit uses the following environment variables:
-.INDENT 0.0
-.TP
-.B \fBKRB5CCNAME\fP
-Location of the default Kerberos 5 credentials cache, in the form
-\fItype\fP:\fIresidual\fP\&. If no \fItype\fP prefix is present, the \fBFILE\fP
-type is assumed. The type of the default cache may determine the
-availability of a cache collection; for instance, a default cache
-of type \fBDIR\fP causes caches within the directory to be present
-in the collection.
-.UNINDENT
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH FILES
.INDENT 0.0
.TP
.UNINDENT
.SH SEE ALSO
.sp
-\fIklist(1)\fP, \fIkdestroy(1)\fP, kerberos(1)
+klist(1), kdestroy(1), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KLIST" "1" " " "1.16" "MIT Kerberos"
+.TH "KLIST" "1" " " "1.17" "MIT Kerberos"
.SH NAME
klist \- list cached Kerberos tickets
.
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-e\fP
+\fB\-e\fP
Displays the encryption types of the session key and the ticket
for each credential in the credential cache, or each key in the
keytab file.
.TP
-.B \fB\-l\fP
+\fB\-l\fP
If a cache collection is available, displays a table summarizing
the caches present in the collection.
.TP
-.B \fB\-A\fP
+\fB\-A\fP
If a cache collection is available, displays the contents of all
of the caches in the collection.
.TP
-.B \fB\-c\fP
+\fB\-c\fP
List tickets held in a credentials cache. This is the default if
neither \fB\-c\fP nor \fB\-k\fP is specified.
.TP
-.B \fB\-f\fP
+\fB\-f\fP
Shows the flags present in the credentials, using the following
abbreviations:
.INDENT 7.0
.UNINDENT
.UNINDENT
.TP
-.B \fB\-s\fP
+\fB\-s\fP
Causes klist to run silently (produce no output). klist will exit
with status 1 if the credentials cache cannot be read or is
expired, and with status 0 otherwise.
.TP
-.B \fB\-a\fP
+\fB\-a\fP
Display list of addresses in credentials.
.TP
-.B \fB\-n\fP
+\fB\-n\fP
Show numeric addresses instead of reverse\-resolving addresses.
.TP
-.B \fB\-C\fP
+\fB\-C\fP
List configuration data that has been stored in the credentials
cache when klist encounters it. By default, configuration data
is not listed.
.TP
-.B \fB\-k\fP
+\fB\-k\fP
List keys held in a keytab file.
.TP
-.B \fB\-i\fP
+\fB\-i\fP
In combination with \fB\-k\fP, defaults to using the default client
keytab instead of the default acceptor keytab, if no name is
given.
.TP
-.B \fB\-t\fP
+\fB\-t\fP
Display the time entry timestamps for each keytab entry in the
keytab file.
.TP
-.B \fB\-K\fP
+\fB\-K\fP
Display the value of the encryption key in each keytab entry in
the keytab file.
.TP
-.B \fB\-V\fP
+\fB\-V\fP
Display the Kerberos version number and exit.
.UNINDENT
.sp
value is used to locate the default ticket cache.
.SH ENVIRONMENT
.sp
-klist uses the following environment variable:
-.INDENT 0.0
-.TP
-.B \fBKRB5CCNAME\fP
-Location of the default Kerberos 5 credentials (ticket) cache, in
-the form \fItype\fP:\fIresidual\fP\&. If no \fItype\fP prefix is present, the
-\fBFILE\fP type is assumed. The type of the default cache may
-determine the availability of a cache collection; for instance, a
-default cache of type \fBDIR\fP causes caches within the directory
-to be present in the collection.
-.UNINDENT
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH FILES
.INDENT 0.0
.TP
.UNINDENT
.SH SEE ALSO
.sp
-\fIkinit(1)\fP, \fIkdestroy(1)\fP
+kinit(1), kdestroy(1), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KPASSWD" "1" " " "1.16" "MIT Kerberos"
+.TH "KPASSWD" "1" " " "1.17" "MIT Kerberos"
.SH NAME
kpasswd \- change a user's Kerberos password
.
if there is one; if not, the principal is derived from the
identity of the user invoking the kpasswd command.
.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkadmin(1)\fP, \fIkadmind(8)\fP
+kadmin(1), kadmind(8), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KPROP" "8" " " "1.16" "MIT Kerberos"
+.TH "KPROP" "8" " " "1.17" "MIT Kerberos"
.SH NAME
-kprop \- propagate a Kerberos V5 principal database to a slave server
+kprop \- propagate a Kerberos V5 principal database to a replica server
.
.nr rst2man-indent-level 0
.
[\fB\-d\fP]
[\fB\-P\fP \fIport\fP]
[\fB\-s\fP \fIkeytab\fP]
-\fIslave_host\fP
+\fIreplica_host\fP
.SH DESCRIPTION
.sp
kprop is used to securely propagate a Kerberos V5 database dump file
-from the master Kerberos server to a slave Kerberos server, which is
-specified by \fIslave_host\fP\&. The dump file must be created by
-\fIkdb5_util(8)\fP\&.
+from the master Kerberos server to a replica Kerberos server, which is
+specified by \fIreplica_host\fP\&. The dump file must be created by
+kdb5_util(8)\&.
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
Specifies the realm of the master server.
.TP
-.B \fB\-f\fP \fIfile\fP
+\fB\-f\fP \fIfile\fP
Specifies the filename where the dumped principal database file is
to be found; by default the dumped database file is normally
-\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/slave_datatrans\fP\&.
+\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/replica_datatrans\fP\&.
.TP
-.B \fB\-P\fP \fIport\fP
-Specifies the port to use to contact the \fIkpropd(8)\fP server
+\fB\-P\fP \fIport\fP
+Specifies the port to use to contact the kpropd(8) server
on the remote host.
.TP
-.B \fB\-d\fP
+\fB\-d\fP
Prints debugging information.
.TP
-.B \fB\-s\fP \fIkeytab\fP
+\fB\-s\fP \fIkeytab\fP
Specifies the location of the keytab file.
.UNINDENT
.SH ENVIRONMENT
.sp
-\fIkprop\fP uses the following environment variable:
-.INDENT 0.0
-.IP \(bu 2
-\fBKRB5_CONFIG\fP
-.UNINDENT
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkpropd(8)\fP, \fIkdb5_util(8)\fP, \fIkrb5kdc(8)\fP
+kpropd(8), kdb5_util(8), krb5kdc(8),
+kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KPROPD" "8" " " "1.16" "MIT Kerberos"
+.TH "KPROPD" "8" " " "1.17" "MIT Kerberos"
.SH NAME
-kpropd \- Kerberos V5 slave KDC update server
+kpropd \- Kerberos V5 replica KDC update server
.
.nr rst2man-indent-level 0
.
[\fB\-r\fP \fIrealm\fP]
[\fB\-A\fP \fIadmin_server\fP]
[\fB\-a\fP \fIacl_file\fP]
-[\fB\-f\fP \fIslave_dumpfile\fP]
+[\fB\-f\fP \fIreplica_dumpfile\fP]
[\fB\-F\fP \fIprincipal_database\fP]
[\fB\-p\fP \fIkdb5_util_prog\fP]
[\fB\-P\fP \fIport\fP]
[\fB\-t\fP]
.SH DESCRIPTION
.sp
-The \fIkpropd\fP command runs on the slave KDC server. It listens for
-update requests made by the \fIkprop(8)\fP program. If incremental
+The \fIkpropd\fP command runs on the replica KDC server. It listens for
+update requests made by the kprop(8) program. If incremental
propagation is enabled, it periodically requests incremental updates
from the master KDC.
.sp
-When the slave receives a kprop request from the master, kpropd
+When the replica receives a kprop request from the master, kpropd
accepts the dumped KDC database and places it in a file, and then runs
-\fIkdb5_util(8)\fP to load the dumped database into the active
-database which is used by \fIkrb5kdc(8)\fP\&. This allows the master
-Kerberos server to use \fIkprop(8)\fP to propagate its database to
-the slave servers. Upon a successful download of the KDC database
-file, the slave Kerberos server will have an up\-to\-date KDC database.
+kdb5_util(8) to load the dumped database into the active
+database which is used by krb5kdc(8)\&. This allows the master
+Kerberos server to use kprop(8) to propagate its database to
+the replica servers. Upon a successful download of the KDC database
+file, the replica Kerberos server will have an up\-to\-date KDC
+database.
.sp
Where incremental propagation is not used, kpropd is commonly invoked
out of inetd(8) as a nowait service. This is done by adding a line to
compatibility but does nothing.
.sp
Incremental propagation may be enabled with the \fBiprop_enable\fP
-variable in \fIkdc.conf(5)\fP\&. If incremental propagation is
-enabled, the slave periodically polls the master KDC for updates, at
-an interval determined by the \fBiprop_slave_poll\fP variable. If the
-slave receives updates, kpropd updates its log file with any updates
-from the master. \fIkproplog(8)\fP can be used to view a summary of
-the update entry log on the slave KDC. If incremental propagation is
-enabled, the principal \fBkiprop/slavehostname@REALM\fP (where
-\fIslavehostname\fP is the name of the slave KDC host, and \fIREALM\fP is the
-name of the Kerberos realm) must be present in the slave\(aqs keytab
-file.
+variable in kdc.conf(5)\&. If incremental propagation is
+enabled, the replica periodically polls the master KDC for updates, at
+an interval determined by the \fBiprop_replica_poll\fP variable. If the
+replica receives updates, kpropd updates its log file with any updates
+from the master. kproplog(8) can be used to view a summary of
+the update entry log on the replica KDC. If incremental propagation
+is enabled, the principal \fBkiprop/replicahostname@REALM\fP (where
+\fIreplicahostname\fP is the name of the replica KDC host, and \fIREALM\fP is
+the name of the Kerberos realm) must be present in the replica\(aqs
+keytab file.
.sp
-\fIkproplog(8)\fP can be used to force full replication when iprop is
+kproplog(8) can be used to force full replication when iprop is
enabled.
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-r\fP \fIrealm\fP
+\fB\-r\fP \fIrealm\fP
Specifies the realm of the master server.
.TP
-.B \fB\-A\fP \fIadmin_server\fP
+\fB\-A\fP \fIadmin_server\fP
Specifies the server to be contacted for incremental updates; by
default, the master admin server is contacted.
.TP
-.B \fB\-f\fP \fIfile\fP
+\fB\-f\fP \fIfile\fP
Specifies the filename where the dumped principal database file is
to be stored; by default the dumped database file is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/from_master\fP\&.
.TP
-.B \fB\-p\fP
-Allows the user to specify the pathname to the \fIkdb5_util(8)\fP
+\fB\-p\fP
+Allows the user to specify the pathname to the kdb5_util(8)
program; by default the pathname used is \fB@SBINDIR@\fP\fB/kdb5_util\fP\&.
.TP
-.B \fB\-d\fP
+\fB\-d\fP
Turn on debug mode. In this mode, kpropd will not detach
itself from the current job and run in the background. Instead,
it will run in the foreground and print out debugging messages
during the database propagation.
.TP
-.B \fB\-t\fP
+\fB\-t\fP
In standalone mode without incremental propagation, exit after one
dump file is received. In incremental propagation mode, exit as
soon as the database is up to date, or if the master returns an
error.
.TP
-.B \fB\-P\fP
+\fB\-P\fP
Allow for an alternate port number for kpropd to listen on. This
is only useful in combination with the \fB\-S\fP option.
.TP
-.B \fB\-a\fP \fIacl_file\fP
+\fB\-a\fP \fIacl_file\fP
Allows the user to specify the path to the kpropd.acl file; by
default the path used is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kpropd.acl\fP\&.
.TP
-.B \fB\-\-pid\-file\fP=\fIpid_file\fP
+\fB\-\-pid\-file\fP=\fIpid_file\fP
In standalone mode, write the process ID of the daemon into
\fIpid_file\fP\&.
.UNINDENT
Access file for kpropd; the default location is
\fB/usr/local/var/krb5kdc/kpropd.acl\fP\&. Each entry is a line
containing the principal of a host from which the local machine
-will allow Kerberos database propagation via \fIkprop(8)\fP\&.
+will allow Kerberos database propagation via kprop(8)\&.
.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkprop(8)\fP, \fIkdb5_util(8)\fP, \fIkrb5kdc(8)\fP, inetd(8)
+kprop(8), kdb5_util(8), krb5kdc(8),
+kerberos(7), inetd(8)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KPROPLOG" "8" " " "1.16" "MIT Kerberos"
+.TH "KPROPLOG" "8" " " "1.17" "MIT Kerberos"
.SH NAME
kproplog \- display the contents of the Kerberos principal update log
.
The kproplog command displays the contents of the KDC database update
log to standard output. It can be used to keep track of incremental
updates to the principal database. The update log file contains the
-update log maintained by the \fIkadmind(8)\fP process on the master
-KDC server and the \fIkpropd(8)\fP process on the slave KDC servers.
-When updates occur, they are logged to this file. Subsequently any
-KDC slave configured for incremental updates will request the current
-data from the master KDC and update their log file with any updates
-returned.
+update log maintained by the kadmind(8) process on the master
+KDC server and the kpropd(8) process on the replica KDC
+servers. When updates occur, they are logged to this file.
+Subsequently any KDC replica configured for incremental updates will
+request the current data from the master KDC and update their log file
+with any updates returned.
.sp
The kproplog command requires read access to the update log file. It
will display update entries only for the KDC it runs on.
.sp
If no options are specified, kproplog displays a summary of the update
log. If invoked on the master, kproplog also displays all of the
-update entries. If invoked on a slave KDC server, kproplog displays
+update entries. If invoked on a replica KDC server, kproplog displays
only a summary of the updates, which includes the serial number of the
last update received and the associated time stamp of the last update.
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-R\fP
-Reset the update log. This forces full resynchronization. If used
-on a slave then that slave will request a full resync. If used on
-the master then all slaves will request full resyncs.
+\fB\-R\fP
+Reset the update log. This forces full resynchronization. If
+used on a replica then that replica will request a full resync.
+If used on the master then all replicas will request full resyncs.
.TP
-.B \fB\-h\fP
+\fB\-h\fP
Display a summary of the update log. This information includes
the database version number, state of the database, the number of
updates in the log, the time stamp of the first and last update,
and the version number of the first and last update entry.
.TP
-.B \fB\-e\fP \fInum\fP
+\fB\-e\fP \fInum\fP
Display the last \fInum\fP update entries in the log. This is useful
when debugging synchronization between KDC servers.
.TP
-.B \fB\-v\fP
+\fB\-v\fP
Display individual attributes per update. An example of the
output generated for one entry:
.INDENT 7.0
.UNINDENT
.SH ENVIRONMENT
.sp
-kproplog uses the following environment variables:
-.INDENT 0.0
-.IP \(bu 2
-\fBKRB5_KDC_PROFILE\fP
-.UNINDENT
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkpropd(8)\fP
+kpropd(8), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KRB5-CONFIG" "1" " " "1.16" "MIT Kerberos"
+.TH "KRB5-CONFIG" "1" " " "1.17" "MIT Kerberos"
.SH NAME
krb5-config \- tool for linking against MIT Kerberos libraries
.
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-\fP\fB\-help\fP
+\fB\-\fP\fB\-help\fP
prints a usage message. This is the default behavior when no options
are specified.
.TP
-.B \fB\-\fP\fB\-all\fP
+\fB\-\fP\fB\-all\fP
prints the version, vendor, prefix, and exec\-prefix.
.TP
-.B \fB\-\fP\fB\-version\fP
+\fB\-\fP\fB\-version\fP
prints the version number of the Kerberos installation.
.TP
-.B \fB\-\fP\fB\-vendor\fP
+\fB\-\fP\fB\-vendor\fP
prints the name of the vendor of the Kerberos installation.
.TP
-.B \fB\-\fP\fB\-prefix\fP
+\fB\-\fP\fB\-prefix\fP
prints the prefix for which the Kerberos installation was built.
.TP
-.B \fB\-\fP\fB\-exec\-prefix\fP
+\fB\-\fP\fB\-exec\-prefix\fP
prints the prefix for executables for which the Kerberos installation
was built.
.TP
-.B \fB\-\fP\fB\-defccname\fP
+\fB\-\fP\fB\-defccname\fP
prints the built\-in default credentials cache location.
.TP
-.B \fB\-\fP\fB\-defktname\fP
+\fB\-\fP\fB\-defktname\fP
prints the built\-in default keytab location.
.TP
-.B \fB\-\fP\fB\-defcktname\fP
+\fB\-\fP\fB\-defcktname\fP
prints the built\-in default client (initiator) keytab location.
.TP
-.B \fB\-\fP\fB\-cflags\fP
+\fB\-\fP\fB\-cflags\fP
prints the compilation flags used to build the Kerberos installation.
.TP
-.B \fB\-\fP\fB\-libs\fP [\fIlibrary\fP]
+\fB\-\fP\fB\-libs\fP [\fIlibrary\fP]
prints the compiler options needed to link against \fIlibrary\fP\&.
Allowed values for \fIlibrary\fP are:
.TS
.UNINDENT
.SH SEE ALSO
.sp
-kerberos(1), cc(1)
+kerberos(7), cc(1)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KRB5.CONF" "5" " " "1.16" "MIT Kerberos"
+.TH "KRB5.CONF" "5" " " "1.17" "MIT Kerberos"
.SH NAME
krb5.conf \- Kerberos configuration file
.
.SH STRUCTURE
.sp
The krb5.conf file is set up in the style of a Windows INI file.
-Sections are headed by the section name, in square brackets. Each
-section may contain zero or more relations, of the form:
+Lines beginning with \(aq#\(aq or \(aq;\(aq (possibly after initial whitespace)
+are ignored as comments. Sections are headed by the section name, in
+square brackets. Each section may contain zero or more relations, of
+the form:
.INDENT 0.0
.INDENT 3.5
.sp
1.15, files with names ending in ".conf" are also included, unless the
name begins with ".". Included profile files are syntactically
independent of their parents, so each included file must begin with a
-section header.
+section header. Starting in release 1.17, files are read in
+alphanumeric order; in previous releases, they may be read in any
+order.
.sp
The krb5.conf file can specify that configuration should be obtained
from a loadable module, rather than the file itself, using the
\fIMODULEPATH\fP may be relative to the library path of the krb5
installation, or it may be an absolute path. \fIRESIDUAL\fP is provided
to the module at initialization time. If krb5.conf uses a module
-directive, \fIkdc.conf(5)\fP should also use one if it exists.
+directive, kdc.conf(5) should also use one if it exists.
.SH SECTIONS
.sp
The krb5.conf file may contain the following sections:
.TE
.sp
Additionally, krb5.conf may include any of the relations described in
-\fIkdc.conf(5)\fP, but it is not a recommended practice.
+kdc.conf(5), but it is not a recommended practice.
.SS [libdefaults]
.sp
The libdefaults section may contain any of the following relations:
.INDENT 0.0
.TP
-.B \fBallow_weak_crypto\fP
+\fBallow_weak_crypto\fP
If this flag is set to false, then weak encryption types (as noted
-in \fIEncryption_types\fP in \fIkdc.conf(5)\fP) will be filtered
+in Encryption_types in kdc.conf(5)) will be filtered
out of the lists \fBdefault_tgs_enctypes\fP,
\fBdefault_tkt_enctypes\fP, and \fBpermitted_enctypes\fP\&. The default
value for this tag is false, which may cause authentication
strong crypto. Users in affected environments should set this tag
to true until their infrastructure adopts stronger ciphers.
.TP
-.B \fBap_req_checksum_type\fP
+\fBap_req_checksum_type\fP
An integer which specifies the type of AP\-REQ checksum to use in
authenticators. This variable should be unset so the appropriate
checksum for the encryption key in use will be used. This can be
See the \fBkdc_req_checksum_type\fP configuration option for the
possible values and their meanings.
.TP
-.B \fBcanonicalize\fP
+\fBcanonicalize\fP
If this flag is set to true, initial ticket requests to the KDC
will request canonicalization of the client principal name, and
answers with different client principals than the requested
principal will be accepted. The default value is false.
.TP
-.B \fBccache_type\fP
+\fBccache_type\fP
This parameter determines the format of credential cache types
-created by \fIkinit(1)\fP or other programs. The default value
+created by kinit(1) or other programs. The default value
is 4, which represents the most current format. Smaller values
can be used for compatibility with very old implementations of
Kerberos which interact with credential caches on the same host.
.TP
-.B \fBclockskew\fP
+\fBclockskew\fP
Sets the maximum allowable amount of clockskew in seconds that the
library will tolerate before assuming that a Kerberos message is
invalid. The default value is 300 seconds, or five minutes.
renewable tickets) if they have been expired for a shorter
duration than the \fBclockskew\fP setting.
.TP
-.B \fBdefault_ccache_name\fP
+\fBdefault_ccache_name\fP
This relation specifies the name of the default credential cache.
The default is \fB@CCNAME@\fP\&. This relation is subject to parameter
expansion (see below). New in release 1.11.
.TP
-.B \fBdefault_client_keytab_name\fP
+\fBdefault_client_keytab_name\fP
This relation specifies the name of the default keytab for
obtaining client credentials. The default is \fB@CKTNAME@\fP\&. This
relation is subject to parameter expansion (see below).
New in release 1.11.
.TP
-.B \fBdefault_keytab_name\fP
+\fBdefault_keytab_name\fP
This relation specifies the default keytab name to be used by
application servers such as sshd. The default is \fB@KTNAME@\fP\&. This
relation is subject to parameter expansion (see below).
.TP
-.B \fBdefault_realm\fP
+\fBdefault_realm\fP
Identifies the default Kerberos realm for the client. Set its
value to your Kerberos realm. If this value is not set, then a
realm must be specified with every Kerberos principal when
-invoking programs such as \fIkinit(1)\fP\&.
+invoking programs such as kinit(1)\&.
.TP
-.B \fBdefault_tgs_enctypes\fP
+\fBdefault_tgs_enctypes\fP
Identifies the supported list of session key encryption types that
the client should request when making a TGS\-REQ, in order of
preference from highest to lowest. The list may be delimited with
-commas or whitespace. See \fIEncryption_types\fP in
-\fIkdc.conf(5)\fP for a list of the accepted values for this tag.
-The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha256\-128 aes256\-cts\-hmac\-sha384\-192 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types
+commas or whitespace. See Encryption_types in
+kdc.conf(5) for a list of the accepted values for this tag.
+The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types
will be implicitly removed from this list if the value of
\fBallow_weak_crypto\fP is false.
.sp
clients from taking advantage of new stronger enctypes when the
libraries are upgraded.
.TP
-.B \fBdefault_tkt_enctypes\fP
+\fBdefault_tkt_enctypes\fP
Identifies the supported list of session key encryption types that
the client should request when making an AS\-REQ, in order of
preference from highest to lowest. The format is the same as for
default_tgs_enctypes. The default value for this tag is
-\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha256\-128 aes256\-cts\-hmac\-sha384\-192 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly
+\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly
removed from this list if the value of \fBallow_weak_crypto\fP is
false.
.sp
clients from taking advantage of new stronger enctypes when the
libraries are upgraded.
.TP
-.B \fBdns_canonicalize_hostname\fP
+\fBdns_canonicalize_hostname\fP
Indicate whether name lookups will be used to canonicalize
hostnames for use in service principal names. Setting this flag
to false can improve security by reducing reliance on DNS, but
means that short hostnames will not be canonicalized to
fully\-qualified hostnames. The default value is true.
.TP
-.B \fBdns_lookup_kdc\fP
+\fBdns_lookup_kdc\fP
Indicate whether DNS SRV records should be used to locate the KDCs
and other servers for a realm, if they are not listed in the
krb5.conf information for the realm. (Note that the admin_server
data), and anything the fake KDC sends will not be trusted without
verification using some secret that it won\(aqt know.
.TP
-.B \fBdns_uri_lookup\fP
+\fBdns_uri_lookup\fP
Indicate whether DNS URI records should be used to locate the KDCs
and other servers for a realm, if they are not listed in the
krb5.conf information for the realm. SRV records are used as a
fallback if no URI records were found. The default value is true.
New in release 1.15.
.TP
-.B \fBerr_fmt\fP
+\fBerr_fmt\fP
This relation allows for custom error message formatting. If a
value is set, error messages will be formatted by substituting a
normal error message for %M and an error code for %C in the value.
.TP
-.B \fBextra_addresses\fP
+\fBextra_addresses\fP
This allows a computer to use multiple local addresses, in order
to allow Kerberos to work in a network that uses NATs while still
using address\-restricted tickets. The addresses should be in a
comma\-separated list. This option has no effect if
\fBnoaddresses\fP is true.
.TP
-.B \fBforwardable\fP
+\fBforwardable\fP
If this flag is true, initial tickets will be forwardable by
default, if allowed by the KDC. The default value is false.
.TP
-.B \fBignore_acceptor_hostname\fP
+\fBignore_acceptor_hostname\fP
When accepting GSSAPI or krb5 security contexts for host\-based
service principals, ignore any hostname passed by the calling
application, and allow clients to authenticate to any service
compromise the security of virtual hosting environments. The
default value is false. New in release 1.10.
.TP
-.B \fBk5login_authoritative\fP
+\fBk5login_authoritative\fP
If this flag is true, principals must be listed in a local user\(aqs
-k5login file to be granted login access, if a \fI\&.k5login(5)\fP
+k5login file to be granted login access, if a \&.k5login(5)
file exists. If this flag is false, a principal may still be
granted login access through other mechanisms even if a k5login
file exists but does not list the principal. The default value is
true.
.TP
-.B \fBk5login_directory\fP
+\fBk5login_directory\fP
If set, the library will look for a local user\(aqs k5login file
within the named directory, with a filename corresponding to the
local username. If not set, the library will look for k5login
For security reasons, .k5login files must be owned by
the local user or by root.
.TP
-.B \fBkcm_mach_service\fP
+\fBkcm_mach_service\fP
On macOS only, determines the name of the bootstrap service used to
contact the KCM daemon for the KCM credential cache type. If the
value is \fB\-\fP, Mach RPC will not be used to contact the KCM
daemon. The default value is \fBorg.h5l.kcm\fP\&.
.TP
-.B \fBkcm_socket\fP
+\fBkcm_socket\fP
Determines the path to the Unix domain socket used to access the
KCM daemon for the KCM credential cache type. If the value is
\fB\-\fP, Unix domain sockets will not be used to contact the KCM
daemon. The default value is
\fB/var/run/.heim_org.h5l.kcm\-socket\fP\&.
.TP
-.B \fBkdc_default_options\fP
+\fBkdc_default_options\fP
Default KDC options (Xored for multiple values) when requesting
initial tickets. By default it is set to 0x00000010
(KDC_OPT_RENEWABLE_OK).
.TP
-.B \fBkdc_timesync\fP
+\fBkdc_timesync\fP
Accepted values for this relation are 1 or 0. If it is nonzero,
client machines will compute the difference between their time and
the time returned by the KDC in the timestamps in the tickets and
corrective factor is only used by the Kerberos library; it is not
used to change the system clock. The default value is 1.
.TP
-.B \fBkdc_req_checksum_type\fP
+\fBkdc_req_checksum_type\fP
An integer which specifies the type of checksum to use for the KDC
requests, for compatibility with very old KDC implementations.
This value is only used for DES keys; other keys use the preferred
_
.TE
.TP
-.B \fBnoaddresses\fP
+\fBnoaddresses\fP
If this flag is true, requests for initial tickets will not be
made with address restrictions set, allowing the tickets to be
used across NATs. The default value is true.
.TP
-.B \fBpermitted_enctypes\fP
+\fBpermitted_enctypes\fP
Identifies all encryption types that are permitted for use in
session key encryption. The default value for this tag is
-\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha256\-128 aes256\-cts\-hmac\-sha384\-192 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly
+\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly
removed from this list if the value of \fBallow_weak_crypto\fP is
false.
.TP
-.B \fBplugin_base_dir\fP
+\fBplugin_base_dir\fP
If set, determines the base directory where krb5 plugins are
located. The default value is the \fBkrb5/plugins\fP subdirectory
-of the krb5 library directory.
+of the krb5 library directory. This relation is subject to
+parameter expansion (see below) in release 1.17 and later.
.TP
-.B \fBpreferred_preauth_types\fP
+\fBpreferred_preauth_types\fP
This allows you to set the preferred preauthentication types which
the client will attempt before others which may be advertised by a
KDC. The default value for this setting is "17, 16, 15, 14",
which forces libkrb5 to attempt to use PKINIT if it is supported.
.TP
-.B \fBproxiable\fP
+\fBproxiable\fP
If this flag is true, initial tickets will be proxiable by
default, if allowed by the KDC. The default value is false.
.TP
-.B \fBrdns\fP
+\fBrdns\fP
If this flag is true, reverse name lookup will be used in addition
to forward name lookup to canonicalizing hostnames for use in
service principal names. If \fBdns_canonicalize_hostname\fP is set
to false, this flag has no effect. The default value is true.
.TP
-.B \fBrealm_try_domains\fP
+\fBrealm_try_domains\fP
Indicate whether a host\(aqs domain components should be used to
determine the Kerberos realm of the host. The value of this
variable is an integer: \-1 means not to search, 0 means to try the
realm, which may involve consulting DNS if \fBdns_lookup_kdc\fP is
set. The default is not to search domain components.
.TP
-.B \fBrenew_lifetime\fP
-(\fIduration\fP string.) Sets the default renewable lifetime
+\fBrenew_lifetime\fP
+(duration string.) Sets the default renewable lifetime
for initial ticket requests. The default value is 0.
.TP
-.B \fBsafe_checksum_type\fP
+\fBsafe_checksum_type\fP
An integer which specifies the type of checksum to use for the
KRB\-SAFE requests. By default it is set to 8 (RSA MD5 DES). For
compatibility with applications linked against DCE version 1.1 or
with the session key type. See the \fBkdc_req_checksum_type\fP
configuration option for the possible values and their meanings.
.TP
-.B \fBticket_lifetime\fP
-(\fIduration\fP string.) Sets the default lifetime for initial
+\fBspake_preauth_groups\fP
+A whitespace or comma\-separated list of words which specifies the
+groups allowed for SPAKE preauthentication. The possible values
+are:
+.TS
+center;
+|l|l|.
+_
+T{
+edwards25519
+T} T{
+Edwards25519 curve (\fI\%RFC 7748\fP)
+T}
+_
+T{
+P\-256
+T} T{
+NIST P\-256 curve (\fI\%RFC 5480\fP)
+T}
+_
+T{
+P\-384
+T} T{
+NIST P\-384 curve (\fI\%RFC 5480\fP)
+T}
+_
+T{
+P\-521
+T} T{
+NIST P\-521 curve (\fI\%RFC 5480\fP)
+T}
+_
+.TE
+.sp
+The default value for the client is \fBedwards25519\fP\&. The default
+value for the KDC is empty. New in release 1.17.
+.TP
+\fBticket_lifetime\fP
+(duration string.) Sets the default lifetime for initial
ticket requests. The default value is 1 day.
.TP
-.B \fBudp_preference_limit\fP
+\fBudp_preference_limit\fP
When sending a message to the KDC, the library will try using TCP
before UDP if the size of the message is above
\fBudp_preference_limit\fP\&. If the message is smaller than
Regardless of the size, both protocols will be tried if the first
attempt fails.
.TP
-.B \fBverify_ap_req_nofail\fP
+\fBverify_ap_req_nofail\fP
If this flag is true, then an attempt to verify initial
credentials will fail if the client machine does not have a
keytab. The default value is false.
following tags may be specified in the realm\(aqs subsection:
.INDENT 0.0
.TP
-.B \fBadmin_server\fP
+\fBadmin_server\fP
Identifies the host where the administration server is running.
Typically, this is the master Kerberos server. This tag must be
-given a value in order to communicate with the \fIkadmind(8)\fP
+given a value in order to communicate with the kadmind(8)
server for the realm.
.TP
-.B \fBauth_to_local\fP
+\fBauth_to_local\fP
This tag allows you to set a general rule for mapping principal
names to local user names. It will be used if there is not an
explicit mapping for the principal name that is being
translated. The possible values are:
.INDENT 7.0
.TP
-.B \fBRULE:\fP\fIexp\fP
+\fBRULE:\fP\fIexp\fP
The local name will be formulated from \fIexp\fP\&.
.sp
The format for \fIexp\fP is \fB[\fP\fIn\fP\fB:\fP\fIstring\fP\fB](\fP\fIregexp\fP\fB)s/\fP\fIpattern\fP\fB/\fP\fIreplacement\fP\fB/g\fP\&.
global over the \fIstring\fP, instead of replacing only the first
match in the \fIstring\fP\&.
.TP
-.B \fBDEFAULT\fP
+\fBDEFAULT\fP
The principal name will be used as the local user name. If
the principal has more than one component or is not in the
default realm, this rule is not applicable and the conversion
these two rules are any principals \fBjohndoe/*\fP, which will
always get the local name \fBguest\fP\&.
.TP
-.B \fBauth_to_local_names\fP
+\fBauth_to_local_names\fP
This subsection allows you to set explicit mappings from principal
names to local user names. The tag is the mapping name, and the
value is the corresponding local user name.
.TP
-.B \fBdefault_domain\fP
+\fBdefault_domain\fP
This tag specifies the domain used to expand hostnames when
translating Kerberos 4 service principals to Kerberos 5 principals
(for example, when converting \fBrcmd.hostname\fP to
\fBhost/hostname.domain\fP).
.TP
-.B \fBhttp_anchors\fP
+\fBdisable_encrypted_timestamp\fP
+If this flag is true, the client will not perform encrypted
+timestamp preauthentication if requested by the KDC. Setting this
+flag can help to prevent dictionary attacks by active attackers,
+if the realm\(aqs KDCs support SPAKE preauthentication or if initial
+authentication always uses another mechanism or always uses FAST.
+This flag persists across client referrals during initial
+authentication. This flag does not prevent the KDC from offering
+encrypted timestamp. New in release 1.17.
+.TP
+\fBhttp_anchors\fP
When KDCs and kpasswd servers are accessed through HTTPS proxies, this tag
can be used to specify the location of the CA certificate which should be
trusted to issue the certificate for a proxy server. If left unspecified,
\fBENV:X509_PROXY_CA\fP, where environment variable \fBX509_PROXY_CA\fP has
been set to \fBFILE:/tmp/my_proxy.pem\fP\&.
.TP
-.B \fBkdc\fP
+\fBkdc\fP
The name or address of a host running a KDC for that realm. An
optional port number, separated from the hostname by a colon, may
be included. If the name or address contains colons (for example,
be given a value in each realm subsection in the configuration
file, or there must be DNS SRV records specifying the KDCs.
.TP
-.B \fBkpasswd_server\fP
+\fBkpasswd_server\fP
Points to the server where all the password changes are performed.
-If there is no such entry, the port 464 on the \fBadmin_server\fP
+If there is no such entry, DNS will be queried (unless forbidden
+by \fBdns_lookup_kdc\fP). Finally, port 464 on the \fBadmin_server\fP
host will be tried.
.TP
-.B \fBmaster_kdc\fP
+\fBmaster_kdc\fP
Identifies the master KDC(s). Currently, this tag is used in only
one case: If an attempt to get credentials fails because of an
invalid password, the client software will attempt to contact the
master KDC, in case the user\(aqs password has just been changed, and
-the updated database has not been propagated to the slave servers
-yet.
+the updated database has not been propagated to the replica
+servers yet.
.TP
-.B \fBv4_instance_convert\fP
+\fBv4_instance_convert\fP
This subsection allows the administrator to configure exceptions
to the \fBdefault_domain\fP mapping rule. It contains V4 instances
(the tag name) which should be translated to some specific
hostname (the tag value) as the second component in a Kerberos V5
principal name.
.TP
-.B \fBv4_realm\fP
+\fBv4_realm\fP
This relation is used by the krb524 library routines when
converting a V5 principal name to a V4 principal name. It is used
when the V4 realm name and the V5 realm name are not the same, but
All subsections support the same tags:
.INDENT 0.0
.TP
-.B \fBdisable\fP
+\fBdisable\fP
This tag may have multiple values. If there are values for this
tag, then the named modules will be disabled for the pluggable
interface.
.TP
-.B \fBenable_only\fP
+\fBenable_only\fP
This tag may have multiple values. If there are values for this
tag, then only the named modules will be enabled for the pluggable
interface.
.TP
-.B \fBmodule\fP
+\fBmodule\fP
This tag may have multiple values. Each value is a string of the
form \fBmodulename:pathname\fP, which causes the shared object
located at \fIpathname\fP to be registered as a dynamic module named
disabled with the disable tag):
.INDENT 0.0
.TP
-.B \fBk5identity\fP
+\fBk5identity\fP
Uses a .k5identity file in the user\(aqs home directory to select a
client principal
.TP
-.B \fBrealm\fP
+\fBrealm\fP
Uses the service realm to guess an appropriate cache from the
collection
.TP
-.B \fBhostname\fP
+\fBhostname\fP
If the service principal is host\-based, uses the service hostname
to guess an appropriate cache from the collection
.UNINDENT
changed. The following built\-in modules exist for this interface:
.INDENT 0.0
.TP
-.B \fBdict\fP
+\fBdict\fP
Checks against the realm dictionary file
.TP
-.B \fBempty\fP
+\fBempty\fP
Rejects empty passwords
.TP
-.B \fBhesiod\fP
+\fBhesiod\fP
Checks against user information stored in Hesiod (only if Kerberos
was built with Hesiod support)
.TP
-.B \fBprinc\fP
+\fBprinc\fP
Checks against components of the principal name
.UNINDENT
.SS kadm5_hook interface
following built\-in modules exist for this interface:
.INDENT 0.0
.TP
-.B \fBacl\fP
-This module reads the \fIkadm5.acl(5)\fP file, and authorizes
+\fBacl\fP
+This module reads the kadm5.acl(5) file, and authorizes
operations which are allowed according to the rules in the file.
.TP
-.B \fBself\fP
+\fBself\fP
This module authorizes self\-service operations including password
changes, creation of new random keys, fetching the client\(aqs
principal record or string attributes, and fetching the policy
built\-in modules exist for these interfaces:
.INDENT 0.0
.TP
-.B \fBpkinit\fP
+\fBpkinit\fP
This module implements the PKINIT preauthentication mechanism.
.TP
-.B \fBencrypted_challenge\fP
+\fBencrypted_challenge\fP
This module implements the encrypted challenge FAST factor.
.TP
-.B \fBencrypted_timestamp\fP
+\fBencrypted_timestamp\fP
This module implements the encrypted timestamp mechanism.
.UNINDENT
.SS hostrealm interface
built\-in modules exist for this interface:
.INDENT 0.0
.TP
-.B \fBprofile\fP
+\fBprofile\fP
This module consults the [domain_realm] section of the profile for
authoritative host\-to\-realm mappings, and the \fBdefault_realm\fP
variable for the default realm.
.TP
-.B \fBdns\fP
+\fBdns\fP
This module looks for DNS records for fallback host\-to\-realm
mappings and the default realm. It only operates if the
\fBdns_lookup_realm\fP variable is set to true.
.TP
-.B \fBdomain\fP
+\fBdomain\fP
This module applies heuristics for fallback host\-to\-realm
mappings. It implements the \fBrealm_try_domains\fP variable, and
uses the uppercased parent domain of the hostname if that does not
built\-in modules exist for this interface:
.INDENT 0.0
.TP
-.B \fBdefault\fP
+\fBdefault\fP
This module implements the \fBDEFAULT\fP type for \fBauth_to_local\fP
values.
.TP
-.B \fBrule\fP
+\fBrule\fP
This module implements the \fBRULE\fP type for \fBauth_to_local\fP
values.
.TP
-.B \fBnames\fP
+\fBnames\fP
This module looks for an \fBauth_to_local_names\fP mapping for the
principal name.
.TP
-.B \fBauth_to_local\fP
+\fBauth_to_local\fP
This module processes \fBauth_to_local\fP values in the default
realm\(aqs section, and applies the default method if no
\fBauth_to_local\fP values exist.
.TP
-.B \fBk5login\fP
+\fBk5login\fP
This module authorizes a principal to a local account according to
-the account\(aqs \fI\&.k5login(5)\fP file.
+the account\(aqs \&.k5login(5) file.
.TP
-.B \fBan2ln\fP
+\fBan2ln\fP
This module authorizes a principal to a local account if the
principal name maps to the local account name.
.UNINDENT
following built\-in modules exist for this interface:
.INDENT 0.0
.TP
-.B \fBpkinit_san\fP
+\fBpkinit_san\fP
This module authorizes the certificate if it contains a PKINIT
Subject Alternative Name for the requested client principal, or a
Microsoft UPN SAN matching the principal if \fBpkinit_allow_upn\fP
is set to true for the realm.
.TP
-.B \fBpkinit_eku\fP
+\fBpkinit_eku\fP
This module rejects the certificate if it does not contain an
Extended Key Usage attribute consistent with the
\fBpkinit_eku_checking\fP value for the realm.
.TP
-.B \fBdbmatch\fP
+\fBdbmatch\fP
This module authorizes or rejects the certificate according to
whether it matches the \fBpkinit_cert_match\fP string attribute on
the client principal, if that attribute is present.
information for PKINIT is as follows:
.INDENT 0.0
.TP
-.B \fBFILE:\fP\fIfilename\fP[\fB,\fP\fIkeyfilename\fP]
+\fBFILE:\fP\fIfilename\fP[\fB,\fP\fIkeyfilename\fP]
This option has context\-specific behavior.
.sp
In \fBpkinit_identity\fP or \fBpkinit_identities\fP, \fIfilename\fP
In \fBpkinit_anchors\fP or \fBpkinit_pool\fP, \fIfilename\fP is assumed to
be the name of an OpenSSL\-style ca\-bundle file.
.TP
-.B \fBDIR:\fP\fIdirname\fP
+\fBDIR:\fP\fIdirname\fP
This option has context\-specific behavior.
.sp
In \fBpkinit_identity\fP or \fBpkinit_identities\fP, \fIdirname\fP
but all files in the directory will be examined and if they
contain a revocation list (in PEM format), they will be used.
.TP
-.B \fBPKCS12:\fP\fIfilename\fP
+\fBPKCS12:\fP\fIfilename\fP
\fIfilename\fP is the name of a PKCS #12 format file, containing the
user\(aqs certificate and private key.
.TP
-.B \fBPKCS11:\fP[\fBmodule_name=\fP]\fImodname\fP[\fB:slotid=\fP\fIslot\-id\fP][\fB:token=\fP\fItoken\-label\fP][\fB:certid=\fP\fIcert\-id\fP][\fB:certlabel=\fP\fIcert\-label\fP]
+\fBPKCS11:\fP[\fBmodule_name=\fP]\fImodname\fP[\fB:slotid=\fP\fIslot\-id\fP][\fB:token=\fP\fItoken\-label\fP][\fB:certid=\fP\fIcert\-id\fP][\fB:certlabel=\fP\fIcert\-label\fP]
All keyword/values are optional. \fImodname\fP specifies the location
of a library implementing PKCS #11. If a value is encountered
with no keyword, it is assumed to be the \fImodname\fP\&. If no
See the \fBpkinit_cert_match\fP configuration option for more ways
to select a particular certificate to use for PKINIT.
.TP
-.B \fBENV:\fP\fIenvvar\fP
+\fBENV:\fP\fIenvvar\fP
\fIenvvar\fP specifies the name of an environment variable which has
been set to a value conforming to one of the previous values. For
example, \fBENV:X509_PROXY\fP, where environment variable
.SS PKINIT krb5.conf options
.INDENT 0.0
.TP
-.B \fBpkinit_anchors\fP
+\fBpkinit_anchors\fP
Specifies the location of trusted anchor (root) certificates which
the client trusts to sign KDC certificates. This option may be
specified multiple times. These values from the config file are
not used if the user specifies X509_anchors on the command line.
.TP
-.B \fBpkinit_cert_match\fP
+\fBpkinit_cert_match\fP
Specifies matching rules that the client certificate must match
before it is used to attempt PKINIT authentication. If a user has
multiple certificates available (on a smart card, or via other
.UNINDENT
.UNINDENT
.TP
-.B \fBpkinit_eku_checking\fP
+\fBpkinit_eku_checking\fP
This option specifies what Extended Key Usage value the KDC
certificate presented to the client must contain. (Note that if
the KDC certificate has the pkinit SubjectAlternativeName encoded
recognized in the krb5.conf file are:
.INDENT 7.0
.TP
-.B \fBkpKDC\fP
+\fBkpKDC\fP
This is the default value and specifies that the KDC must have
the id\-pkinit\-KPKdc EKU as defined in \fI\%RFC 4556\fP\&.
.TP
-.B \fBkpServerAuth\fP
+\fBkpServerAuth\fP
If \fBkpServerAuth\fP is specified, a KDC certificate with the
id\-kp\-serverAuth EKU will be accepted. This key usage value
is used in most commercially issued server certificates.
.TP
-.B \fBnone\fP
+\fBnone\fP
If \fBnone\fP is specified, then the KDC certificate will not be
checked to verify it has an acceptable EKU. The use of this
option is not recommended.
.UNINDENT
.TP
-.B \fBpkinit_dh_min_bits\fP
+\fBpkinit_dh_min_bits\fP
Specifies the size of the Diffie\-Hellman key the client will
attempt to use. The acceptable values are 1024, 2048, and 4096.
The default is 2048.
.TP
-.B \fBpkinit_identities\fP
+\fBpkinit_identities\fP
Specifies the location(s) to be used to find the user\(aqs X.509
-identity information. This option may be specified multiple
-times. Each value is attempted in order until identity
-information is found and authentication is attempted. Note that
-these values are not used if the user specifies
-\fBX509_user_identity\fP on the command line.
+identity information. If this option is specified multiple times,
+the first valid value is used; this can be used to specify an
+environment variable (with \fBENV:\fP\fIenvvar\fP) followed by a
+default value. Note that these values are not used if the user
+specifies \fBX509_user_identity\fP on the command line.
.TP
-.B \fBpkinit_kdc_hostname\fP
+\fBpkinit_kdc_hostname\fP
The presense of this option indicates that the client is willing
to accept a KDC certificate with a dNSName SAN (Subject
Alternative Name) rather than requiring the id\-pkinit\-san as
times. Its value should contain the acceptable hostname for the
KDC (as contained in its certificate).
.TP
-.B \fBpkinit_pool\fP
+\fBpkinit_pool\fP
Specifies the location of intermediate certificates which may be
used by the client to complete the trust chain between a KDC
certificate and a trusted anchor. This option may be specified
multiple times.
.TP
-.B \fBpkinit_require_crl_checking\fP
+\fBpkinit_require_crl_checking\fP
The default certificate verification process will always check the
available revocation information to see if a certificate has been
revoked. If a match is found for the certificate in a CRL,
\fBpkinit_require_crl_checking\fP should be set to true if the
policy is such that up\-to\-date CRLs must be present for every CA.
.TP
-.B \fBpkinit_revoke\fP
+\fBpkinit_revoke\fP
Specifies the location of Certificate Revocation List (CRL)
information to be used by the client when verifying the validity
of the KDC certificate presented. This option may be specified
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KRB5KDC" "8" " " "1.16" "MIT Kerberos"
+.TH "KRB5KDC" "8" " " "1.17" "MIT Kerberos"
.SH NAME
krb5kdc \- Kerberos V5 KDC
.
the KDC is still running and to allow init scripts to stop the correct
process.
.sp
-The \fB\-p\fP \fIportnum\fP option specifies the default UDP port numbers
-which the KDC should listen on for Kerberos version 5 requests, as a
-comma\-separated list. This value overrides the UDP port numbers
-specified in the \fIkdcdefaults\fP section of \fIkdc.conf(5)\fP, but
-may be overridden by realm\-specific values. If no value is given from
-any source, the default port is 88.
+The \fB\-p\fP \fIportnum\fP option specifies the default UDP and TCP port
+numbers which the KDC should listen on for Kerberos version 5
+requests, as a comma\-separated list. This value overrides the port
+numbers specified in the kdcdefaults section of
+kdc.conf(5), but may be overridden by realm\-specific values.
+If no value is given from any source, the default port is 88.
.sp
The \fB\-w\fP \fInumworkers\fP option tells the KDC to fork \fInumworkers\fP
processes to listen to the KDC ports and process requests in parallel.
terminate the worker subprocess if the it is itself terminated or if
any other worker process exits.
.sp
-\fBNOTE:\fP
-.INDENT 0.0
-.INDENT 3.5
-On operating systems which do not have \fIpktinfo\fP support,
-using worker processes will prevent the KDC from listening
-for UDP packets on network interfaces created after the KDC
-starts.
-.UNINDENT
-.UNINDENT
-.sp
The \fB\-x\fP \fIdb_args\fP option specifies database\-specific arguments.
-See \fIDatabase Options\fP in \fIkadmin(1)\fP for
+See Database Options in kadmin(1) for
supported arguments.
.sp
The \fB\-T\fP \fIoffset\fP option specifies a time offset, in seconds, which
.sp
specifies that the KDC listen on port 2001 for REALM1 and on port 2002
for REALM2 and REALM3. Additionally, per\-realm parameters may be
-specified in the \fIkdc.conf(5)\fP file. The location of this file
+specified in the kdc.conf(5) file. The location of this file
may be specified by the \fBKRB5_KDC_PROFILE\fP environment variable.
Per\-realm parameters specified in this file take precedence over
-options specified on the command line. See the \fIkdc.conf(5)\fP
+options specified on the command line. See the kdc.conf(5)
description for further details.
.SH ENVIRONMENT
.sp
-krb5kdc uses the following environment variables:
-.INDENT 0.0
-.IP \(bu 2
-\fBKRB5_CONFIG\fP
-.IP \(bu 2
-\fBKRB5_KDC_PROFILE\fP
-.UNINDENT
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkdb5_util(8)\fP, \fIkdc.conf(5)\fP, \fIkrb5.conf(5)\fP,
-\fIkdb5_ldap_util(8)\fP
+kdb5_util(8), kdc.conf(5), krb5.conf(5),
+kdb5_ldap_util(8), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KSU" "1" " " "1.16" "MIT Kerberos"
+.TH "KSU" "1" " " "1.17" "MIT Kerberos"
.SH NAME
ksu \- Kerberized super-user
.
Upon successful authentication, ksu checks whether the target
principal is authorized to access the target account. In the target
user\(aqs home directory, ksu attempts to access two authorization files:
-\fI\&.k5login(5)\fP and .k5users. In the .k5login file each line
+\&.k5login(5) and .k5users. In the .k5login file each line
contains the name of a principal that is authorized to access the
account.
.sp
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-n\fP \fItarget_principal_name\fP
+\fB\-n\fP \fItarget_principal_name\fP
Specify a Kerberos target principal name. Used in authentication
and authorization phases of ksu.
.sp
.UNINDENT
.INDENT 0.0
.TP
-.B \fB\-k\fP
+\fB\-k\fP
Do not delete the target cache upon termination of the target
shell or a command (\fB\-e\fP command). Without \fB\-k\fP, ksu deletes
the target cache.
.TP
-.B \fB\-z\fP
+\fB\-z\fP
Restrict the copy of tickets from the source cache to the target
cache to only the tickets where client == the target principal
name. Use the \fB\-n\fP option if you want the tickets for other then
the default principal. Note that the \fB\-z\fP option is mutually
exclusive with the \fB\-Z\fP option.
.TP
-.B \fB\-Z\fP
+\fB\-Z\fP
Don\(aqt copy any tickets from the source cache to the target cache.
Just create a fresh target cache, where the default principal name
of the cache is initialized to the target principal name. Note
that the \fB\-Z\fP option is mutually exclusive with the \fB\-z\fP
option.
.TP
-.B \fB\-q\fP
+\fB\-q\fP
Suppress the printing of status messages.
.UNINDENT
.sp
Ticket granting ticket options:
.INDENT 0.0
.TP
-.B \fB\-l\fP \fIlifetime\fP \fB\-r\fP \fItime\fP \fB\-pf\fP
+\fB\-l\fP \fIlifetime\fP \fB\-r\fP \fItime\fP \fB\-pf\fP
The ticket granting ticket options only apply to the case where
there are no appropriate tickets in the cache to authenticate the
source user. In this case if ksu is configured to prompt users
ticket granting ticket options that are specified will be used
when getting a ticket granting ticket from the Kerberos server.
.TP
-.B \fB\-l\fP \fIlifetime\fP
-(\fIduration\fP string.) Specifies the lifetime to be requested
+\fB\-l\fP \fIlifetime\fP
+(duration string.) Specifies the lifetime to be requested
for the ticket; if this option is not specified, the default ticket
lifetime (12 hours) is used instead.
.TP
-.B \fB\-r\fP \fItime\fP
-(\fIduration\fP string.) Specifies that the \fBrenewable\fP option
+\fB\-r\fP \fItime\fP
+(duration string.) Specifies that the \fBrenewable\fP option
should be requested for the ticket, and specifies the desired
total lifetime of the ticket.
.TP
-.B \fB\-p\fP
+\fB\-p\fP
specifies that the \fBproxiable\fP option should be requested for
the ticket.
.TP
-.B \fB\-f\fP
+\fB\-f\fP
option specifies that the \fBforwardable\fP option should be
requested for the ticket.
.TP
-.B \fB\-e\fP \fIcommand\fP [\fIargs\fP ...]
+\fB\-e\fP \fIcommand\fP [\fIargs\fP ...]
ksu proceeds exactly the same as if it was invoked without the
\fB\-e\fP option, except instead of executing the target shell, ksu
executes the specified command. Example of usage:
the target program. Otherwise, the user must specify either a
full path or just the program name.
.TP
-.B \fB\-a\fP \fIargs\fP
+\fB\-a\fP \fIargs\fP
Specify arguments to be passed to the target shell. Note that all
flags and parameters following \-a will be passed to the shell,
thus all options intended for ksu must precede \fB\-a\fP\&.
ksu can be compiled with the following four flags:
.INDENT 0.0
.TP
-.B \fBGET_TGT_VIA_PASSWD\fP
+\fBGET_TGT_VIA_PASSWD\fP
In case no appropriate tickets are found in the source cache, the
user will be prompted for a Kerberos password. The password is
then used to get a ticket granting ticket from the Kerberos
source user is logged in remotely and does not have a secure
channel, the password may get exposed.
.TP
-.B \fBPRINC_LOOK_AHEAD\fP
+\fBPRINC_LOOK_AHEAD\fP
During the resolution of the default principal name,
\fBPRINC_LOOK_AHEAD\fP enables ksu to find principal names in
the .k5users file as described in the OPTIONS section
(see \fB\-n\fP option).
.TP
-.B \fBCMD_PATH\fP
+\fBCMD_PATH\fP
Specifies a list of directories containing programs that users are
authorized to execute (via .k5users file).
.TP
-.B \fBHAVE_GETUSERSHELL\fP
+\fBHAVE_GETUSERSHELL\fP
If the source user is non\-root, ksu insists that the target user\(aqs
shell to be invoked is a "legal shell". \fIgetusershell(3)\fP is
called to obtain the names of "legal shells". Note that the
.SH AUTHOR OF KSU
.sp
GENNADY (ARI) MEDVINSKY
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kerberos(7), kinit(1)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KSWITCH" "1" " " "1.16" "MIT Kerberos"
+.TH "KSWITCH" "1" " " "1.17" "MIT Kerberos"
.SH NAME
kswitch \- switch primary ticket cache
.
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-c\fP \fIcachename\fP
+\fB\-c\fP \fIcachename\fP
Directly specifies the credential cache to be made primary.
.TP
-.B \fB\-p\fP \fIprincipal\fP
+\fB\-p\fP \fIprincipal\fP
Causes the cache collection to be searched for a cache containing
credentials for \fIprincipal\fP\&. If one is found, that collection is
made primary.
.UNINDENT
.SH ENVIRONMENT
.sp
-kswitch uses the following environment variables:
-.INDENT 0.0
-.TP
-.B \fBKRB5CCNAME\fP
-Location of the default Kerberos 5 credentials (ticket) cache, in
-the form \fItype\fP:\fIresidual\fP\&. If no \fItype\fP prefix is present, the
-\fBFILE\fP type is assumed. The type of the default cache may
-determine the availability of a cache collection; for instance, a
-default cache of type \fBDIR\fP causes caches within the directory
-to be present in the collection.
-.UNINDENT
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH FILES
.INDENT 0.0
.TP
.UNINDENT
.SH SEE ALSO
.sp
-\fIkinit(1)\fP, \fIkdestroy(1)\fP, \fIklist(1)\fP), kerberos(1)
+kinit(1), kdestroy(1), klist(1),
+kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KTUTIL" "1" " " "1.16" "MIT Kerberos"
+.TH "KTUTIL" "1" " " "1.17" "MIT Kerberos"
.SH NAME
ktutil \- Kerberos keytab file maintenance utility
.
.INDENT 0.0
.INDENT 3.5
\fBadd_entry\fP {\fB\-key\fP|\fB\-password\fP} \fB\-p\fP \fIprincipal\fP
-\fB\-k\fP \fIkvno\fP \fB\-e\fP \fIenctype\fP [\fB\-s\fP \fIsalt\fP]
+\fB\-k\fP \fIkvno\fP [\fB\-e\fP \fIenctype\fP] [\fB\-f\fP|\fB\-s\fP \fIsalt\fP]
.UNINDENT
.UNINDENT
.sp
-Add \fIprincipal\fP to keylist using key or password.
+Add \fIprincipal\fP to keylist using key or password. If the \fB\-f\fP flag
+is specified, salt information will be fetched from the KDC; in this
+case the \fB\-e\fP flag may be omitted, or it may be supplied to force a
+particular enctype. If the \fB\-f\fP flag is not specified, the \fB\-e\fP
+flag must be specified, and the default salt will be used unless
+overridden with the \fB\-s\fP option.
.sp
Alias: \fBaddent\fP
.SS list_requests
.UNINDENT
.UNINDENT
.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkadmin(1)\fP, \fIkdb5_util(8)\fP
+kadmin(1), kdb5_util(8), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "KVNO" "1" " " "1.16" "MIT Kerberos"
+.TH "KVNO" "1" " " "1.17" "MIT Kerberos"
.SH NAME
kvno \- print key version numbers of Kerberos principals
.
[\fB\-P\fP]
[\fB\-S\fP \fIsname\fP]
[\fB\-U\fP \fIfor_user\fP]
+[\fB\-\-u2u\fP \fIccache\fP]
\fIservice1 service2\fP ...
.SH DESCRIPTION
.sp
.SH OPTIONS
.INDENT 0.0
.TP
-.B \fB\-c\fP \fIccache\fP
+\fB\-c\fP \fIccache\fP
Specifies the name of a credentials cache to use (if not the
default)
.TP
-.B \fB\-e\fP \fIetype\fP
+\fB\-e\fP \fIetype\fP
Specifies the enctype which will be requested for the session key
of all the services named on the command line. This is useful in
certain backward compatibility situations.
.TP
-.B \fB\-q\fP
+\fB\-q\fP
Suppress printing output when successful. If a service ticket
cannot be obtained, an error message will still be printed and
kvno will exit with nonzero status.
.TP
-.B \fB\-h\fP
+\fB\-h\fP
Prints a usage statement and exits.
.TP
-.B \fB\-P\fP
+\fB\-P\fP
Specifies that the \fIservice1 service2\fP ... arguments are to be
treated as services for which credentials should be acquired using
constrained delegation. This option is only valid when used in
conjunction with protocol transition.
.TP
-.B \fB\-S\fP \fIsname\fP
+\fB\-S\fP \fIsname\fP
Specifies that the \fIservice1 service2\fP ... arguments are
interpreted as hostnames, and the service principals are to be
constructed from those hostnames and the service name \fIsname\fP\&.
The service hostnames will be canonicalized according to the usual
rules for constructing service principals.
.TP
-.B \fB\-U\fP \fIfor_user\fP
+\fB\-U\fP \fIfor_user\fP
Specifies that protocol transition (S4U2Self) is to be used to
acquire a ticket on behalf of \fIfor_user\fP\&. If constrained
delegation is not requested, the service name must match the
credentials cache client principal.
+.TP
+\fB\-\-u2u\fP \fIccache\fP
+Requests a user\-to\-user ticket. \fIccache\fP must contain a local
+krbtgt ticket for the server principal. The reported version
+number will typically be 0, as the resulting ticket is not
+encrypted in the server\(aqs long\-term key.
.UNINDENT
.SH ENVIRONMENT
.sp
-kvno uses the following environment variable:
-.INDENT 0.0
-.TP
-.B \fBKRB5CCNAME\fP
-Location of the credentials (ticket) cache.
-.UNINDENT
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH FILES
.INDENT 0.0
.TP
.UNINDENT
.SH SEE ALSO
.sp
-\fIkinit(1)\fP, \fIkdestroy(1)\fP
+kinit(1), kdestroy(1), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "SCLIENT" "1" " " "1.16" "MIT Kerberos"
+.TH "SCLIENT" "1" " " "1.17" "MIT Kerberos"
.SH NAME
sclient \- sample Kerberos version 5 client
.
.SH DESCRIPTION
.sp
sclient is a sample application, primarily useful for testing
-purposes. It contacts a sample server \fIsserver(8)\fP and
+purposes. It contacts a sample server sserver(8) and
authenticates to it using Kerberos version 5 tickets, then displays
the server\(aqs response.
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIkinit(1)\fP, \fIsserver(8)\fP
+kinit(1), sserver(8), kerberos(7)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
-.TH "SSERVER" "8" " " "1.16" "MIT Kerberos"
+.TH "SSERVER" "8" " " "1.17" "MIT Kerberos"
.SH NAME
sserver \- sample Kerberos version 5 server
.
[ \fIserver_port\fP ]
.SH DESCRIPTION
.sp
-sserver and \fIsclient(1)\fP are a simple demonstration client/server
+sserver and sclient(1) are a simple demonstration client/server
application. When sclient connects to sserver, it performs a Kerberos
authentication, and then sserver returns to sclient the Kerberos
principal which was used for the Kerberos authentication. It makes a
The service name used by sserver and sclient is sample. Hence,
sserver will require that there be a keytab entry for the service
\fBsample/hostname.domain.name@REALM.NAME\fP\&. This keytab is generated
-using the \fIkadmin(1)\fP program. The keytab file is usually
+using the kadmin(1) program. The keytab file is usually
installed as \fB@KTNAME@\fP\&.
.sp
The \fB\-S\fP option allows for a different keytab than the default.
.UNINDENT
.sp
When using sclient, you will first have to have an entry in the
-Kerberos database, by using \fIkadmin(1)\fP, and then you have to get
-Kerberos tickets, by using \fIkinit(1)\fP\&. Also, if you are running
+Kerberos database, by using kadmin(1), and then you have to get
+Kerberos tickets, by using kinit(1)\&. Also, if you are running
the sclient program on a different host than the sserver it will be
connecting to, be sure that both hosts have an entry in /etc/services
for the sample tcp port, and that the same port number is in both
.sp
This means that the \fBsample/hostname@LOCAL.REALM\fP service was not
defined in the Kerberos database; it should be created using
-\fIkadmin(1)\fP, and a keytab file needs to be generated to make
+kadmin(1), and a keytab file needs to be generated to make
the key for that service principal available for sclient.
.IP 5. 3
sclient returns the error:
This probably means sserver couldn\(aqt find the keytab file. It was
probably not installed in the proper directory.
.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
.SH SEE ALSO
.sp
-\fIsclient(1)\fP, services(5), inetd(8)
+sclient(1), kerberos(7), services(5), inetd(8)
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2017, MIT
+1985-2018, MIT
.\" Generated by docutils manpage writer.
.
kdb5_ldap_list.h
$(OUTPRE)kdb5_ldap_realm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
- $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+ $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+ $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(COM_ERR_DEPS) $(srcdir)/../libkdb_ldap/kdb_ldap.h \
$(srcdir)/../libkdb_ldap/ldap_krbcontainer.h $(srcdir)/../libkdb_ldap/ldap_misc.h \
pkinit_trace.h
pkinit_crypto_openssl.so pkinit_crypto_openssl.po $(OUTPRE)pkinit_crypto_openssl.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-platform.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hex.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
$(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \
pkinit_crypto_openssl.c pkinit_crypto_openssl.h pkinit_trace.h
# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR MIT
-# This file is distributed under the same license as the PACKAGE package.
+# This file is distributed under the same license as the mit-krb5 package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: mit-krb5 1.16-prerelease\n"
+"Project-Id-Version: mit-krb5 1.17-prerelease\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-09-25 11:26-0400\n"
+"POT-Creation-Date: 2018-10-26 19:09-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
-#: ../../src/clients/kdestroy/kdestroy.c:55
+#: ../../src/clients/kdestroy/kdestroy.c:52
#, c-format
-msgid "Usage: %s [-A] [-q] [-c cache_name]\n"
+msgid "Usage: %s [-A] [-q] [-c cache_name] [-p princ_name]\n"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:56
+#: ../../src/clients/kdestroy/kdestroy.c:54
#, c-format
msgid "\t-A destroy all credential caches in collection\n"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:57
+#: ../../src/clients/kdestroy/kdestroy.c:55
#, c-format
msgid "\t-q quiet mode\n"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:58
-#: ../../src/clients/kswitch/kswitch.c:45
+#: ../../src/clients/kdestroy/kdestroy.c:56
+#: ../../src/clients/kswitch/kswitch.c:42
#, c-format
msgid "\t-c specify name of credentials cache\n"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:72
-#: ../../src/clients/kdestroy/kdestroy.c:151
+#: ../../src/clients/kdestroy/kdestroy.c:57
+#, c-format
+msgid "\t-p specify principal name within collection\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:71
+#: ../../src/clients/kdestroy/kdestroy.c:165
msgid "while listing credential caches"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:79
+#: ../../src/clients/kdestroy/kdestroy.c:78
#, c-format
msgid "Other credential caches present, use -A to destroy all\n"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:109
-#: ../../src/clients/kinit/kinit.c:346 ../../src/clients/ksu/main.c:285
+#: ../../src/clients/kdestroy/kdestroy.c:110
+#: ../../src/clients/kinit/kinit.c:346 ../../src/clients/ksu/main.c:288
#, c-format
msgid "Only one -c option allowed\n"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:116
-#: ../../src/clients/kinit/kinit.c:374 ../../src/clients/klist/klist.c:178
+#: ../../src/clients/kdestroy/kdestroy.c:118
+#, c-format
+msgid "Only one -p option allowed\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:125
+#: ../../src/clients/kinit/kinit.c:374 ../../src/clients/klist/klist.c:176
#, c-format
msgid "Kerberos 4 is no longer supported\n"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:136
-#: ../../src/clients/klist/klist.c:241 ../../src/clients/ksu/main.c:131
-#: ../../src/clients/ksu/main.c:137 ../../src/clients/kswitch/kswitch.c:97
-#: ../../src/kadmin/ktutil/ktutil.c:52 ../../src/kdc/main.c:954
-#: ../../src/slave/kprop.c:102 ../../src/slave/kpropd.c:1058
+#: ../../src/clients/kdestroy/kdestroy.c:138
+#, c-format
+msgid "-A option is exclusive with -p option\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:150
+#: ../../src/clients/klist/klist.c:239 ../../src/clients/ksu/main.c:134
+#: ../../src/clients/ksu/main.c:140 ../../src/clients/kswitch/kswitch.c:94
+#: ../../src/kadmin/ktutil/ktutil.c:52 ../../src/kdc/main.c:939
+#: ../../src/kprop/kprop.c:102 ../../src/kprop/kpropd.c:1058
msgid "while initializing krb5"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:143
-#: ../../src/clients/klist/klist.c:248
+#: ../../src/clients/kdestroy/kdestroy.c:157
+#: ../../src/clients/klist/klist.c:246
msgid "while setting default cache name"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:158
+#: ../../src/clients/kdestroy/kdestroy.c:172
msgid "composing ccache name"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:163
+#: ../../src/clients/kdestroy/kdestroy.c:177
#, c-format
msgid "while destroying cache %s"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:175
-#: ../../src/clients/klist/klist.c:462
+#: ../../src/clients/kdestroy/kdestroy.c:190
+#: ../../src/clients/kswitch/kswitch.c:107 ../../src/clients/kvno/kvno.c:189
+#: ../../src/clients/kvno/kvno.c:373 ../../src/kadmin/cli/keytab.c:373
+#: ../../src/kadmin/dbutil/kdb5_util.c:547
+#, c-format
+msgid "while parsing principal name %s"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:196
+#, c-format
+msgid "while finding cache for %s"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:204
+#: ../../src/clients/klist/klist.c:460
msgid "while resolving ccache"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:181 ../../src/clients/ksu/main.c:977
+#: ../../src/clients/kdestroy/kdestroy.c:211 ../../src/clients/ksu/main.c:990
msgid "while destroying cache"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:184
+#: ../../src/clients/kdestroy/kdestroy.c:214
#, c-format
msgid "Ticket cache NOT destroyed!\n"
msgstr ""
-#: ../../src/clients/kdestroy/kdestroy.c:186
+#: ../../src/clients/kdestroy/kdestroy.c:216
#, c-format
msgid "Ticket cache %cNOT%c destroyed!\n"
msgstr ""
msgid "keytab specified, forcing -k\n"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:415 ../../src/clients/klist/klist.c:216
+#: ../../src/clients/kinit/kinit.c:415 ../../src/clients/klist/klist.c:214
#, c-format
msgid "Extra arguments (starting with \"%s\").\n"
msgstr ""
msgstr ""
#: ../../src/clients/kinit/kinit.c:476 ../../src/clients/kinit/kinit.c:555
-#: ../../src/clients/kpasswd/kpasswd.c:30 ../../src/clients/ksu/main.c:238
+#: ../../src/clients/kpasswd/kpasswd.c:30 ../../src/clients/ksu/main.c:241
#, c-format
msgid "when parsing name %s"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:484 ../../src/kadmin/dbutil/kdb5_util.c:310
+#: ../../src/clients/kinit/kinit.c:484 ../../src/kadmin/dbutil/kdb5_util.c:311
+#: ../../src/kprop/kprop.c:156
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:391
-#: ../../src/slave/kprop.c:156
msgid "while getting default realm"
msgstr ""
msgid "Unable to identify user\n"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:564 ../../src/clients/kswitch/kswitch.c:116
+#: ../../src/clients/kinit/kinit.c:564 ../../src/clients/kswitch/kswitch.c:113
#, c-format
msgid "while searching for ccache for %s"
msgstr ""
msgid "getting local addresses"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:723
+#: ../../src/clients/kinit/kinit.c:724
#, c-format
msgid "while setting up KDB keytab for realm %s"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:732 ../../src/clients/kvno/kvno.c:308
+#: ../../src/clients/kinit/kinit.c:733 ../../src/clients/kvno/kvno.c:363
#, c-format
msgid "resolving keytab %s"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:737
+#: ../../src/clients/kinit/kinit.c:738
#, c-format
msgid "Using keytab: %s\n"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:741
+#: ../../src/clients/kinit/kinit.c:742
msgid "resolving default client keytab"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:751
+#: ../../src/clients/kinit/kinit.c:752
#, c-format
msgid "while setting '%s'='%s'"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:756
+#: ../../src/clients/kinit/kinit.c:757
#, c-format
msgid "PA Option %s = %s\n"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:797
+#: ../../src/clients/kinit/kinit.c:798
msgid "getting initial credentials"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:800
+#: ../../src/clients/kinit/kinit.c:801
msgid "validating credentials"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:803
+#: ../../src/clients/kinit/kinit.c:804
msgid "renewing credentials"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:811
+#: ../../src/clients/kinit/kinit.c:812
#, c-format
msgid "%s: Password incorrect while %s\n"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:814
+#: ../../src/clients/kinit/kinit.c:815
#, c-format
msgid "while %s"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:823
+#: ../../src/clients/kinit/kinit.c:824
#, c-format
msgid "when initializing cache %s"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:828
+#: ../../src/clients/kinit/kinit.c:829
#, c-format
msgid "Initialized cache\n"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:832
+#: ../../src/clients/kinit/kinit.c:833
msgid "while storing credentials"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:836
+#: ../../src/clients/kinit/kinit.c:837
#, c-format
msgid "Stored credentials\n"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:842
+#: ../../src/clients/kinit/kinit.c:843
msgid "while switching to new ccache"
msgstr ""
-#: ../../src/clients/kinit/kinit.c:897
+#: ../../src/clients/kinit/kinit.c:898
#, c-format
msgid "Authenticated to Kerberos v5\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:87
+#: ../../src/clients/klist/klist.c:85
#, c-format
msgid ""
"Usage: %s [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] [-a [-n]]] [-k [-t] [-K]] "
"[name]\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:89
+#: ../../src/clients/klist/klist.c:87
#, c-format
msgid "\t-c specifies credentials cache\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:90
+#: ../../src/clients/klist/klist.c:88
#, c-format
msgid "\t-k specifies keytab\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:91
+#: ../../src/clients/klist/klist.c:89
#, c-format
msgid "\t (Default is credentials cache)\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:92
+#: ../../src/clients/klist/klist.c:90
#, c-format
msgid "\t-i uses default client keytab if no name given\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:93
+#: ../../src/clients/klist/klist.c:91
#, c-format
msgid "\t-l lists credential caches in collection\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:94
+#: ../../src/clients/klist/klist.c:92
#, c-format
msgid "\t-A shows content of all credential caches\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:95
+#: ../../src/clients/klist/klist.c:93
#, c-format
msgid "\t-e shows the encryption type\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:96
+#: ../../src/clients/klist/klist.c:94
#, c-format
msgid "\t-V shows the Kerberos version and exits\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:97
+#: ../../src/clients/klist/klist.c:95
#, c-format
msgid "\toptions for credential caches:\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:98
+#: ../../src/clients/klist/klist.c:96
#, c-format
msgid "\t\t-d shows the submitted authorization data types\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:100
+#: ../../src/clients/klist/klist.c:98
#, c-format
msgid "\t\t-f shows credentials flags\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:101
+#: ../../src/clients/klist/klist.c:99
#, c-format
msgid "\t\t-s sets exit status based on valid tgt existence\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:103
+#: ../../src/clients/klist/klist.c:101
#, c-format
msgid "\t\t-a displays the address list\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:104
+#: ../../src/clients/klist/klist.c:102
#, c-format
msgid "\t\t\t-n do not reverse-resolve\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:105
+#: ../../src/clients/klist/klist.c:103
#, c-format
msgid "\toptions for keytabs:\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:106
+#: ../../src/clients/klist/klist.c:104
#, c-format
msgid "\t\t-t shows keytab entry timestamps\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:107
+#: ../../src/clients/klist/klist.c:105
#, c-format
msgid "\t\t-K shows keytab entry keys\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:225
+#: ../../src/clients/klist/klist.c:223
#, c-format
msgid "%s version %s\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:278
+#: ../../src/clients/klist/klist.c:276
msgid "while getting default client keytab"
msgstr ""
-#: ../../src/clients/klist/klist.c:284
+#: ../../src/clients/klist/klist.c:282
msgid "while getting default keytab"
msgstr ""
-#: ../../src/clients/klist/klist.c:290 ../../src/kadmin/cli/keytab.c:103
+#: ../../src/clients/klist/klist.c:288 ../../src/kadmin/cli/keytab.c:103
#, c-format
msgid "while resolving keytab %s"
msgstr ""
-#: ../../src/clients/klist/klist.c:297 ../../src/kadmin/cli/keytab.c:87
+#: ../../src/clients/klist/klist.c:295 ../../src/kadmin/cli/keytab.c:87
msgid "while getting keytab name"
msgstr ""
-#: ../../src/clients/klist/klist.c:305 ../../src/kadmin/cli/keytab.c:422
+#: ../../src/clients/klist/klist.c:303 ../../src/kadmin/cli/keytab.c:422
msgid "while starting keytab scan"
msgstr ""
-#: ../../src/clients/klist/klist.c:328 ../../src/clients/klist/klist.c:484
-#: ../../src/clients/ksu/ccache.c:455 ../../src/kadmin/dbutil/dump.c:554
-#: ../../src/kadmin/dbutil/tabdump.c:552
+#: ../../src/clients/klist/klist.c:326 ../../src/clients/klist/klist.c:482
+#: ../../src/clients/ksu/ccache.c:455 ../../src/kadmin/dbutil/dump.c:564
+#: ../../src/kadmin/dbutil/tabdump.c:549
msgid "while unparsing principal name"
msgstr ""
-#: ../../src/clients/klist/klist.c:350 ../../src/kadmin/cli/keytab.c:466
+#: ../../src/clients/klist/klist.c:348 ../../src/kadmin/cli/keytab.c:466
msgid "while scanning keytab"
msgstr ""
-#: ../../src/clients/klist/klist.c:355 ../../src/kadmin/cli/keytab.c:471
+#: ../../src/clients/klist/klist.c:353 ../../src/kadmin/cli/keytab.c:471
msgid "while ending keytab scan"
msgstr ""
-#: ../../src/clients/klist/klist.c:372 ../../src/clients/klist/klist.c:435
+#: ../../src/clients/klist/klist.c:370 ../../src/clients/klist/klist.c:433
msgid "while listing ccache collection"
msgstr ""
-#: ../../src/clients/klist/klist.c:411
+#: ../../src/clients/klist/klist.c:409
msgid "(Expired)"
msgstr ""
-#: ../../src/clients/klist/klist.c:488
+#: ../../src/clients/klist/klist.c:486
#, c-format
msgid ""
"Ticket cache: %s:%s\n"
"\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:500
+#: ../../src/clients/klist/klist.c:498
msgid "while starting to retrieve tickets"
msgstr ""
-#: ../../src/clients/klist/klist.c:514
+#: ../../src/clients/klist/klist.c:512
msgid "while finishing ticket retrieval"
msgstr ""
-#: ../../src/clients/klist/klist.c:519
+#: ../../src/clients/klist/klist.c:517
msgid "while retrieving a ticket"
msgstr ""
-#: ../../src/clients/klist/klist.c:667 ../../src/clients/ksu/ccache.c:440
-#: ../../src/slave/kpropd.c:1209 ../../src/slave/kpropd.c:1269
+#: ../../src/clients/klist/klist.c:665 ../../src/clients/ksu/ccache.c:440
+#: ../../src/kprop/kpropd.c:1209 ../../src/kprop/kpropd.c:1269
msgid "while unparsing client name"
msgstr ""
-#: ../../src/clients/klist/klist.c:672 ../../src/clients/ksu/ccache.c:445
-#: ../../src/slave/kprop.c:190
+#: ../../src/clients/klist/klist.c:670 ../../src/clients/ksu/ccache.c:445
+#: ../../src/kprop/kprop.c:190
msgid "while unparsing server name"
msgstr ""
-#: ../../src/clients/klist/klist.c:702 ../../src/clients/ksu/ccache.c:470
+#: ../../src/clients/klist/klist.c:700 ../../src/clients/ksu/ccache.c:470
#, c-format
msgid "\tfor client %s"
msgstr ""
-#: ../../src/clients/klist/klist.c:714 ../../src/clients/ksu/ccache.c:479
+#: ../../src/clients/klist/klist.c:712 ../../src/clients/ksu/ccache.c:479
msgid "renew until "
msgstr ""
-#: ../../src/clients/klist/klist.c:731 ../../src/clients/ksu/ccache.c:489
+#: ../../src/clients/klist/klist.c:729 ../../src/clients/ksu/ccache.c:489
#, c-format
msgid "Flags: %s"
msgstr ""
-#: ../../src/clients/klist/klist.c:750
+#: ../../src/clients/klist/klist.c:748
#, c-format
msgid "Etype (skey, tkt): %s, "
msgstr ""
-#: ../../src/clients/klist/klist.c:766
+#: ../../src/clients/klist/klist.c:764
#, c-format
msgid "AD types: "
msgstr ""
-#: ../../src/clients/klist/klist.c:782
+#: ../../src/clients/klist/klist.c:780
#, c-format
msgid "\tAddresses: (none)\n"
msgstr ""
-#: ../../src/clients/klist/klist.c:784
+#: ../../src/clients/klist/klist.c:782
#, c-format
msgid "\tAddresses: "
msgstr ""
-#: ../../src/clients/klist/klist.c:818 ../../src/clients/klist/klist.c:828
+#: ../../src/clients/klist/klist.c:816 ../../src/clients/klist/klist.c:826
#, c-format
msgid "broken address (type %d length %d)"
msgstr ""
-#: ../../src/clients/klist/klist.c:837
+#: ../../src/clients/klist/klist.c:835
#, c-format
msgid "unknown addrtype %d"
msgstr ""
-#: ../../src/clients/klist/klist.c:846
+#: ../../src/clients/klist/klist.c:844
#, c-format
msgid "unprintable address (type %d, error %d %s)"
msgstr ""
msgid "Password changed.\n"
msgstr ""
-#: ../../src/clients/ksu/authorization.c:369
+#: ../../src/clients/ksu/authorization.c:352
#, c-format
msgid ""
"Error: bad entry - %s in %s file, must be either full path or just the cmd "
"name\n"
msgstr ""
-#: ../../src/clients/ksu/authorization.c:377
+#: ../../src/clients/ksu/authorization.c:360
#, c-format
msgid ""
"Error: bad entry - %s in %s file, since %s is just the cmd name, CMD_PATH "
"must be defined \n"
msgstr ""
-#: ../../src/clients/ksu/authorization.c:392
+#: ../../src/clients/ksu/authorization.c:375
#, c-format
msgid "Error: bad entry - %s in %s file, CMD_PATH contains no paths \n"
msgstr ""
-#: ../../src/clients/ksu/authorization.c:401
+#: ../../src/clients/ksu/authorization.c:384
#, c-format
msgid "Error: bad path %s in CMD_PATH for %s must start with '/' \n"
msgstr ""
-#: ../../src/clients/ksu/authorization.c:517
+#: ../../src/clients/ksu/authorization.c:500
msgid "Error: not found -> "
msgstr ""
-#: ../../src/clients/ksu/authorization.c:723
+#: ../../src/clients/ksu/authorization.c:706
#, c-format
msgid "home directory name `%s' too long, can't search for .k5login\n"
msgstr ""
msgid " in remotely using an unsecure (non-encrypted) channel. \n"
msgstr ""
-#: ../../src/clients/ksu/krb_auth_su.c:114 ../../src/clients/ksu/main.c:460
+#: ../../src/clients/ksu/krb_auth_su.c:114 ../../src/clients/ksu/main.c:473
msgid "while reclaiming root uid"
msgstr ""
"[-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:147
+#: ../../src/clients/ksu/main.c:150
msgid ""
"program name too long - quitting to avoid triggering system logging bugs"
msgstr ""
-#: ../../src/clients/ksu/main.c:173
+#: ../../src/clients/ksu/main.c:176
msgid "while allocating memory"
msgstr ""
-#: ../../src/clients/ksu/main.c:186
+#: ../../src/clients/ksu/main.c:189
msgid "while setting euid to source user"
msgstr ""
-#: ../../src/clients/ksu/main.c:196 ../../src/clients/ksu/main.c:231
+#: ../../src/clients/ksu/main.c:199 ../../src/clients/ksu/main.c:234
#, c-format
msgid "Bad lifetime value (%s hours?)\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:208 ../../src/clients/ksu/main.c:293
+#: ../../src/clients/ksu/main.c:211 ../../src/clients/ksu/main.c:296
msgid "when gathering parameters"
msgstr ""
-#: ../../src/clients/ksu/main.c:252
+#: ../../src/clients/ksu/main.c:255
#, c-format
msgid "-z option is mutually exclusive with -Z.\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:260
+#: ../../src/clients/ksu/main.c:263
#, c-format
msgid "-Z option is mutually exclusive with -z.\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:273
+#: ../../src/clients/ksu/main.c:276
#, c-format
msgid "while looking for credentials cache %s"
msgstr ""
-#: ../../src/clients/ksu/main.c:279
+#: ../../src/clients/ksu/main.c:282
#, c-format
msgid "malformed credential cache name %s\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:337
+#: ../../src/clients/ksu/main.c:340
#, c-format
msgid "ksu: who are you?\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:341
+#: ../../src/clients/ksu/main.c:344
#, c-format
msgid "Your uid doesn't match your passwd entry?!\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:356
+#: ../../src/clients/ksu/main.c:359
#, c-format
msgid "ksu: unknown login %s\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:376
+#: ../../src/clients/ksu/main.c:379
msgid "while getting source cache"
msgstr ""
-#: ../../src/clients/ksu/main.c:385
+#: ../../src/clients/ksu/main.c:388
msgid "while selecting the best principal"
msgstr ""
-#: ../../src/clients/ksu/main.c:393
+#: ../../src/clients/ksu/main.c:396
msgid "while returning to source uid after finding best principal"
msgstr ""
-#: ../../src/clients/ksu/main.c:413
+#: ../../src/clients/ksu/main.c:416
#, c-format
msgid "account %s: authorization failed\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:438
+#: ../../src/clients/ksu/main.c:451
msgid "while parsing temporary name"
msgstr ""
-#: ../../src/clients/ksu/main.c:443
+#: ../../src/clients/ksu/main.c:456
msgid "while creating temporary cache"
msgstr ""
-#: ../../src/clients/ksu/main.c:449 ../../src/clients/ksu/main.c:689
+#: ../../src/clients/ksu/main.c:462 ../../src/clients/ksu/main.c:702
#, c-format
msgid "while copying cache %s to %s"
msgstr ""
-#: ../../src/clients/ksu/main.c:467
+#: ../../src/clients/ksu/main.c:480
#, c-format
msgid ""
"WARNING: Your password may be exposed if you enter it here and are logged\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:469
+#: ../../src/clients/ksu/main.c:482
#, c-format
msgid " in remotely using an unsecure (non-encrypted) channel.\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:475
+#: ../../src/clients/ksu/main.c:488
#, c-format
msgid "Goodbye\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:479
+#: ../../src/clients/ksu/main.c:492
#, c-format
msgid "Could not get a tgt for "
msgstr ""
-#: ../../src/clients/ksu/main.c:501
+#: ../../src/clients/ksu/main.c:514
#, c-format
msgid "Authentication failed.\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:509
+#: ../../src/clients/ksu/main.c:522
msgid "When unparsing name"
msgstr ""
-#: ../../src/clients/ksu/main.c:513
+#: ../../src/clients/ksu/main.c:526
#, c-format
msgid "Authenticated %s\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:520
+#: ../../src/clients/ksu/main.c:533
msgid "while switching to target for authorization check"
msgstr ""
-#: ../../src/clients/ksu/main.c:527
+#: ../../src/clients/ksu/main.c:540
msgid "while checking authorization"
msgstr ""
-#: ../../src/clients/ksu/main.c:533
+#: ../../src/clients/ksu/main.c:546
msgid "while switching back from target after authorization check"
msgstr ""
-#: ../../src/clients/ksu/main.c:540
+#: ../../src/clients/ksu/main.c:553
#, c-format
msgid "Account %s: authorization for %s for execution of\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:542
+#: ../../src/clients/ksu/main.c:555
#, c-format
msgid " %s successful\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:548
+#: ../../src/clients/ksu/main.c:561
#, c-format
msgid "Account %s: authorization for %s successful\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:560
+#: ../../src/clients/ksu/main.c:573
#, c-format
msgid "Account %s: authorization for %s for execution of %s failed\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:568
+#: ../../src/clients/ksu/main.c:581
#, c-format
msgid "Account %s: authorization of %s failed\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:583
+#: ../../src/clients/ksu/main.c:596
msgid "while calling cc_filter"
msgstr ""
-#: ../../src/clients/ksu/main.c:591
+#: ../../src/clients/ksu/main.c:604
msgid "while erasing target cache"
msgstr ""
-#: ../../src/clients/ksu/main.c:611
+#: ../../src/clients/ksu/main.c:624
#, c-format
msgid "ksu: permission denied (shell).\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:620
+#: ../../src/clients/ksu/main.c:633
#, c-format
msgid "ksu: couldn't set environment variable USER\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:626
+#: ../../src/clients/ksu/main.c:639
#, c-format
msgid "ksu: couldn't set environment variable HOME\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:631
+#: ../../src/clients/ksu/main.c:644
#, c-format
msgid "ksu: couldn't set environment variable SHELL\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:642
+#: ../../src/clients/ksu/main.c:655
#, c-format
msgid "ksu: initgroups failed.\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:647
+#: ../../src/clients/ksu/main.c:660
#, c-format
msgid "Leaving uid as %s (%ld)\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:650
+#: ../../src/clients/ksu/main.c:663
#, c-format
msgid "Changing uid to %s (%ld)\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:676
+#: ../../src/clients/ksu/main.c:689
msgid "while getting name of target ccache"
msgstr ""
-#: ../../src/clients/ksu/main.c:696
+#: ../../src/clients/ksu/main.c:709
#, c-format
msgid "%s does not have correct permissions for %s, %s aborted"
msgstr ""
-#: ../../src/clients/ksu/main.c:717
+#: ../../src/clients/ksu/main.c:730
#, c-format
msgid "Internal error: command %s did not get resolved\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:734 ../../src/clients/ksu/main.c:770
+#: ../../src/clients/ksu/main.c:747 ../../src/clients/ksu/main.c:783
#, c-format
msgid "while trying to execv %s"
msgstr ""
-#: ../../src/clients/ksu/main.c:760
+#: ../../src/clients/ksu/main.c:773
msgid "while calling waitpid"
msgstr ""
-#: ../../src/clients/ksu/main.c:765
+#: ../../src/clients/ksu/main.c:778
msgid "while trying to fork."
msgstr ""
-#: ../../src/clients/ksu/main.c:787
+#: ../../src/clients/ksu/main.c:800
msgid "while reading cache name from ccache"
msgstr ""
-#: ../../src/clients/ksu/main.c:793
+#: ../../src/clients/ksu/main.c:806
#, c-format
msgid "ksu: couldn't set environment variable %s\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:819
+#: ../../src/clients/ksu/main.c:832
msgid "while resetting target ccache name"
msgstr ""
-#: ../../src/clients/ksu/main.c:833
+#: ../../src/clients/ksu/main.c:846
msgid "while determining target ccache name"
msgstr ""
-#: ../../src/clients/ksu/main.c:872
+#: ../../src/clients/ksu/main.c:885
msgid "while generating part of the target ccache name"
msgstr ""
-#: ../../src/clients/ksu/main.c:878
+#: ../../src/clients/ksu/main.c:891
msgid "while allocating memory for the target ccache name"
msgstr ""
-#: ../../src/clients/ksu/main.c:897
+#: ../../src/clients/ksu/main.c:910
msgid "while creating new target ccache"
msgstr ""
-#: ../../src/clients/ksu/main.c:903
+#: ../../src/clients/ksu/main.c:916
msgid "while initializing target cache"
msgstr ""
-#: ../../src/clients/ksu/main.c:943
+#: ../../src/clients/ksu/main.c:956
#, c-format
msgid "terminal name %s too long\n"
msgstr ""
-#: ../../src/clients/ksu/main.c:971
+#: ../../src/clients/ksu/main.c:984
msgid "while changing to target uid for destroying ccache"
msgstr ""
-#: ../../src/clients/kswitch/kswitch.c:44
+#: ../../src/clients/kswitch/kswitch.c:41
#, c-format
msgid "Usage: %s {-c cache_name | -p principal}\n"
msgstr ""
-#: ../../src/clients/kswitch/kswitch.c:46
+#: ../../src/clients/kswitch/kswitch.c:43
#, c-format
msgid "\t-p specify name of principal\n"
msgstr ""
-#: ../../src/clients/kswitch/kswitch.c:69
+#: ../../src/clients/kswitch/kswitch.c:66
#, c-format
msgid "Only one -c or -p option allowed\n"
msgstr ""
-#: ../../src/clients/kswitch/kswitch.c:88
+#: ../../src/clients/kswitch/kswitch.c:85
#, c-format
msgid "One of -c or -p must be specified\n"
msgstr ""
-#: ../../src/clients/kswitch/kswitch.c:104
+#: ../../src/clients/kswitch/kswitch.c:101
#, c-format
msgid "while resolving %s"
msgstr ""
-#: ../../src/clients/kswitch/kswitch.c:110 ../../src/clients/kvno/kvno.c:177
-#: ../../src/clients/kvno/kvno.c:318 ../../src/kadmin/cli/keytab.c:373
-#: ../../src/kadmin/dbutil/kdb5_util.c:584
-#, c-format
-msgid "while parsing principal name %s"
-msgstr ""
-
-#: ../../src/clients/kswitch/kswitch.c:125
+#: ../../src/clients/kswitch/kswitch.c:122
msgid "while switching to credential cache"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:44
+#: ../../src/clients/kvno/kvno.c:41
#, c-format
msgid "usage: %s [-C] [-u] [-c ccache] [-e etype]\n"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:45
+#: ../../src/clients/kvno/kvno.c:42
#, c-format
msgid "\t[-k keytab] [-S sname] [-U for_user [-P]]\n"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:46
+#: ../../src/clients/kvno/kvno.c:43
#, c-format
-msgid "\tservice1 service2 ...\n"
+msgid "\t[--u2u ccache] service1 service2 ...\n"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:99 ../../src/clients/kvno/kvno.c:107
+#: ../../src/clients/kvno/kvno.c:102 ../../src/clients/kvno/kvno.c:110
#, c-format
msgid "Options -u and -S are mutually exclusive\n"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:122
+#: ../../src/clients/kvno/kvno.c:127
+#, c-format
+msgid "Options --u2u and -P are mutually exclusive\n"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:133
#, c-format
msgid "Option -P (constrained delegation) requires keytab to be specified\n"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:126
+#: ../../src/clients/kvno/kvno.c:137
#, c-format
msgid ""
"Option -P (constrained delegation) requires option -U (protocol transition)\n"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:185
+#: ../../src/clients/kvno/kvno.c:197
#, c-format
msgid "while formatting parsed principal name for '%s'"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:196
+#: ../../src/clients/kvno/kvno.c:211
msgid "client and server principal names must match"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:212
+#: ../../src/clients/kvno/kvno.c:227
#, c-format
msgid "while getting credentials for %s"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:219
+#: ../../src/clients/kvno/kvno.c:234
#, c-format
msgid "while decoding ticket for %s"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:230
+#: ../../src/clients/kvno/kvno.c:245
#, c-format
msgid "while decrypting ticket for %s"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:234
+#: ../../src/clients/kvno/kvno.c:249
#, c-format
msgid "%s: kvno = %d, keytab entry valid\n"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:248
+#: ../../src/clients/kvno/kvno.c:263
#, c-format
msgid "%s: constrained delegation failed"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:255
+#: ../../src/clients/kvno/kvno.c:270
#, c-format
msgid "%s: kvno = %d\n"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:282 ../../src/kadmin/cli/kadmin.c:309
+#: ../../src/clients/kvno/kvno.c:337 ../../src/kadmin/cli/kadmin.c:311
msgid "while initializing krb5 library"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:289
+#: ../../src/clients/kvno/kvno.c:344
msgid "while converting etype"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:301
+#: ../../src/clients/kvno/kvno.c:356
msgid "while opening ccache"
msgstr ""
-#: ../../src/clients/kvno/kvno.c:325
+#: ../../src/clients/kvno/kvno.c:381
+#, c-format
+msgid "while getting user-to-user ticket from %s"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:390
msgid "while getting client principal name"
msgstr ""
"\t\t\tLook at each database documentation for supported arguments\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:162
+#: ../../src/kadmin/cli/kadmin.c:164
#, c-format
msgid "Invalid date specification \"%s\".\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:190
+#: ../../src/kadmin/cli/kadmin.c:192
#, c-format
msgid "Interval specification \"%s\" is in the past.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:320 ../../src/kadmin/cli/kadmin.c:359
+#: ../../src/kadmin/cli/kadmin.c:322 ../../src/kadmin/cli/kadmin.c:361
#, c-format
msgid "%s: Cannot initialize. Not enough memory\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:378 ../../src/kadmin/cli/kadmin.c:838
-#: ../../src/kadmin/cli/kadmin.c:1103 ../../src/kadmin/cli/kadmin.c:1618
-#: ../../src/kadmin/cli/keytab.c:148 ../../src/kadmin/dbutil/kdb5_util.c:599
+#: ../../src/kadmin/cli/kadmin.c:380 ../../src/kadmin/cli/kadmin.c:840
+#: ../../src/kadmin/cli/kadmin.c:1105 ../../src/kadmin/cli/kadmin.c:1620
+#: ../../src/kadmin/cli/keytab.c:148 ../../src/kadmin/dbutil/kdb5_util.c:562
#, c-format
msgid "while parsing keysalts %s"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:401
+#: ../../src/kadmin/cli/kadmin.c:403
#, c-format
msgid "%s: -q is exclusive with command-line query"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:409
+#: ../../src/kadmin/cli/kadmin.c:411
#, c-format
msgid "%s: unable to get default realm\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:429
+#: ../../src/kadmin/cli/kadmin.c:431
msgid "while opening default credentials cache"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:435
+#: ../../src/kadmin/cli/kadmin.c:437
#, c-format
msgid "while opening credentials cache %s"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:457 ../../src/kadmin/cli/kadmin.c:511
-#: ../../src/kadmin/cli/kadmin.c:519 ../../src/kadmin/cli/kadmin.c:526
+#: ../../src/kadmin/cli/kadmin.c:459 ../../src/kadmin/cli/kadmin.c:513
+#: ../../src/kadmin/cli/kadmin.c:521 ../../src/kadmin/cli/kadmin.c:528
#, c-format
msgid "%s: out of memory\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:466 ../../src/kadmin/cli/kadmin.c:481
-#: ../../src/slave/kpropd.c:680
+#: ../../src/kadmin/cli/kadmin.c:468 ../../src/kadmin/cli/kadmin.c:483
+#: ../../src/kprop/kpropd.c:680
msgid "while canonicalizing principal name"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:475
+#: ../../src/kadmin/cli/kadmin.c:477
msgid "creating host service principal"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:488
+#: ../../src/kadmin/cli/kadmin.c:490
#, c-format
msgid "%s: unable to canonicalize principal\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:531
+#: ../../src/kadmin/cli/kadmin.c:533
#, c-format
msgid "%s: unable to figure out a principal name\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:538
+#: ../../src/kadmin/cli/kadmin.c:540
msgid "while setting up logging"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:547
+#: ../../src/kadmin/cli/kadmin.c:549
#, c-format
msgid "Authenticating as principal %s with existing credentials.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:553
+#: ../../src/kadmin/cli/kadmin.c:555
#, c-format
msgid "Authenticating as principal %s with password; anonymous requested.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:560
+#: ../../src/kadmin/cli/kadmin.c:562
#, c-format
msgid "Authenticating as principal %s with keytab %s.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:563
+#: ../../src/kadmin/cli/kadmin.c:565
#, c-format
msgid "Authenticating as principal %s with default keytab.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:570
+#: ../../src/kadmin/cli/kadmin.c:572
#, c-format
msgid "Authenticating as principal %s with password.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:578 ../../src/slave/kpropd.c:727
+#: ../../src/kadmin/cli/kadmin.c:580 ../../src/kprop/kpropd.c:727
#, c-format
msgid "while initializing %s interface"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:593
+#: ../../src/kadmin/cli/kadmin.c:595
#, c-format
msgid "while closing ccache %s"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:599
+#: ../../src/kadmin/cli/kadmin.c:601
msgid "while mapping update log"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:615
+#: ../../src/kadmin/cli/kadmin.c:617
msgid "while unlocking locked database"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:624
+#: ../../src/kadmin/cli/kadmin.c:626
msgid "Administration credentials NOT DESTROYED.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:673
+#: ../../src/kadmin/cli/kadmin.c:675
msgid "usage: delete_principal [-force] principal\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:678 ../../src/kadmin/cli/kadmin.c:853
+#: ../../src/kadmin/cli/kadmin.c:680 ../../src/kadmin/cli/kadmin.c:855
msgid "while parsing principal name"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:684 ../../src/kadmin/cli/kadmin.c:859
-#: ../../src/kadmin/cli/kadmin.c:1212 ../../src/kadmin/cli/kadmin.c:1337
-#: ../../src/kadmin/cli/kadmin.c:1407 ../../src/kadmin/cli/kadmin.c:1841
-#: ../../src/kadmin/cli/kadmin.c:1885 ../../src/kadmin/cli/kadmin.c:1931
-#: ../../src/kadmin/cli/kadmin.c:1971
+#: ../../src/kadmin/cli/kadmin.c:686 ../../src/kadmin/cli/kadmin.c:861
+#: ../../src/kadmin/cli/kadmin.c:1214 ../../src/kadmin/cli/kadmin.c:1339
+#: ../../src/kadmin/cli/kadmin.c:1409 ../../src/kadmin/cli/kadmin.c:1843
+#: ../../src/kadmin/cli/kadmin.c:1887 ../../src/kadmin/cli/kadmin.c:1933
+#: ../../src/kadmin/cli/kadmin.c:1973
msgid "while canonicalizing principal"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:688
+#: ../../src/kadmin/cli/kadmin.c:690
#, c-format
msgid "Are you sure you want to delete the principal \"%s\"? (yes/no): "
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:692
+#: ../../src/kadmin/cli/kadmin.c:694
#, c-format
msgid "Principal \"%s\" not deleted\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:699
+#: ../../src/kadmin/cli/kadmin.c:701
#, c-format
msgid "while deleting principal \"%s\""
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:702
+#: ../../src/kadmin/cli/kadmin.c:704
#, c-format
msgid "Principal \"%s\" deleted.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:703
+#: ../../src/kadmin/cli/kadmin.c:705
msgid ""
"Make sure that you have removed this principal from all ACLs before "
"reusing.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:720
+#: ../../src/kadmin/cli/kadmin.c:722
msgid "usage: rename_principal [-force] old_principal new_principal\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:727
+#: ../../src/kadmin/cli/kadmin.c:729
msgid "while parsing old principal name"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:733
+#: ../../src/kadmin/cli/kadmin.c:735
msgid "while parsing new principal name"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:739
+#: ../../src/kadmin/cli/kadmin.c:741
msgid "while canonicalizing old principal"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:745
+#: ../../src/kadmin/cli/kadmin.c:747
msgid "while canonicalizing new principal"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:749
+#: ../../src/kadmin/cli/kadmin.c:751
#, c-format
msgid ""
"Are you sure you want to rename the principal \"%s\" to \"%s\"? (yes/no): "
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:753
+#: ../../src/kadmin/cli/kadmin.c:755
#, c-format
msgid "Principal \"%s\" not renamed\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:760
+#: ../../src/kadmin/cli/kadmin.c:762
#, c-format
msgid "while renaming principal \"%s\" to \"%s\""
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:764
+#: ../../src/kadmin/cli/kadmin.c:766
#, c-format
msgid "Principal \"%s\" renamed to \"%s\".\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:765
+#: ../../src/kadmin/cli/kadmin.c:767
msgid ""
"Make sure that you have removed the old principal from all ACLs before "
"reusing.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:780
+#: ../../src/kadmin/cli/kadmin.c:782
msgid ""
"usage: change_password [-randkey] [-keepold] [-e keysaltlist] [-pw password] "
"principal\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:806
+#: ../../src/kadmin/cli/kadmin.c:808
msgid "change_password: missing db argument"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:812
+#: ../../src/kadmin/cli/kadmin.c:814
msgid "change_password: Not enough memory\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:820
+#: ../../src/kadmin/cli/kadmin.c:822
msgid "change_password: missing password arg"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:831
+#: ../../src/kadmin/cli/kadmin.c:833
msgid "change_password: missing keysaltlist arg"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:847
+#: ../../src/kadmin/cli/kadmin.c:849
msgid "missing principal name"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:871 ../../src/kadmin/cli/kadmin.c:908
+#: ../../src/kadmin/cli/kadmin.c:873 ../../src/kadmin/cli/kadmin.c:910
#, c-format
msgid "while changing password for \"%s\"."
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:874 ../../src/kadmin/cli/kadmin.c:911
+#: ../../src/kadmin/cli/kadmin.c:876 ../../src/kadmin/cli/kadmin.c:913
#, c-format
msgid "Password for \"%s\" changed.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:880 ../../src/kadmin/cli/kadmin.c:1288
+#: ../../src/kadmin/cli/kadmin.c:882 ../../src/kadmin/cli/kadmin.c:1290
#, c-format
msgid "while randomizing key for \"%s\"."
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:883
+#: ../../src/kadmin/cli/kadmin.c:885
#, c-format
msgid "Key for \"%s\" randomized.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:888 ../../src/kadmin/cli/kadmin.c:1248
+#: ../../src/kadmin/cli/kadmin.c:890 ../../src/kadmin/cli/kadmin.c:1250
#, c-format
msgid "Enter password for principal \"%s\""
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:890 ../../src/kadmin/cli/kadmin.c:1250
+#: ../../src/kadmin/cli/kadmin.c:892 ../../src/kadmin/cli/kadmin.c:1252
#, c-format
msgid "Re-enter password for principal \"%s\""
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:895 ../../src/kadmin/cli/kadmin.c:1254
+#: ../../src/kadmin/cli/kadmin.c:897 ../../src/kadmin/cli/kadmin.c:1256
#, c-format
msgid "while reading password for \"%s\"."
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:949
+#: ../../src/kadmin/cli/kadmin.c:951
msgid "Not enough memory\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:979 ../../src/kadmin/dbutil/kdb5_util.c:631
+#: ../../src/kadmin/cli/kadmin.c:981 ../../src/kadmin/dbutil/kdb5_util.c:594
msgid "while getting time"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1120 ../../src/kadmin/cli/kadmin.c:1331
-#: ../../src/kadmin/cli/kadmin.c:1402 ../../src/kadmin/cli/kadmin.c:1835
-#: ../../src/kadmin/cli/kadmin.c:1879 ../../src/kadmin/cli/kadmin.c:1925
-#: ../../src/kadmin/cli/kadmin.c:1965
+#: ../../src/kadmin/cli/kadmin.c:1122 ../../src/kadmin/cli/kadmin.c:1333
+#: ../../src/kadmin/cli/kadmin.c:1404 ../../src/kadmin/cli/kadmin.c:1837
+#: ../../src/kadmin/cli/kadmin.c:1881 ../../src/kadmin/cli/kadmin.c:1927
+#: ../../src/kadmin/cli/kadmin.c:1967
msgid "while parsing principal"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1129
+#: ../../src/kadmin/cli/kadmin.c:1131
msgid "usage: add_principal [options] principal\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1130 ../../src/kadmin/cli/kadmin.c:1154
-#: ../../src/kadmin/cli/kadmin.c:1641
+#: ../../src/kadmin/cli/kadmin.c:1132 ../../src/kadmin/cli/kadmin.c:1156
+#: ../../src/kadmin/cli/kadmin.c:1643
msgid "\toptions are:\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1131
+#: ../../src/kadmin/cli/kadmin.c:1133
msgid ""
"\t\t[-randkey|-nokey] [-x db_princ_args]* [-expire expdate] [-pwexpire "
"pwexpdate] [-maxlife maxtixlife]\n"
"\t\t[{+|-}attribute]\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1136 ../../src/kadmin/cli/kadmin.c:1159
+#: ../../src/kadmin/cli/kadmin.c:1138 ../../src/kadmin/cli/kadmin.c:1161
msgid "\tattributes are:\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1137 ../../src/kadmin/cli/kadmin.c:1160
+#: ../../src/kadmin/cli/kadmin.c:1139 ../../src/kadmin/cli/kadmin.c:1162
msgid ""
"\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n"
"\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n"
"\t\t\tLook at each database documentation for supported arguments\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1153
+#: ../../src/kadmin/cli/kadmin.c:1155
msgid "usage: modify_principal [options] principal\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1155
+#: ../../src/kadmin/cli/kadmin.c:1157
msgid ""
"\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife "
"maxtixlife]\n"
"\t\t[-maxrenewlife maxrenewlife] [-unlock] [{+|-}attribute]\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1219 ../../src/kadmin/cli/kadmin.c:1360
+#: ../../src/kadmin/cli/kadmin.c:1221 ../../src/kadmin/cli/kadmin.c:1362
#, c-format
msgid "WARNING: policy \"%s\" does not exist\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1226
+#: ../../src/kadmin/cli/kadmin.c:1228
#, c-format
msgid "NOTICE: no policy specified for %s; assigning \"default\"\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1232
+#: ../../src/kadmin/cli/kadmin.c:1234
#, c-format
msgid "WARNING: no policy specified for %s; defaulting to no policy\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1274
+#: ../../src/kadmin/cli/kadmin.c:1276
#, c-format
msgid "Admin server does not support -nokey while creating \"%s\"\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1296
+#: ../../src/kadmin/cli/kadmin.c:1298
#, c-format
msgid "while clearing DISALLOW_ALL_TIX for \"%s\"."
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1343
+#: ../../src/kadmin/cli/kadmin.c:1345
#, c-format
msgid "while getting \"%s\"."
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1369
+#: ../../src/kadmin/cli/kadmin.c:1371
#, c-format
msgid "while modifying \"%s\"."
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1373
+#: ../../src/kadmin/cli/kadmin.c:1375
#, c-format
msgid "Principal \"%s\" modified.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1394
+#: ../../src/kadmin/cli/kadmin.c:1396
msgid "usage: get_principal [-terse] principal\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1413
+#: ../../src/kadmin/cli/kadmin.c:1415
#, c-format
msgid "while retrieving \"%s\"."
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1418 ../../src/kadmin/cli/kadmin.c:1423
+#: ../../src/kadmin/cli/kadmin.c:1420 ../../src/kadmin/cli/kadmin.c:1425
msgid "while unparsing principal"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1427
+#: ../../src/kadmin/cli/kadmin.c:1429
#, c-format
msgid "Principal: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1428
+#: ../../src/kadmin/cli/kadmin.c:1430
#, c-format
msgid "Expiration date: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1429 ../../src/kadmin/cli/kadmin.c:1431
-#: ../../src/kadmin/cli/kadmin.c:1434 ../../src/kadmin/cli/kadmin.c:1442
+#: ../../src/kadmin/cli/kadmin.c:1431 ../../src/kadmin/cli/kadmin.c:1433
+#: ../../src/kadmin/cli/kadmin.c:1436 ../../src/kadmin/cli/kadmin.c:1444
msgid "[never]"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1430
+#: ../../src/kadmin/cli/kadmin.c:1432
#, c-format
msgid "Last password change: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1432
+#: ../../src/kadmin/cli/kadmin.c:1434
#, c-format
msgid "Password expiration date: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1435
+#: ../../src/kadmin/cli/kadmin.c:1437
#, c-format
msgid "Maximum ticket life: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1436
+#: ../../src/kadmin/cli/kadmin.c:1438
#, c-format
msgid "Maximum renewable life: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1438
+#: ../../src/kadmin/cli/kadmin.c:1440
#, c-format
msgid "Last modified: %s (%s)\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1440
+#: ../../src/kadmin/cli/kadmin.c:1442
#, c-format
msgid "Last successful authentication: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1446
+#: ../../src/kadmin/cli/kadmin.c:1448
#, c-format
msgid "Failed password attempts: %d\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1448
+#: ../../src/kadmin/cli/kadmin.c:1450
#, c-format
msgid "Number of keys: %d\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1455
+#: ../../src/kadmin/cli/kadmin.c:1457
#, c-format
msgid "<Encryption type 0x%x>"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1462
+#: ../../src/kadmin/cli/kadmin.c:1464
#, c-format
msgid "<Salt type 0x%x>"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1468
+#: ../../src/kadmin/cli/kadmin.c:1470
#, c-format
msgid "MKey: vno %d\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1470
+#: ../../src/kadmin/cli/kadmin.c:1472
#, c-format
msgid "Attributes:"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1473
+#: ../../src/kadmin/cli/kadmin.c:1475
msgid "while printing flags"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1482
+#: ../../src/kadmin/cli/kadmin.c:1484
msgid "[none]"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1484
+#: ../../src/kadmin/cli/kadmin.c:1486
msgid " [does not exist]"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1485
+#: ../../src/kadmin/cli/kadmin.c:1487
#, c-format
msgid "Policy: %s%s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1521
+#: ../../src/kadmin/cli/kadmin.c:1523
msgid "usage: get_principals [expression]\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1526 ../../src/kadmin/cli/kadmin.c:1777
+#: ../../src/kadmin/cli/kadmin.c:1528 ../../src/kadmin/cli/kadmin.c:1779
msgid "while retrieving list."
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1631
+#: ../../src/kadmin/cli/kadmin.c:1633
#, c-format
msgid "%s: parser lost count!\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1640
+#: ../../src/kadmin/cli/kadmin.c:1642
#, c-format
msgid "usage; %s [options] policy\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1642
+#: ../../src/kadmin/cli/kadmin.c:1644
msgid ""
"\t\t[-maxlife time] [-minlife time] [-minlength length]\n"
"\t\t[-minclasses number] [-history number]\n"
"\t\t[-allowedkeysalts keysalts]\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1646
+#: ../../src/kadmin/cli/kadmin.c:1648
msgid "\t\t[-lockoutduration time]\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1665
+#: ../../src/kadmin/cli/kadmin.c:1667
#, c-format
msgid "while creating policy \"%s\"."
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1686
+#: ../../src/kadmin/cli/kadmin.c:1688
#, c-format
msgid "while modifying policy \"%s\"."
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1698
+#: ../../src/kadmin/cli/kadmin.c:1700
msgid "usage: delete_policy [-force] policy\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1702
+#: ../../src/kadmin/cli/kadmin.c:1704
#, c-format
msgid "Are you sure you want to delete the policy \"%s\"? (yes/no): "
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1706
+#: ../../src/kadmin/cli/kadmin.c:1708
#, c-format
msgid "Policy \"%s\" not deleted.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1712
+#: ../../src/kadmin/cli/kadmin.c:1714
#, c-format
msgid "while deleting policy \"%s\""
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1724
+#: ../../src/kadmin/cli/kadmin.c:1726
msgid "usage: get_policy [-terse] policy\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1729
+#: ../../src/kadmin/cli/kadmin.c:1731
#, c-format
msgid "while retrieving policy \"%s\"."
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1734
+#: ../../src/kadmin/cli/kadmin.c:1736
#, c-format
msgid "Policy: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1735
+#: ../../src/kadmin/cli/kadmin.c:1737
#, c-format
msgid "Maximum password life: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1736
+#: ../../src/kadmin/cli/kadmin.c:1738
#, c-format
msgid "Minimum password life: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1737
+#: ../../src/kadmin/cli/kadmin.c:1739
#, c-format
msgid "Minimum password length: %ld\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1738
+#: ../../src/kadmin/cli/kadmin.c:1740
#, c-format
msgid "Minimum number of password character classes: %ld\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1740
+#: ../../src/kadmin/cli/kadmin.c:1742
#, c-format
msgid "Number of old keys kept: %ld\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1741
+#: ../../src/kadmin/cli/kadmin.c:1743
#, c-format
msgid "Maximum password failures before lockout: %lu\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1743
+#: ../../src/kadmin/cli/kadmin.c:1745
#, c-format
msgid "Password failure count reset interval: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1745
+#: ../../src/kadmin/cli/kadmin.c:1747
#, c-format
msgid "Password lockout duration: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1748
+#: ../../src/kadmin/cli/kadmin.c:1750
#, c-format
msgid "Allowed key/salt types: %s\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1772
+#: ../../src/kadmin/cli/kadmin.c:1774
msgid "usage: get_policies [expression]\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1794
+#: ../../src/kadmin/cli/kadmin.c:1796
msgid "usage: get_privs\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1799
+#: ../../src/kadmin/cli/kadmin.c:1801
msgid "while retrieving privileges"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1802
+#: ../../src/kadmin/cli/kadmin.c:1804
#, c-format
msgid "current privileges:"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1828
+#: ../../src/kadmin/cli/kadmin.c:1830
msgid "usage: purgekeys [-all|-keepkvno oldest_kvno_to_keep] principal\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1848
+#: ../../src/kadmin/cli/kadmin.c:1850
#, c-format
msgid "while purging keys for principal \"%s\""
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1853
+#: ../../src/kadmin/cli/kadmin.c:1855
#, c-format
msgid "All keys for principal \"%s\" removed.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1855
+#: ../../src/kadmin/cli/kadmin.c:1857
#, c-format
msgid "Old keys for principal \"%s\" purged.\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1872
+#: ../../src/kadmin/cli/kadmin.c:1874
msgid "usage: get_strings principal\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1892
+#: ../../src/kadmin/cli/kadmin.c:1894
#, c-format
msgid "while getting attributes for principal \"%s\""
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1897
+#: ../../src/kadmin/cli/kadmin.c:1899
#, c-format
msgid "(No string attributes.)\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1916
+#: ../../src/kadmin/cli/kadmin.c:1918
msgid "usage: set_string principal key value\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1938
+#: ../../src/kadmin/cli/kadmin.c:1940
#, c-format
msgid "while setting attribute on principal \"%s\""
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1942
+#: ../../src/kadmin/cli/kadmin.c:1944
#, c-format
msgid "Attribute set for principal \"%s\".\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1957
+#: ../../src/kadmin/cli/kadmin.c:1959
msgid "usage: del_string principal key\n"
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1978
+#: ../../src/kadmin/cli/kadmin.c:1980
#, c-format
msgid "while deleting attribute from principal \"%s\""
msgstr ""
-#: ../../src/kadmin/cli/kadmin.c:1982
+#: ../../src/kadmin/cli/kadmin.c:1984
#, c-format
msgid "Attribute removed from principal \"%s\".\n"
msgstr ""
msgid "while renaming dump file into place"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:192
+#: ../../src/kadmin/dbutil/dump.c:196
msgid "while allocating dump_ok filename"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:199
+#: ../../src/kadmin/dbutil/dump.c:202
#, c-format
msgid "while creating 'ok' file, '%s'"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:206
+#: ../../src/kadmin/dbutil/dump.c:207
#, c-format
msgid "while locking 'ok' file, '%s'"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:250 ../../src/kadmin/dbutil/dump.c:279
+#: ../../src/kadmin/dbutil/dump.c:260 ../../src/kadmin/dbutil/dump.c:289
#, c-format
msgid "%s: regular expression error: %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:262
+#: ../../src/kadmin/dbutil/dump.c:272
#, c-format
msgid "%s: regular expression match error: %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:363
+#: ../../src/kadmin/dbutil/dump.c:373
#, c-format
msgid "%s: tagged data list inconsistency for %s (counted %d, stored %d)\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:522
+#: ../../src/kadmin/dbutil/dump.c:532
#, c-format
msgid ""
"Warning! Multiple DES-CBC-CRC keys for principal %s; skipping duplicates.\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:533
+#: ../../src/kadmin/dbutil/dump.c:543
#, c-format
msgid ""
"Warning! No DES-CBC-CRC key for principal %s, cannot generate OV-compatible "
"record; skipping\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:562
+#: ../../src/kadmin/dbutil/dump.c:572
#, c-format
msgid "while converting %s to new master key"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:583
+#: ../../src/kadmin/dbutil/dump.c:593
#, c-format
msgid "%s(%d): %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:626
+#: ../../src/kadmin/dbutil/dump.c:636
#, c-format
msgid "%s(%d): ignoring trash at end of line: "
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:689
+#: ../../src/kadmin/dbutil/dump.c:699
msgid "cannot read tagged data type and length"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:693
+#: ../../src/kadmin/dbutil/dump.c:703
msgid "data type or length overflowed"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:700
+#: ../../src/kadmin/dbutil/dump.c:710
msgid "cannot read tagged data contents"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:733
+#: ../../src/kadmin/dbutil/dump.c:743
msgid "cannot match size tokens"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:744
+#: ../../src/kadmin/dbutil/dump.c:754
msgid "cannot allocate tl_data (too large)"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:766
+#: ../../src/kadmin/dbutil/dump.c:776
msgid "cannot read name string"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:771
+#: ../../src/kadmin/dbutil/dump.c:781
#, c-format
msgid "while parsing name %s"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:779
+#: ../../src/kadmin/dbutil/dump.c:789
msgid "cannot read principal attributes"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:832
+#: ../../src/kadmin/dbutil/dump.c:842
msgid "cannot read key size and version"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:836
+#: ../../src/kadmin/dbutil/dump.c:846
msgid "unsupported key_data_ver version"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:847
+#: ../../src/kadmin/dbutil/dump.c:857
msgid "cannot read key type and length"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:853
+#: ../../src/kadmin/dbutil/dump.c:863
msgid "cannot read key data"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:863
+#: ../../src/kadmin/dbutil/dump.c:873
msgid "cannot read extra data"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:872
+#: ../../src/kadmin/dbutil/dump.c:882
#, c-format
msgid "while storing %s"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:911 ../../src/kadmin/dbutil/dump.c:950
-#: ../../src/kadmin/dbutil/dump.c:996 ../../src/kadmin/dbutil/dump.c:1015
+#: ../../src/kadmin/dbutil/dump.c:921 ../../src/kadmin/dbutil/dump.c:960
+#: ../../src/kadmin/dbutil/dump.c:1006 ../../src/kadmin/dbutil/dump.c:1025
#, c-format
msgid "cannot parse policy (%d read)\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:919 ../../src/kadmin/dbutil/dump.c:958
-#: ../../src/kadmin/dbutil/dump.c:1036
+#: ../../src/kadmin/dbutil/dump.c:929 ../../src/kadmin/dbutil/dump.c:968
+#: ../../src/kadmin/dbutil/dump.c:1046
msgid "while creating policy"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:923
+#: ../../src/kadmin/dbutil/dump.c:933
#, c-format
msgid "created policy %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1073
+#: ../../src/kadmin/dbutil/dump.c:1083
#, c-format
msgid "unknown record type \"%s\"\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1202
+#: ../../src/kadmin/dbutil/dump.c:1212
#, c-format
msgid "%s: Unknown iprop dump version %d\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1305 ../../src/kadmin/dbutil/dump.c:1532
+#: ../../src/kadmin/dbutil/dump.c:1316 ../../src/kadmin/dbutil/dump.c:1544
#, c-format
msgid "Iprop not enabled\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1342
+#: ../../src/kadmin/dbutil/dump.c:1353
msgid "Conditional dump is an undocumented option for use only for iprop dumps"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1355
+#: ../../src/kadmin/dbutil/dump.c:1366
msgid "Database not currently opened!"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1369
-#: ../../src/kadmin/dbutil/kdb5_stash.c:116
-#: ../../src/kadmin/dbutil/kdb5_util.c:485
+#: ../../src/kadmin/dbutil/dump.c:1380 ../../src/kadmin/dbutil/kdb5_stash.c:116
+#: ../../src/kadmin/dbutil/kdb5_util.c:448
msgid "while reading master key"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1375
+#: ../../src/kadmin/dbutil/dump.c:1386
msgid "while verifying master key"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1394 ../../src/kadmin/dbutil/dump.c:1404
+#: ../../src/kadmin/dbutil/dump.c:1405 ../../src/kadmin/dbutil/dump.c:1415
msgid "while reading new master key"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1398
+#: ../../src/kadmin/dbutil/dump.c:1409
#, c-format
msgid "Please enter new master key....\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1422
+#: ../../src/kadmin/dbutil/dump.c:1433
#, c-format
msgid "while opening %s for writing"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1437
+#: ../../src/kadmin/dbutil/dump.c:1448
msgid "while reading update log header"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1452 ../../src/kadmin/dbutil/dump.c:1459
+#: ../../src/kadmin/dbutil/dump.c:1463 ../../src/kadmin/dbutil/dump.c:1471
#, c-format
msgid "performing %s dump"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1489
+#: ../../src/kadmin/dbutil/dump.c:1501
#, c-format
msgid "%s: error processing line %d of %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1541
+#: ../../src/kadmin/dbutil/dump.c:1553
msgid "while parsing options"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1556
+#: ../../src/kadmin/dbutil/dump.c:1568
#, c-format
msgid "while opening %s"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1561 ../../src/kadmin/dbutil/dump.c:1660
+#: ../../src/kadmin/dbutil/dump.c:1573 ../../src/kadmin/dbutil/dump.c:1672
msgid "standard input"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1566
+#: ../../src/kadmin/dbutil/dump.c:1578
#, c-format
msgid "%s: can't read dump header in %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1574 ../../src/kadmin/dbutil/dump.c:1591
+#: ../../src/kadmin/dbutil/dump.c:1586 ../../src/kadmin/dbutil/dump.c:1603
#, c-format
msgid "%s: dump header bad in %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1600
+#: ../../src/kadmin/dbutil/dump.c:1612
#, c-format
msgid "Could not open iprop ulog\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1605
+#: ../../src/kadmin/dbutil/dump.c:1617
#, c-format
msgid "%s: dump version %s can only be loaded with the -update flag\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1614 ../../src/kadmin/dbutil/dump.c:1619
+#: ../../src/kadmin/dbutil/dump.c:1626 ../../src/kadmin/dbutil/dump.c:1631
msgid "computing parameters for database"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1625
+#: ../../src/kadmin/dbutil/dump.c:1637
msgid "while creating database"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1634
+#: ../../src/kadmin/dbutil/dump.c:1646
msgid "while opening database"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1644
+#: ../../src/kadmin/dbutil/dump.c:1656
msgid "while permanently locking database"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1662
+#: ../../src/kadmin/dbutil/dump.c:1674
#, c-format
msgid "%s: %s restore failed\n"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1667
+#: ../../src/kadmin/dbutil/dump.c:1679
msgid "while unlocking database"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1677 ../../src/kadmin/dbutil/dump.c:1696
+#: ../../src/kadmin/dbutil/dump.c:1689 ../../src/kadmin/dbutil/dump.c:1708
msgid "while reinitializing update log"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1687
+#: ../../src/kadmin/dbutil/dump.c:1699
msgid "while making newly loaded database live"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1703
+#: ../../src/kadmin/dbutil/dump.c:1715
msgid "while writing update log header"
msgstr ""
-#: ../../src/kadmin/dbutil/dump.c:1717
+#: ../../src/kadmin/dbutil/dump.c:1729
#, c-format
msgid "while deleting bad database %s"
msgstr ""
-#: ../../src/kadmin/dbutil/kadm5_create.c:84
+#: ../../src/kadmin/dbutil/kadm5_create.c:79
msgid "while looking up the Kerberos configuration"
msgstr ""
-#: ../../src/kadmin/dbutil/kadm5_create.c:111
+#: ../../src/kadmin/dbutil/kadm5_create.c:105
msgid "while initializing the Kerberos admin interface"
msgstr ""
-#: ../../src/kadmin/dbutil/kadm5_create.c:158
+#: ../../src/kadmin/dbutil/kadm5_create.c:152
msgid "while canonicalizing local hostname"
msgstr ""
-#: ../../src/kadmin/dbutil/kadm5_create.c:163
-#: ../../src/kadmin/dbutil/kadm5_create.c:168
+#: ../../src/kadmin/dbutil/kadm5_create.c:157
+#: ../../src/kadmin/dbutil/kadm5_create.c:162
#, c-format
msgid "Out of memory\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kadm5_create.c:244
+#: ../../src/kadmin/dbutil/kadm5_create.c:238
msgid "while appending realm to principal"
msgstr ""
-#: ../../src/kadmin/dbutil/kadm5_create.c:249
+#: ../../src/kadmin/dbutil/kadm5_create.c:243
msgid "while parsing admin principal name"
msgstr ""
-#: ../../src/kadmin/dbutil/kadm5_create.c:260
+#: ../../src/kadmin/dbutil/kadm5_create.c:254
#, c-format
msgid "while creating principal %s"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:175
-#: ../../src/kadmin/dbutil/kdb5_util.c:244
-#: ../../src/kadmin/dbutil/kdb5_util.c:251
-msgid "while parsing command arguments\n"
-msgstr ""
-
-#: ../../src/kadmin/dbutil/kdb5_create.c:198
+#: ../../src/kadmin/dbutil/kdb5_create.c:191
#, c-format
msgid "Loading random data\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:201
+#: ../../src/kadmin/dbutil/kdb5_create.c:194
msgid "Loading random data"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:211
-#: ../../src/kadmin/dbutil/kdb5_util.c:429
+#: ../../src/kadmin/dbutil/kdb5_create.c:204
+#: ../../src/kadmin/dbutil/kdb5_util.c:392
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:608
msgid "while setting up master key name"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:222
+#: ../../src/kadmin/dbutil/kdb5_create.c:215
#, c-format
msgid ""
"Initializing database '%s' for realm '%s',\n"
"master key name '%s'\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:227
+#: ../../src/kadmin/dbutil/kdb5_create.c:220
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:517
#, c-format
msgid "You will be prompted for the database Master Password.\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:228
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:252
+#: ../../src/kadmin/dbutil/kdb5_create.c:221
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:255
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:518
#, c-format
msgid "It is important that you NOT FORGET this password.\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:234
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:258
+#: ../../src/kadmin/dbutil/kdb5_create.c:227
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:261
msgid "while creating new master key"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:242
+#: ../../src/kadmin/dbutil/kdb5_create.c:235
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:528
msgid "while reading master key from keyboard"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:252
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:277
+#: ../../src/kadmin/dbutil/kdb5_create.c:245
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:280
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:620
msgid "while calculating master key salt"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:260
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:286
-#: ../../src/kadmin/dbutil/kdb5_util.c:471
+#: ../../src/kadmin/dbutil/kdb5_create.c:253
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:289
+#: ../../src/kadmin/dbutil/kdb5_util.c:434
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:632
msgid "while transforming master key from password"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:270
+#: ../../src/kadmin/dbutil/kdb5_create.c:263
msgid "while initializing random key generator"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:275
+#: ../../src/kadmin/dbutil/kdb5_create.c:268
#, c-format
msgid "while creating database '%s'"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:293
+#: ../../src/kadmin/dbutil/kdb5_create.c:286
msgid "while creating update log"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:304
+#: ../../src/kadmin/dbutil/kdb5_create.c:297
msgid "while initializing update log"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:319
+#: ../../src/kadmin/dbutil/kdb5_create.c:312
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:644
msgid "while adding entries to the database"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:347
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:330
+#: ../../src/kadmin/dbutil/kdb5_create.c:340
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:333
#: ../../src/kadmin/dbutil/kdb5_stash.c:133
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:669
msgid "while storing key"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_create.c:348
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:331
+#: ../../src/kadmin/dbutil/kdb5_create.c:341
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:334
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:670
#, c-format
msgid "Warning: couldn't stash master key.\n"
msgstr ""
#: ../../src/kadmin/dbutil/kdb5_destroy.c:71
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1108
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1111
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:360
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1476
#, c-format
msgid "** Database '%s' destroyed.\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:220
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:223
#, c-format
msgid "%s is an invalid enctype"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:242
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:418
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:561
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:938
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1099
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:245
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:421
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:564
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:941
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1102
#, c-format
msgid "while getting master key principal %s"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:248
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:251
#, c-format
msgid "Creating new master key for master key principal '%s'\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:251
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:254
#, c-format
msgid "You will be prompted for a new database Master Password.\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:267
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:270
msgid "while reading new master key from keyboard"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:296
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:299
msgid "adding new master key to master principal"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:302
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:387
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:803
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1304
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:305
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:390
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:806
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1307
msgid "while getting current time"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:309
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:519
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1311
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:312
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:522
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1314
msgid "while updating the master key principal modification time"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:316
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:527
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1321
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:319
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:530
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1324
msgid "while adding master key entry to the database"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:368
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:371
msgid "0 is an invalid KVNO value"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:379
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:382
#, c-format
msgid "%d is an invalid KVNO value"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:395
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:398
#, c-format
msgid "could not parse date-time string '%s'"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:427
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:430
msgid "while looking up active version of master key"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:466
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:469
msgid "while adding new master key"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:504
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:507
msgid "there must be one master key currently active"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:512
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1290
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:515
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1293
msgid "while updating actkvno data for master principal entry"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:553
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:900
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1069
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:556
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:903
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1072
msgid "master keylist not initialized"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:569
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:946
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1196
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:572
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:949
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1199
msgid "while looking up active kvno list"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:577
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:954
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:580
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:957
msgid "while looking up active master key"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:589
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:592
msgid "while getting enctype description"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:606
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:609
#, c-format
msgid "KVNO: %d, Enctype: %s, Active on: %s *\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:611
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:614
#, c-format
msgid "KVNO: %d, Enctype: %s, Active on: %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:615
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:618
#, c-format
msgid "KVNO: %d, Enctype: %s, No activate time set\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:620
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:623
msgid "asprintf could not allocate enough memory to hold output"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:753
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:756
msgid "getting string representation of principal name"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:777
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:780
#, c-format
msgid "determining master key used for principal '%s'"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:783
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:786
#, c-format
msgid "would skip: %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:785
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:788
#, c-format
msgid "skipping: %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:791
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:794
#, c-format
msgid "would update: %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:795
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:798
#, c-format
msgid "updating: %s\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:799
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:802
#, c-format
msgid "error re-encrypting key for principal '%s'"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:810
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:813
#, c-format
msgid "while updating principal '%s' modification time"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:817
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:820
#, c-format
msgid "while updating principal '%s' key data in the database"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:849
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:852
#, c-format
msgid ""
"\n"
"(type 'yes' to confirm)? "
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:911
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:914
#, c-format
msgid "converting glob pattern '%s' to regular expression"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:929
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:932
#, c-format
msgid "error compiling converted regexp '%s'"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:962
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:965
#, c-format
msgid "Re-encrypt all keys not using master key vno %u?"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:964
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:967
#, c-format
msgid "OK, doing nothing.\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:970
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:973
#, c-format
msgid "Principals whose keys WOULD BE re-encrypted to master key vno %u:\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:973
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:976
#, c-format
msgid ""
"Principals whose keys are being re-encrypted to master key vno %u if "
"necessary:\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:989
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:992
msgid "trying to process principal database"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:993
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:996
#, c-format
msgid "%u principals processed: %u would be updated, %u already current\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:997
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1000
#, c-format
msgid "%u principals processed: %u updated, %u already current\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1106
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1109
#, c-format
msgid ""
"Will purge all unused master keys stored in the '%s' principal, are you "
"sure?\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1117
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1120
#, c-format
msgid "OK, purging unused master keys from '%s'...\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1125
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1128
#, c-format
msgid "There is only one master key which can not be purged.\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1134
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1137
msgid "while allocating args.kvnos"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1150
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1153
msgid "while finding master keys in use"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1159
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1162
#, c-format
msgid "Would purge the following master key(s) from %s:\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1162
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1165
#, c-format
msgid "Purging the following master key(s) from %s:\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1174
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1177
msgid "master key stash file needs updating, command aborting"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1180
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1183
#, c-format
msgid "KVNO: %d\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1185
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1188
#, c-format
msgid "All keys in use, nothing purged.\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1190
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1193
#, c-format
msgid "%d key(s) would be purged.\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1203
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1206
msgid "while looking up mkey aux data list"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1211
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1214
msgid "while allocating key_data"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1298
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1301
msgid "while updating mkey_aux data for master principal entry"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_mkey.c:1325
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1328
#, c-format
msgid "%d key(s) purged.\n"
msgstr ""
#: ../../src/kadmin/dbutil/kdb5_util.c:80
#, c-format
msgid ""
-"Usage: kdb5_util [-x db_args]* [-r realm] [-d dbname] [-k mkeytype] [-M "
-"mkeyname]\n"
-"\t [-kv mkeyVNO] [-sf stashfilename] [-m] cmd [cmd_options]\n"
+"Usage: kdb5_util [-r realm] [-d dbname] [-k mkeytype] [-kv mkeyVNO]\n"
+"\t [-M mkeyname] [-m] [-sf stashfilename] [-P password]\n"
+"\t [-x db_args]* cmd [cmd_options]\n"
"\tcreate [-s]\n"
"\tdestroy [-f]\n"
"\tstash [-f keyfile]\n"
"\tlist_mkeys\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:98
+#: ../../src/kadmin/dbutil/kdb5_util.c:99
#, c-format
msgid ""
"\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n"
"\t\t\tLook at each database documentation for supported arguments\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:214
+#: ../../src/kadmin/dbutil/kdb5_util.c:215
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:260
msgid "while initializing Kerberos code"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:220
+#: ../../src/kadmin/dbutil/kdb5_util.c:221
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:267
msgid "while creating sub-command arguments"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:238
+#: ../../src/kadmin/dbutil/kdb5_util.c:239
msgid "while parsing command arguments"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:262
+#: ../../src/kadmin/dbutil/kdb5_util.c:245
+#: ../../src/kadmin/dbutil/kdb5_util.c:252
+msgid "while parsing command arguments\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:263
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:291
msgid "while setting default realm name"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:267
+#: ../../src/kadmin/dbutil/kdb5_util.c:268
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:298
#, c-format
msgid ": %s is an invalid enctype"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:275
+#: ../../src/kadmin/dbutil/kdb5_util.c:276
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:307
#, c-format
msgid ": %s is an invalid mkeyVNO"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:320
+#: ../../src/kadmin/dbutil/kdb5_util.c:321
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:431
msgid "while retreiving configuration parameters"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:373
-msgid "Too few arguments"
-msgstr ""
-
-#: ../../src/kadmin/dbutil/kdb5_util.c:374
-#, c-format
-msgid "Usage: %s dbpathname realmname"
-msgstr ""
-
-#: ../../src/kadmin/dbutil/kdb5_util.c:380
-msgid "while closing previous database"
-msgstr ""
-
-#: ../../src/kadmin/dbutil/kdb5_util.c:418
+#: ../../src/kadmin/dbutil/kdb5_util.c:381
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:883
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1491
#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:564
msgid "while initializing database"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:435
+#: ../../src/kadmin/dbutil/kdb5_util.c:398
msgid "while retrieving master entry"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:454
+#: ../../src/kadmin/dbutil/kdb5_util.c:417
msgid "while calculated master key salt"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:486
+#: ../../src/kadmin/dbutil/kdb5_util.c:449
msgid "Warning: proceeding without master key"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:504
+#: ../../src/kadmin/dbutil/kdb5_util.c:467
msgid "while seeding random number generator"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:514
+#: ../../src/kadmin/dbutil/kdb5_util.c:477
#, c-format
msgid "%s: Could not map log\n"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:543
+#: ../../src/kadmin/dbutil/kdb5_util.c:506
msgid "while closing database"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:590
+#: ../../src/kadmin/dbutil/kdb5_util.c:553
#, c-format
msgid "while fetching principal %s"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:613
+#: ../../src/kadmin/dbutil/kdb5_util.c:576
msgid "while finding mkey"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:638
+#: ../../src/kadmin/dbutil/kdb5_util.c:601
msgid "while setting changetime"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:646
+#: ../../src/kadmin/dbutil/kdb5_util.c:609
#, c-format
msgid "while saving principal %s"
msgstr ""
-#: ../../src/kadmin/dbutil/kdb5_util.c:650
+#: ../../src/kadmin/dbutil/kdb5_util.c:613
#, c-format
msgid "%s changed\n"
msgstr ""
-#: ../../src/kadmin/dbutil/tabdump.c:576
+#: ../../src/kadmin/dbutil/tabdump.c:573
#, c-format
msgid "opening %s for writing"
msgstr ""
-#: ../../src/kadmin/dbutil/tabdump.c:662
+#: ../../src/kadmin/dbutil/tabdump.c:659
msgid "performing tabular dump"
msgstr ""
msgid "%s: writing srvtabs is no longer supported\n"
msgstr ""
-#: ../../src/kadmin/ktutil/ktutil.c:177
+#: ../../src/kadmin/ktutil/ktutil.c:178
#, c-format
msgid ""
-"usage: %s (-key | -password) -p principal -k kvno -e enctype [-s salt]\n"
+"usage: %s (-key | -password) -p principal -k kvno [-e enctype] [-f|-s salt]\n"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:183
+#, c-format
+msgid "enctype must be specified if not using -f\n"
msgstr ""
-#: ../../src/kadmin/ktutil/ktutil.c:185
+#: ../../src/kadmin/ktutil/ktutil.c:190
msgid "while adding new entry"
msgstr ""
-#: ../../src/kadmin/ktutil/ktutil.c:195
+#: ../../src/kadmin/ktutil/ktutil.c:200
#, c-format
msgid "%s: must specify entry to delete\n"
msgstr ""
-#: ../../src/kadmin/ktutil/ktutil.c:200
+#: ../../src/kadmin/ktutil/ktutil.c:205
#, c-format
msgid "while deleting entry %d"
msgstr ""
-#: ../../src/kadmin/ktutil/ktutil.c:228
+#: ../../src/kadmin/ktutil/ktutil.c:233
#, c-format
msgid "%s: usage: %s [-t] [-k] [-e]\n"
msgstr ""
-#: ../../src/kadmin/ktutil/ktutil.c:268
+#: ../../src/kadmin/ktutil/ktutil.c:272
msgid "While converting enctype to string"
msgstr ""
-#: ../../src/kadmin/ktutil/ktutil_funcs.c:163
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:196
#, c-format
msgid "Password for %.1000s"
msgstr ""
-#: ../../src/kadmin/ktutil/ktutil_funcs.c:185
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:214
#, c-format
msgid "Key for %s (hex): "
msgstr ""
-#: ../../src/kadmin/ktutil/ktutil_funcs.c:197
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:226
#, c-format
msgid "addent: Error reading key.\n"
msgstr ""
-#: ../../src/kadmin/ktutil/ktutil_funcs.c:212
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:234
#, c-format
msgid "addent: Illegal character in key.\n"
msgstr ""
msgid "gss_to_krb5_name: failed display_name status %d"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:87
+#: ../../src/kadmin/server/ovsec_kadmd.c:86
#, c-format
msgid ""
"Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] [-port port-number]\n"
"\t\t\tLook at each database documentation for supported arguments\n"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:112
+#: ../../src/kadmin/server/ovsec_kadmd.c:110
#, c-format
msgid "%s: %s while %s, aborting\n"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:114
+#: ../../src/kadmin/server/ovsec_kadmd.c:112
#, c-format
msgid "%s while %s, aborting\n"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:116
+#: ../../src/kadmin/server/ovsec_kadmd.c:114
#, c-format
msgid "%s: %s, aborting\n"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:117
+#: ../../src/kadmin/server/ovsec_kadmd.c:115
#, c-format
msgid "%s, aborting"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:286
+#: ../../src/kadmin/server/ovsec_kadmd.c:282
#, c-format
msgid ""
"WARNING! Forged/garbled request: %s, claimed client = %.*s%s, server = %.*s"
"%s, addr = %s"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:292
+#: ../../src/kadmin/server/ovsec_kadmd.c:288
#, c-format
msgid ""
"WARNING! Forged/garbled request: %d, claimed client = %.*s%s, server = %.*s"
"%s, addr = %s"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:306
+#: ../../src/kadmin/server/ovsec_kadmd.c:302
#, c-format
msgid "Miscellaneous RPC error: %s, %s"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:322
+#: ../../src/kadmin/server/ovsec_kadmd.c:318
#, c-format
msgid "%s Cannot decode status %d"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:340
+#: ../../src/kadmin/server/ovsec_kadmd.c:336
#, c-format
msgid "Authentication attempt failed: %s, GSS-API error strings are:"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:345
+#: ../../src/kadmin/server/ovsec_kadmd.c:341
msgid " GSS-API error strings complete."
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:383
+#: ../../src/kadmin/server/ovsec_kadmd.c:379
#, c-format
msgid "%s: cannot initialize. Not enough memory\n"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:455
+#: ../../src/kadmin/server/ovsec_kadmd.c:451
#, c-format
msgid "%s: %s while initializing context, aborting\n"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:466
+#: ../../src/kadmin/server/ovsec_kadmd.c:462
msgid "initializing"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:470
+#: ../../src/kadmin/server/ovsec_kadmd.c:466
msgid "getting config parameters"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:472
+#: ../../src/kadmin/server/ovsec_kadmd.c:468
msgid "Missing required realm configuration"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:474
+#: ../../src/kadmin/server/ovsec_kadmd.c:470
msgid "Missing required ACL file configuration"
msgstr ""
+#: ../../src/kadmin/server/ovsec_kadmd.c:472
+msgid "-proponly can only be used when iprop_enable is true"
+msgstr ""
+
#: ../../src/kadmin/server/ovsec_kadmd.c:478
msgid "initializing network"
msgstr ""
msgid "starting"
msgstr ""
-#: ../../src/kadmin/server/ovsec_kadmd.c:546 ../../src/kdc/main.c:1069
+#: ../../src/kadmin/server/ovsec_kadmd.c:546 ../../src/kdc/main.c:1047
#, c-format
msgid "%s: starting...\n"
msgstr ""
msgid "chpw request from %s for %.*s%s: %s"
msgstr ""
-#: ../../src/kadmin/server/schpw.c:444
+#: ../../src/kadmin/server/schpw.c:446
#, c-format
msgid "chpw: Couldn't open admin keytab %s"
msgstr ""
msgid "AS_REQ : handle_authdata (%d)"
msgstr ""
-#: ../../src/kdc/do_tgs_req.c:659
+#: ../../src/kdc/do_tgs_req.c:643
msgid "not checking transit path"
msgstr ""
-#: ../../src/kdc/do_tgs_req.c:682
+#: ../../src/kdc/do_tgs_req.c:666
#, c-format
msgid "TGS_REQ : handle_authdata (%d)"
msgstr ""
msgid "AS_REQ (%s) %s: %s: %s for %s%s%s"
msgstr ""
-#: ../../src/kdc/kdc_log.c:162
+#: ../../src/kdc/kdc_log.c:154
#, c-format
msgid "TGS_REQ (%s) %s: %s: authtime %u, %s%s %s for %s%s%s"
msgstr ""
-#: ../../src/kdc/kdc_log.c:169
+#: ../../src/kdc/kdc_log.c:161
#, c-format
msgid "... PROTOCOL-TRANSITION s4u-client=%s"
msgstr ""
-#: ../../src/kdc/kdc_log.c:173
+#: ../../src/kdc/kdc_log.c:165
#, c-format
msgid "... CONSTRAINED-DELEGATION s4u-client=%s"
msgstr ""
-#: ../../src/kdc/kdc_log.c:177
+#: ../../src/kdc/kdc_log.c:169
#, c-format
msgid "TGS_REQ %s: %s: authtime %u, %s for %s, 2nd tkt client %s"
msgstr ""
-#: ../../src/kdc/kdc_log.c:211
+#: ../../src/kdc/kdc_log.c:203
#, c-format
msgid "bad realm transit path from '%s' to '%s' via '%.*s%s'"
msgstr ""
-#: ../../src/kdc/kdc_log.c:217
+#: ../../src/kdc/kdc_log.c:209
#, c-format
msgid "unexpected error checking transit from '%s' to '%s' via '%.*s%s': %s"
msgstr ""
-#: ../../src/kdc/kdc_log.c:235
+#: ../../src/kdc/kdc_log.c:227
msgid "TGS_REQ: issuing alternate <un-unparseable> TGT"
msgstr ""
-#: ../../src/kdc/kdc_log.c:238
+#: ../../src/kdc/kdc_log.c:230
#, c-format
msgid "TGS_REQ: issuing TGT %s"
msgstr ""
-#: ../../src/kdc/kdc_preauth.c:310
+#: ../../src/kdc/kdc_preauth.c:215
#, c-format
msgid "preauth %s failed to initialize: %s"
msgstr ""
-#: ../../src/kdc/kdc_preauth.c:321
+#: ../../src/kdc/kdc_preauth.c:226
#, c-format
msgid "preauth %s failed to setup loop: %s"
msgstr ""
-#: ../../src/kdc/kdc_preauth.c:804
+#: ../../src/kdc/kdc_preauth.c:914
#, c-format
msgid "%spreauth required but hint list is empty"
msgstr ""
msgid "Required auth indicators not present in ticket: %s"
msgstr ""
-#: ../../src/kdc/main.c:234
+#: ../../src/kdc/main.c:230
#, c-format
msgid "while getting context for realm %s"
msgstr ""
-#: ../../src/kdc/main.c:342
+#: ../../src/kdc/main.c:338
#, c-format
msgid "while setting default realm to %s"
msgstr ""
-#: ../../src/kdc/main.c:350
+#: ../../src/kdc/main.c:346
#, c-format
msgid "while initializing database for realm %s"
msgstr ""
-#: ../../src/kdc/main.c:359
+#: ../../src/kdc/main.c:355
#, c-format
msgid "while setting up master key name %s for realm %s"
msgstr ""
-#: ../../src/kdc/main.c:372
+#: ../../src/kdc/main.c:368
#, c-format
msgid "while fetching master key %s for realm %s"
msgstr ""
-#: ../../src/kdc/main.c:380
+#: ../../src/kdc/main.c:376
#, c-format
msgid "while fetching master keys list for realm %s"
msgstr ""
-#: ../../src/kdc/main.c:389
+#: ../../src/kdc/main.c:385
#, c-format
msgid "while resolving kdb keytab for realm %s"
msgstr ""
-#: ../../src/kdc/main.c:398
+#: ../../src/kdc/main.c:394
#, c-format
msgid "while building TGS name for realm %s"
msgstr ""
-#: ../../src/kdc/main.c:516
+#: ../../src/kdc/main.c:512
#, c-format
msgid "creating %d worker processes"
msgstr ""
-#: ../../src/kdc/main.c:526
+#: ../../src/kdc/main.c:522
msgid "Unable to reinitialize main loop"
msgstr ""
-#: ../../src/kdc/main.c:531
+#: ../../src/kdc/main.c:527
#, c-format
msgid "Unable to initialize signal handlers in pid %d"
msgstr ""
-#: ../../src/kdc/main.c:561
+#: ../../src/kdc/main.c:557
#, c-format
msgid "worker %ld exited with status %d"
msgstr ""
-#: ../../src/kdc/main.c:585
+#: ../../src/kdc/main.c:581
#, c-format
msgid "signal %d received in supervisor"
msgstr ""
-#: ../../src/kdc/main.c:604
+#: ../../src/kdc/main.c:593
#, c-format
msgid ""
"usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n"
"arguments\n"
msgstr ""
-#: ../../src/kdc/main.c:679 ../../src/kdc/main.c:686 ../../src/kdc/main.c:800
+#: ../../src/kdc/main.c:668 ../../src/kdc/main.c:675 ../../src/kdc/main.c:790
#, c-format
msgid " KDC cannot initialize. Not enough memory\n"
msgstr ""
-#: ../../src/kdc/main.c:705 ../../src/kdc/main.c:748 ../../src/kdc/main.c:759
+#: ../../src/kdc/main.c:694 ../../src/kdc/main.c:737 ../../src/kdc/main.c:748
#, c-format
msgid "%s: KDC cannot initialize. Not enough memory\n"
msgstr ""
-#: ../../src/kdc/main.c:725 ../../src/kdc/main.c:842
+#: ../../src/kdc/main.c:714 ../../src/kdc/main.c:827
#, c-format
msgid "%s: cannot initialize realm %s - see log file for details\n"
msgstr ""
-#: ../../src/kdc/main.c:736
+#: ../../src/kdc/main.c:725
#, c-format
msgid "%s: cannot initialize realm %s. Not enough memory\n"
msgstr ""
-#: ../../src/kdc/main.c:787
+#: ../../src/kdc/main.c:776
#, c-format
msgid "invalid enctype %s"
msgstr ""
-#: ../../src/kdc/main.c:830
+#: ../../src/kdc/main.c:815
msgid "while attempting to retrieve default realm"
msgstr ""
-#: ../../src/kdc/main.c:832
+#: ../../src/kdc/main.c:817
#, c-format
msgid "%s: %s, attempting to retrieve default realm\n"
msgstr ""
-#: ../../src/kdc/main.c:940
+#: ../../src/kdc/main.c:925
#, c-format
msgid "%s: cannot get memory for realm list\n"
msgstr ""
-#: ../../src/kdc/main.c:975
+#: ../../src/kdc/main.c:960
msgid "while initializing lookaside cache"
msgstr ""
-#: ../../src/kdc/main.c:983
+#: ../../src/kdc/main.c:968
msgid "while creating main loop"
msgstr ""
-#: ../../src/kdc/main.c:992
+#: ../../src/kdc/main.c:977
msgid "while loading KDC policy plugin"
msgstr ""
-#: ../../src/kdc/main.c:999
-msgid "while initializing SAM"
-msgstr ""
-
-#: ../../src/kdc/main.c:1024
+#: ../../src/kdc/main.c:1002
msgid "while initializing signal handlers"
msgstr ""
-#: ../../src/kdc/main.c:1032
+#: ../../src/kdc/main.c:1010
msgid "while initializing network"
msgstr ""
-#: ../../src/kdc/main.c:1037
+#: ../../src/kdc/main.c:1015
msgid "while detaching from tty"
msgstr ""
-#: ../../src/kdc/main.c:1044
+#: ../../src/kdc/main.c:1022
msgid "while creating PID file"
msgstr ""
-#: ../../src/kdc/main.c:1053
+#: ../../src/kdc/main.c:1031
msgid "creating worker processes"
msgstr ""
-#: ../../src/kdc/main.c:1063
+#: ../../src/kdc/main.c:1041
msgid "while loading audit plugin module(s)"
msgstr ""
-#: ../../src/kdc/main.c:1067
+#: ../../src/kdc/main.c:1045
msgid "commencing operation"
msgstr ""
-#: ../../src/kdc/main.c:1075
+#: ../../src/kdc/main.c:1053
msgid "shutting down"
msgstr ""
msgid "while loading policy module %s"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:221
-msgid "Got signal to request exit"
+#: ../../src/kprop/kprop.c:85
+#, c-format
+msgid ""
+"\n"
+"Usage: %s [-r realm] [-f file] [-d] [-P port] [-s srvtab] replica_host\n"
+"\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:235
-msgid "Got signal to reset"
+#: ../../src/kprop/kprop.c:114
+#, c-format
+msgid "Database propagation to %s: SUCCEEDED\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:301
-#, c-format
-msgid "Invalid port %d"
+#: ../../src/kprop/kprop.c:175
+msgid "while setting client principal name"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:314
-#, c-format
-msgid "Removing address %s since wildcard address is being added"
+#: ../../src/kprop/kprop.c:184
+msgid "while setting server principal name"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:321
-msgid "Address already added to server"
+#: ../../src/kprop/kprop.c:197
+msgid "while resolving keytab"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:484
-#, c-format
-msgid "closing down fd %d"
+#: ../../src/kprop/kprop.c:205
+msgid "while getting initial credentials\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:498
-#, c-format
-msgid "descriptor %d closed but still in svc_fdset"
+#: ../../src/kprop/kprop.c:241
+msgid "while creating socket"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:524
-msgid "cannot create io event"
+#: ../../src/kprop/kprop.c:257
+msgid "while converting server address"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:529
-msgid "cannot save event"
+#: ../../src/kprop/kprop.c:267
+msgid "while connecting to server"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:549
-#, c-format
-msgid "file descriptor number %d too high"
+#: ../../src/kprop/kprop.c:274 ../../src/kprop/kpropd.c:1199
+msgid "while getting local socket address"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:556
-msgid "cannot allocate storage for connection info"
+#: ../../src/kprop/kprop.c:279
+msgid "while converting local address"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:591
-#, c-format
-msgid "Cannot create TCP server socket on %s"
+#: ../../src/kprop/kprop.c:302
+msgid "in krb5_auth_con_setaddrs"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:600
-#, c-format
-msgid "TCP socket fd number %d (for %s) too high"
+#: ../../src/kprop/kprop.c:310
+msgid "while authenticating to server"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:607
+#: ../../src/kprop/kprop.c:314 ../../src/kprop/kprop.c:513
+#: ../../src/kprop/kpropd.c:1505
#, c-format
-msgid "Cannot enable SO_REUSEADDR on fd %d"
+msgid "Generic remote error: %s\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:612
-#, c-format
-msgid "setsockopt(%d,IPV6_V6ONLY,1) failed"
+#: ../../src/kprop/kprop.c:320 ../../src/kprop/kprop.c:519
+msgid "signalled from server"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:615
+#: ../../src/kprop/kprop.c:322 ../../src/kprop/kprop.c:521
#, c-format
-msgid "setsockopt(%d,IPV6_V6ONLY,1) worked"
+msgid "Error text from server: %s\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:618
-msgid "no IPV6_V6ONLY socket option support"
+#: ../../src/kprop/kprop.c:350
+#, c-format
+msgid "allocating database file name '%s'"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:624
+#: ../../src/kprop/kprop.c:356
#, c-format
-msgid "Cannot bind server socket on %s"
+msgid "while trying to open %s"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:694
-#, c-format
-msgid "Setting up %s socket for address %s"
+#: ../../src/kprop/kprop.c:363
+msgid "database locked"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:707
+#: ../../src/kprop/kprop.c:366 ../../src/kprop/kpropd.c:552
#, c-format
-msgid "Cannot listen on %s server socket on %s"
+msgid "while trying to lock '%s'"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:716
+#: ../../src/kprop/kprop.c:370 ../../src/kprop/kprop.c:378
#, c-format
-msgid "cannot set listening %s socket on %s non-blocking"
+msgid "while trying to stat %s"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:724
-#, c-format
-msgid "cannot set SO_LINGER on %s socket on %s"
+#: ../../src/kprop/kprop.c:374
+msgid "while trying to malloc data_ok_fn"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:731
+#: ../../src/kprop/kprop.c:383
#, c-format
-msgid "Setting pktinfo on socket %s"
+msgid "'%s' more recent than '%s'."
msgstr ""
-#: ../../src/lib/apputils/net-server.c:736
+#: ../../src/kprop/kprop.c:399
#, c-format
-msgid "Cannot request packet info for UDP socket address %s port %d"
+msgid "while unlocking database '%s'"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:738
-msgid ""
-"System does not support pktinfo yet binding to a wildcard address. Packets "
-"are not guaranteed to return on the received address."
+#: ../../src/kprop/kprop.c:432 ../../src/kprop/kprop.c:433
+msgid "while encoding database size"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:750
-msgid "Error attempting to add verto event"
+#: ../../src/kprop/kprop.c:441
+msgid "while sending database size"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:759
-#, c-format
-msgid "Cannot create RPC service: %s"
+#: ../../src/kprop/kprop.c:451
+msgid "while allocating i_vector"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:769
+#: ../../src/kprop/kprop.c:474
#, c-format
-msgid "Cannot register RPC service: %s"
+msgid "while sending database block starting at %d"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:813
-msgid "No addresses added to the net server"
+#: ../../src/kprop/kprop.c:484
+msgid "Premature EOF found for database file!"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:832
-#, c-format
-msgid "Failed getting address info (for %s): %s"
+#: ../../src/kprop/kprop.c:497
+msgid "while reading response from server"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:862
-#, c-format
-msgid "Failed setting up a %s socket (for %s)"
+#: ../../src/kprop/kprop.c:508
+msgid "while decoding error response from server"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:903
-msgid "setting up network..."
+#: ../../src/kprop/kprop.c:539
+#, c-format
+msgid "Kpropd sent database size %d, expecting %d"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:906
-msgid "Error setting up network"
+#: ../../src/kprop/kprop.c:584
+msgid "while allocating filename for update_last_prop_file"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:909
+#: ../../src/kprop/kprop.c:589
#, c-format
-msgid "set up %d sockets"
-msgstr ""
-
-#: ../../src/lib/apputils/net-server.c:912
-msgid "no sockets set up?"
+msgid "while creating 'last_prop' file, '%s'"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:975
-#: ../../src/lib/apputils/net-server.c:1029
-msgid "while dispatching (udp)"
+#: ../../src/kprop/kpropd.c:171
+#, c-format
+msgid ""
+"\n"
+"Usage: %s [-r realm] [-s srvtab] [-dS] [-f replica_file]\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1004
+#: ../../src/kprop/kpropd.c:173
#, c-format
-msgid "while sending reply to %s/%s from %s"
+msgid "\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1009
+#: ../../src/kprop/kpropd.c:174
#, c-format
-msgid "short reply write %d vs %d\n"
+msgid "\t[-x db_args]* [-P port] [-a acl_file]\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1054
-msgid "while receiving from network"
+#: ../../src/kprop/kpropd.c:175
+#, c-format
+msgid "\t[-A admin_server] [--pid-file=pid_file]\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1070
+#: ../../src/kprop/kpropd.c:231
#, c-format
-msgid "pktinfo says local addr is %s"
+msgid "Killing fullprop child (%d)\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1108
-msgid "too many connections"
+#: ../../src/kprop/kpropd.c:260
+msgid "while checking if stdin is a socket"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1131
+#: ../../src/kprop/kpropd.c:278
#, c-format
-msgid "dropping %s fd %d from %s"
+msgid "ready\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1205
+#: ../../src/kprop/kpropd.c:284
#, c-format
-msgid "allocating buffer for new TCP session from %s"
-msgstr ""
-
-#: ../../src/lib/apputils/net-server.c:1237
-msgid "while dispatching (tcp)"
+msgid "Could not write pid file %s: %s"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1269
-msgid "error allocating tcp dispatch private!"
+#: ../../src/kprop/kpropd.c:296
+#, c-format
+msgid "Could not open /dev/null: %s"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1316
+#: ../../src/kprop/kpropd.c:303
#, c-format
-msgid "TCP client %s wants %lu bytes, cap is %lu"
+msgid "Could not dup the inetd socket: %s"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1324
-#, c-format
-msgid "error constructing KRB_ERR_FIELD_TOOLONG error! %s"
+#: ../../src/kprop/kpropd.c:338 ../../src/kprop/kpropd.c:351
+msgid "do_iprop failed.\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1363
+#: ../../src/kprop/kpropd.c:390
#, c-format
-msgid "getsockname failed: %s"
+msgid "getaddrinfo: %s\n"
msgstr ""
-#: ../../src/lib/apputils/net-server.c:1507
-#, c-format
-msgid "accepted RPC connection on socket %d from %s"
+#: ../../src/kprop/kpropd.c:396
+msgid "while obtaining socket"
msgstr ""
-#: ../../src/lib/crypto/krb/prng_fortuna.c:428
-msgid "Random number generator could not be seeded"
+#: ../../src/kprop/kpropd.c:402
+msgid "while setting SO_REUSEADDR option"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:43
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:165
-msgid "A required input parameter could not be read"
+#: ../../src/kprop/kpropd.c:410
+msgid "while unsetting IPV6_V6ONLY option"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:44
-msgid "A required input parameter could not be written"
+#: ../../src/kprop/kpropd.c:415
+msgid "while binding listener socket"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:45
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:175
-msgid "A parameter was malformed"
+#: ../../src/kprop/kpropd.c:426
+#, c-format
+msgid "waiting for a kprop connection\n"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:48
-msgid "calling error"
+#: ../../src/kprop/kpropd.c:432
+msgid "while accepting connection"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:59
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:195
-msgid "An unsupported mechanism was requested"
+#: ../../src/kprop/kpropd.c:438
+msgid "while forking"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:60
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:199
-msgid "An invalid name was supplied"
+#: ../../src/kprop/kpropd.c:453
+#, c-format
+msgid "waitpid() failed to wait for doit() (%d %s)\n"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:61
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:203
-msgid "A supplied name was of an unsupported type"
+#: ../../src/kprop/kpropd.c:457
+msgid "while waiting to receive database"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:62
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:208
-msgid "Incorrect channel bindings were supplied"
+#: ../../src/kprop/kpropd.c:461
+#, c-format
+msgid "Database load process for full propagation completed.\n"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:63
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:179
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:274
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:334
-msgid "An invalid status code was supplied"
+#: ../../src/kprop/kpropd.c:499
+#, c-format
+msgid ""
+"%s: Standard input does not appear to be a network socket.\n"
+"\t(Not run from inetd, and missing the -S option?)\n"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:64
-msgid "A token had an invalid signature"
+#: ../../src/kprop/kpropd.c:512
+msgid "while attempting setsockopt (SO_KEEPALIVE)"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:65
-msgid "No credentials were supplied"
+#: ../../src/kprop/kpropd.c:517
+#, c-format
+msgid "Connection from %s"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:66
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:223
-msgid "No context has been established"
+#: ../../src/kprop/kpropd.c:537
+#, c-format
+msgid "Rejected connection from unauthorized principal %s\n"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:67
-msgid "A token was invalid"
+#: ../../src/kprop/kpropd.c:541
+#, c-format
+msgid "Rejected connection from unauthorized principal %s"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:68
-msgid "A credential was invalid"
+#: ../../src/kprop/kpropd.c:558
+#, c-format
+msgid "while opening database file, '%s'"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:69
-msgid "The referenced credentials have expired"
+#: ../../src/kprop/kpropd.c:564
+#, c-format
+msgid "while renaming %s to %s"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:70
-msgid "The context has expired"
+#: ../../src/kprop/kpropd.c:570
+#, c-format
+msgid "while downgrading lock on '%s'"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:71
-msgid "Miscellaneous failure"
+#: ../../src/kprop/kpropd.c:577
+#, c-format
+msgid "while unlocking '%s'"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:72
-msgid "The quality-of-protection requested could not be provided"
+#: ../../src/kprop/kpropd.c:589
+msgid "while sending # of received bytes"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:73
-msgid "The operation is forbidden by the local security policy"
+#: ../../src/kprop/kpropd.c:595
+msgid "while trying to close database file"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:74
-msgid "The operation or option is not available"
+#: ../../src/kprop/kpropd.c:650
+#, c-format
+msgid "Incremental propagation enabled\n"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:77
-msgid "routine error"
+#: ../../src/kprop/kpropd.c:661
+#, c-format
+msgid "%s: unable to get kiprop host based service name for realm %s\n"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:89
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:311
-msgid "The routine must be called again to complete its function"
+#: ../../src/kprop/kpropd.c:672
+msgid "while trying to construct host service principal"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:90
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:316
-msgid "The token was a duplicate of an earlier token"
+#: ../../src/kprop/kpropd.c:691
+#, c-format
+msgid "Initializing kadm5 as client %s\n"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:91
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:321
-msgid "The token's validity period has expired"
+#: ../../src/kprop/kpropd.c:705
+#, c-format
+msgid "kadm5 initialization failed!\n"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:92
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:325
-msgid "A later token has already been processed"
+#: ../../src/kprop/kpropd.c:714
+msgid "while attempting to connect to master KDC ... retrying"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:95
-msgid "supplementary info code"
+#: ../../src/kprop/kpropd.c:718
+#, c-format
+msgid "Sleeping %d seconds to re-initialize kadm5 (RPC ERROR)\n"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:106
-#: ../lib/krb5/error_tables/krb5_err.c:23
-msgid "No error"
+#: ../../src/kprop/kpropd.c:734
+#, c-format
+msgid "while initializing %s interface, retrying"
msgstr ""
-#: ../../src/lib/gssapi/generic/disp_major_status.c:107
+#: ../../src/kprop/kpropd.c:738
#, c-format
-msgid "Unknown %s (field = %d)"
+msgid "Sleeping %d seconds to re-initialize kadm5 (krb5kdc not running?)\n"
msgstr ""
-#: ../../src/lib/gssapi/krb5/acquire_cred.c:165
+#: ../../src/kprop/kpropd.c:748
#, c-format
-msgid "No key table entry found matching %s"
+msgid "kadm5 initialization succeeded\n"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:161
-msgid "The routine completed successfully"
+#: ../../src/kprop/kpropd.c:770
+msgid "reading update log header"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:170
-msgid "A required output parameter could not be written"
+#: ../../src/kprop/kpropd.c:781
+#, c-format
+msgid "Calling iprop_get_updates_1 (sno=%u sec=%u usec=%u)\n"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:212
-msgid "A token had an invalid Message Integrity Check (MIC)"
+#: ../../src/kprop/kpropd.c:791
+msgid "iprop_get_updates call failed"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:217
-msgid ""
-"No credentials were supplied, or the credentials were unavailable or "
-"inaccessible"
+#: ../../src/kprop/kpropd.c:797
+#, c-format
+msgid "Reinitializing iprop because get updates failed\n"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:227
-msgid "Invalid token was supplied"
+#: ../../src/kprop/kpropd.c:818
+#, c-format
+msgid "Still waiting for full resync\n"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:231
-msgid "Invalid credential was supplied"
+#: ../../src/kprop/kpropd.c:823
+#, c-format
+msgid "Full resync needed\n"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:235
-msgid "The referenced credential has expired"
+#: ../../src/kprop/kpropd.c:824
+msgid "kpropd: Full resync needed."
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:239
-msgid "The referenced context has expired"
+#: ../../src/kprop/kpropd.c:829
+msgid "iprop_full_resync call failed"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:243
-msgid "Unspecified GSS failure. Minor code may provide more information"
+#: ../../src/kprop/kpropd.c:840
+#, c-format
+msgid "Full resync request granted\n"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:248
-msgid "The quality-of-protection (QOP) requested could not be provided"
+#: ../../src/kprop/kpropd.c:841
+msgid "Full resync request granted."
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:253
-msgid "The operation is forbidden by local security policy"
+#: ../../src/kprop/kpropd.c:850
+#, c-format
+msgid "Exponential backoff\n"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:258
-msgid "The operation or option is not available or unsupported"
+#: ../../src/kprop/kpropd.c:856
+#, c-format
+msgid "Full resync permission denied\n"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:263
-msgid "The requested credential element already exists"
+#: ../../src/kprop/kpropd.c:857
+msgid "Full resync, permission denied."
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:268
-msgid "The provided name was not mechanism specific (MN)"
+#: ../../src/kprop/kpropd.c:862
+#, c-format
+msgid "Full resync error from master\n"
msgstr ""
-#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:329
-msgid "An expected per-message token was not received"
+#: ../../src/kprop/kpropd.c:863
+msgid " Full resync, error returned from master KDC."
msgstr ""
-#: ../../src/lib/gssapi/spnego/spnego_mech.c:1813
-msgid "SPNEGO cannot find mechanisms to negotiate"
+#: ../../src/kprop/kpropd.c:871
+#, c-format
+msgid "Full resync invalid result from master\n"
msgstr ""
-#: ../../src/lib/gssapi/spnego/spnego_mech.c:1818
-msgid "SPNEGO failed to acquire creds"
+#: ../../src/kprop/kpropd.c:873
+msgid "Full resync, invalid return from master KDC."
msgstr ""
-#: ../../src/lib/gssapi/spnego/spnego_mech.c:1823
-msgid "SPNEGO acceptor did not select a mechanism"
+#: ../../src/kprop/kpropd.c:889
+#, c-format
+msgid "Got incremental updates (sno=%u sec=%u usec=%u)\n"
msgstr ""
-#: ../../src/lib/gssapi/spnego/spnego_mech.c:1828
-msgid "SPNEGO failed to negotiate a mechanism"
+#: ../../src/kprop/kpropd.c:901
+#, c-format
+msgid "ulog_replay failed (%s), updates not registered\n"
msgstr ""
-#: ../../src/lib/gssapi/spnego/spnego_mech.c:1833
-msgid "SPNEGO acceptor did not return a valid token"
-msgstr ""
-
-#: ../../src/lib/kadm5/logger.c:54
+#: ../../src/kprop/kpropd.c:904
#, c-format
-msgid "%s: cannot parse <%s>\n"
+msgid "ulog_replay failed (%s), updates not registered."
msgstr ""
-#: ../../src/lib/kadm5/logger.c:55
+#: ../../src/kprop/kpropd.c:913
#, c-format
-msgid "%s: warning - logging entry syntax error\n"
+msgid "Incremental updates: %d updates / %lu us"
msgstr ""
-#: ../../src/lib/kadm5/logger.c:56
+#: ../../src/kprop/kpropd.c:916
#, c-format
-msgid "%s: error writing to %s\n"
+msgid "Incremental updates: %d updates / %lu us\n"
msgstr ""
-#: ../../src/lib/kadm5/logger.c:57
+#: ../../src/kprop/kpropd.c:924
#, c-format
-msgid "%s: error writing to %s device\n"
+msgid "get_updates permission denied\n"
msgstr ""
-#: ../../src/lib/kadm5/logger.c:59
-msgid "EMERGENCY"
+#: ../../src/kprop/kpropd.c:925
+msgid "get_updates, permission denied."
msgstr ""
-#: ../../src/lib/kadm5/logger.c:60
-msgid "ALERT"
+#: ../../src/kprop/kpropd.c:930
+#, c-format
+msgid "get_updates error from master\n"
msgstr ""
-#: ../../src/lib/kadm5/logger.c:61
-msgid "CRITICAL"
+#: ../../src/kprop/kpropd.c:931
+msgid "get_updates, error returned from master KDC."
msgstr ""
-#: ../../src/lib/kadm5/logger.c:62
-msgid "Error"
+#: ../../src/kprop/kpropd.c:939
+#, c-format
+msgid "get_updates master busy; backoff\n"
msgstr ""
-#: ../../src/lib/kadm5/logger.c:63
-msgid "Warning"
+#: ../../src/kprop/kpropd.c:948
+#, c-format
+msgid "KDC is synchronized with master.\n"
msgstr ""
-#: ../../src/lib/kadm5/logger.c:64
-msgid "Notice"
+#: ../../src/kprop/kpropd.c:956
+#, c-format
+msgid "get_updates invalid result from master\n"
msgstr ""
-#: ../../src/lib/kadm5/logger.c:65
-msgid "info"
+#: ../../src/kprop/kpropd.c:957
+msgid "get_updates, invalid return from master KDC."
msgstr ""
-#: ../../src/lib/kadm5/logger.c:66
-msgid "debug"
+#: ../../src/kprop/kpropd.c:972
+#, c-format
+msgid "Busy signal received from master, backoff for %d secs\n"
msgstr ""
-#: ../../src/lib/kadm5/logger.c:926
+#: ../../src/kprop/kpropd.c:979
#, c-format
-msgid "Couldn't open log file %s: %s\n"
+msgid "Waiting for %d seconds before checking for updates again\n"
msgstr ""
-#: ../../src/lib/kadm5/srv/kadm5_hook.c:120
+#: ../../src/kprop/kpropd.c:990
#, c-format
-msgid "kadm5_hook %s failed postcommit %s: %s"
+msgid "ERROR returned by master, bailing\n"
msgstr ""
-#: ../../src/lib/kadm5/srv/pwqual_dict.c:106
-msgid "No dictionary file specified, continuing without one."
+#: ../../src/kprop/kpropd.c:991
+msgid "ERROR returned by master KDC, bailing.\n"
msgstr ""
-#: ../../src/lib/kadm5/srv/pwqual_dict.c:113
-#, c-format
-msgid "WARNING! Cannot find dictionary file %s, continuing without one."
+#: ../../src/kprop/kpropd.c:1108
+msgid "copying db args"
msgstr ""
-#: ../../src/lib/kadm5/srv/pwqual_empty.c:42
-msgid "Empty passwords are not allowed"
+#: ../../src/kprop/kpropd.c:1133
+msgid "Unable to get default realm"
msgstr ""
-#: ../../src/lib/kadm5/srv/pwqual_hesiod.c:114
-msgid "Password may not match user information."
+#: ../../src/kprop/kpropd.c:1140
+msgid "Unable to set default realm"
msgstr ""
-#: ../../src/lib/kadm5/srv/pwqual_princ.c:54
-msgid "Password may not match principal name"
+#: ../../src/kprop/kpropd.c:1150
+msgid "while trying to construct my service name"
msgstr ""
-#: ../../src/lib/kadm5/srv/server_kdb.c:195
-msgid "History entry contains no key data"
+#: ../../src/kprop/kpropd.c:1157
+msgid "while allocating filename for temp file"
msgstr ""
-#: ../../src/lib/kadm5/srv/server_misc.c:128
-#, c-format
-msgid "password quality module %s rejected password for %s: %s"
+#: ../../src/kprop/kpropd.c:1165
+msgid "while initializing"
msgstr ""
-#: ../../src/lib/kdb/kdb5.c:216
-msgid "No default realm set; cannot initialize KDB"
+#: ../../src/kprop/kpropd.c:1173
+msgid "Unable to map log!\n"
msgstr ""
-#: ../../src/lib/kdb/kdb5.c:368
+#: ../../src/kprop/kpropd.c:1219
#, c-format
-msgid "Unable to find requested database type: %s"
+msgid "Error in krb5_auth_con_ini: %s"
msgstr ""
-#: ../../src/lib/kdb/kdb5.c:448 ../lib/krb5/error_tables/kdb5_err.c:55
-msgid "Unable to find requested database type"
+#: ../../src/kprop/kpropd.c:1227
+#, c-format
+msgid "Error in krb5_auth_con_setflags: %s"
msgstr ""
-#: ../../src/lib/kdb/kdb5.c:456
-msgid "plugin symbol 'kdb_function_table' lookup failed"
+#: ../../src/kprop/kpropd.c:1235
+#, c-format
+msgid "Error in krb5_auth_con_setaddrs: %s"
msgstr ""
-#: ../../src/lib/kdb/kdb5.c:464
+#: ../../src/kprop/kpropd.c:1243
#, c-format
-msgid ""
-"Unable to load requested database module '%s': plugin symbol "
-"'kdb_function_table' not found"
+msgid "Error in krb5_kt_resolve: %s"
msgstr ""
-#: ../../src/lib/kdb/kdb5.c:602
-msgid "Cannot initialize database library"
+#: ../../src/kprop/kpropd.c:1252
+#, c-format
+msgid "Error in krb5_recvauth: %s"
msgstr ""
-#: ../../src/lib/kdb/kdb5.c:1762
+#: ../../src/kprop/kpropd.c:1259
#, c-format
-msgid "Illegal version number for KRB5_TL_MKEY_AUX %d\n"
+msgid "Error in krb5_copy_prinicpal: %s"
msgstr ""
-#: ../../src/lib/kdb/kdb5.c:1934
-#, c-format
-msgid "Illegal version number for KRB5_TL_ACTKVNO %d\n"
+#: ../../src/kprop/kpropd.c:1275
+msgid "while unparsing ticket etype"
msgstr ""
-#: ../../src/lib/kdb/kdb_default.c:164
+#: ../../src/kprop/kpropd.c:1279
#, c-format
-msgid "keyfile (%s) is not a regular file: %s"
+msgid "authenticated client: %s (etype == %s)\n"
msgstr ""
-#: ../../src/lib/kdb/kdb_default.c:177
-msgid "Could not create temp keytab file name."
+#: ../../src/kprop/kpropd.c:1358
+msgid "while reading size of database from client"
msgstr ""
-#: ../../src/lib/kdb/kdb_default.c:202
-#, c-format
-msgid "Temporary stash file already exists: %s."
+#: ../../src/kprop/kpropd.c:1368
+msgid "while decoding database size from client"
msgstr ""
-#: ../../src/lib/kdb/kdb_default.c:230
+#: ../../src/kprop/kpropd.c:1381
+msgid "while initializing i_vector"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1386
#, c-format
-msgid "rename of temporary keyfile (%s) to (%s) failed: %s"
+msgid "Full propagation transfer started.\n"
msgstr ""
-#: ../../src/lib/kdb/kdb_default.c:415
+#: ../../src/kprop/kpropd.c:1439
#, c-format
-msgid "Can not fetch master key (error: %s)."
+msgid "Full propagation transfer finished.\n"
msgstr ""
-#: ../../src/lib/kdb/kdb_default.c:483
-msgid "Unable to decrypt latest master key with the provided master key\n"
+#: ../../src/kprop/kpropd.c:1500
+msgid "while decoding error packet from client"
msgstr ""
-#: ../../src/lib/kdb/kdb_log.c:70
-msgid "could not sync ulog update to disk"
+#: ../../src/kprop/kpropd.c:1509
+msgid "signaled from server"
msgstr ""
-#: ../../src/lib/kdb/kdb_log.c:84
-msgid "could not sync ulog header to disk"
+#: ../../src/kprop/kpropd.c:1511
+#, c-format
+msgid "Error text from client: %s\n"
msgstr ""
-#: ../../src/lib/krb5/ccache/cc_dir.c:122
+#: ../../src/kprop/kpropd.c:1560
#, c-format
-msgid "Subsidiary cache path %s has no parent directory"
+msgid "while trying to fork %s"
msgstr ""
-#: ../../src/lib/krb5/ccache/cc_dir.c:128
+#: ../../src/kprop/kpropd.c:1564
#, c-format
-msgid "Subsidiary cache path %s filename does not begin with \"tkt\""
+msgid "while trying to exec %s"
msgstr ""
-#: ../../src/lib/krb5/ccache/cc_dir.c:169
+#: ../../src/kprop/kpropd.c:1571
#, c-format
-msgid "%s contains invalid filename"
+msgid "while waiting for %s"
msgstr ""
-#: ../../src/lib/krb5/ccache/cc_dir.c:229
+#: ../../src/kprop/kpropd.c:1577
#, c-format
-msgid "Credential cache directory %s does not exist"
+msgid "%s load terminated"
msgstr ""
-#: ../../src/lib/krb5/ccache/cc_dir.c:235
+#: ../../src/kprop/kpropd.c:1583
#, c-format
-msgid "Credential cache directory %s exists but is not a directory"
+msgid "%s returned a bad exit status (%d)"
msgstr ""
-#: ../../src/lib/krb5/ccache/cc_dir.c:400
+#: ../../src/kprop/kproplog.c:28
+#, c-format
msgid ""
-"Can't create new subsidiary cache because default cache is not a directory "
-"collection"
+"\n"
+"Usage: %s [-h] [-v] [-v] [-e num]\n"
+"\t%s -R\n"
+"\n"
msgstr ""
-#: ../../src/lib/krb5/ccache/cc_keyring.c:1151
+#: ../../src/kprop/kproplog.c:132
+#, c-format
msgid ""
-"Can't create new subsidiary cache because default cache is already a "
-"subsidiary"
+"\n"
+"Couldn't allocate memory"
msgstr ""
-#: ../../src/lib/krb5/ccache/cc_keyring.c:1219
+#: ../../src/kprop/kproplog.c:226
#, c-format
-msgid "Credentials cache keyring '%s' not found"
+msgid "\t\tAttribute flags\n"
msgstr ""
-#: ../../src/lib/krb5/ccache/cccursor.c:213
+#: ../../src/kprop/kproplog.c:231
#, c-format
-msgid "Can't find client principal %s in cache collection"
+msgid "\t\tMaximum ticket life\n"
msgstr ""
-#: ../../src/lib/krb5/ccache/cccursor.c:293
-msgid "No Kerberos credentials available"
+#: ../../src/kprop/kproplog.c:236
+#, c-format
+msgid "\t\tMaximum renewable life\n"
msgstr ""
-#: ../../src/lib/krb5/ccache/cccursor.c:299
+#: ../../src/kprop/kproplog.c:241
#, c-format
-msgid "No Kerberos credentials available (default cache: %s)"
+msgid "\t\tPrincipal expiration\n"
msgstr ""
-#: ../../src/lib/krb5/keytab/kt_file.c:406
+#: ../../src/kprop/kproplog.c:246
#, c-format
-msgid "No key table entry found for %s"
+msgid "\t\tPassword expiration\n"
msgstr ""
-#: ../../src/lib/krb5/keytab/kt_file.c:823
-#: ../../src/lib/krb5/keytab/kt_file.c:856
-msgid "Cannot change keytab with keytab iterators active"
+#: ../../src/kprop/kproplog.c:251
+#, c-format
+msgid "\t\tLast successful auth\n"
msgstr ""
-#: ../../src/lib/krb5/keytab/kt_file.c:1046
+#: ../../src/kprop/kproplog.c:256
#, c-format
-msgid "Key table file '%s' not found"
+msgid "\t\tLast failed auth\n"
msgstr ""
-#: ../../src/lib/krb5/keytab/ktfns.c:127
+#: ../../src/kprop/kproplog.c:261
#, c-format
-msgid "Keytab %s is nonexistent or empty"
+msgid "\t\tFailed passwd attempt\n"
msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:250
-msgid "Malformed request error"
+#: ../../src/kprop/kproplog.c:266
+#, c-format
+msgid "\t\tPrincipal\n"
msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:253 ../lib/krb5/error_tables/kdb5_err.c:58
-msgid "Server error"
+#: ../../src/kprop/kproplog.c:271
+#, c-format
+msgid "\t\tKey data\n"
msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:256
-msgid "Authentication error"
+#: ../../src/kprop/kproplog.c:278
+#, c-format
+msgid "\t\tTL data\n"
msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:259
-msgid "Password change rejected"
+#: ../../src/kprop/kproplog.c:285
+#, c-format
+msgid "\t\tLength\n"
msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:262
-msgid "Access denied"
+#: ../../src/kprop/kproplog.c:290
+#, c-format
+msgid "\t\tPassword last changed\n"
msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:265
-msgid "Wrong protocol version"
+#: ../../src/kprop/kproplog.c:295
+#, c-format
+msgid "\t\tModifying principal\n"
msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:268
-msgid "Initial password required"
+#: ../../src/kprop/kproplog.c:300
+#, c-format
+msgid "\t\tModification time\n"
msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:271
-msgid "Success"
+#: ../../src/kprop/kproplog.c:305
+#, c-format
+msgid "\t\tModified where\n"
msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:274 ../lib/krb5/error_tables/krb5_err.c:257
-msgid "Password change failed"
+#: ../../src/kprop/kproplog.c:310
+#, c-format
+msgid "\t\tPassword policy\n"
msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:431
-msgid ""
-"The password must include numbers or symbols. Don't include any part of "
-"your name in the password."
+#: ../../src/kprop/kproplog.c:315
+#, c-format
+msgid "\t\tPassword policy switch\n"
msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:437
+#: ../../src/kprop/kproplog.c:320
#, c-format
-msgid "The password must contain at least %d character."
-msgid_plural "The password must contain at least %d characters."
-msgstr[0] ""
-msgstr[1] ""
+msgid "\t\tPassword history KVNO\n"
+msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:446
+#: ../../src/kprop/kproplog.c:325
#, c-format
-msgid "The password must be different from the previous password."
-msgid_plural "The password must be different from the previous %d passwords."
-msgstr[0] ""
-msgstr[1] ""
+msgid "\t\tPassword history\n"
+msgstr ""
-#: ../../src/lib/krb5/krb/chpw.c:458
+#: ../../src/kprop/kproplog.c:359
#, c-format
-msgid "The password can only be changed once a day."
-msgid_plural "The password can only be changed every %d days."
-msgstr[0] ""
-msgstr[1] ""
-
-#: ../../src/lib/krb5/krb/chpw.c:504
-msgid "Try a more complex password, or contact your administrator."
+msgid ""
+"Corrupt update entry\n"
+"\n"
msgstr ""
-#: ../../src/lib/krb5/krb/fast.c:216
-msgid "Error constructing AP-REQ armor"
+#: ../../src/kprop/kproplog.c:364
+#, c-format
+msgid "Update Entry\n"
msgstr ""
-#: ../../src/lib/krb5/krb/fast.c:394
-msgid "Failed to decrypt FAST reply"
+#: ../../src/kprop/kproplog.c:366
+#, c-format
+msgid "\tUpdate serial # : %u\n"
msgstr ""
-#: ../../src/lib/krb5/krb/fast.c:400
-msgid "nonce modified in FAST response: KDC response modified"
+#: ../../src/kprop/kproplog.c:370
+#, c-format
+msgid "\tDummy entry\n"
msgstr ""
-#: ../../src/lib/krb5/krb/fast.c:466
-msgid "Expecting FX_ERROR pa-data inside FAST container"
+#: ../../src/kprop/kproplog.c:378
+#, c-format
+msgid ""
+"Entry data decode failure\n"
+"\n"
msgstr ""
-#: ../../src/lib/krb5/krb/fast.c:537
-msgid "FAST response missing finish message in KDC reply"
+#: ../../src/kprop/kproplog.c:382
+#, c-format
+msgid "\tUpdate operation : "
msgstr ""
-#: ../../src/lib/krb5/krb/fast.c:550
-msgid "Ticket modified in KDC reply"
+#: ../../src/kprop/kproplog.c:384
+#, c-format
+msgid "Delete\n"
msgstr ""
-#: ../../src/lib/krb5/krb/gc_via_tkt.c:208
+#: ../../src/kprop/kproplog.c:386
#, c-format
-msgid "KDC returned error string: %.*s"
+msgid "Add\n"
msgstr ""
-#: ../../src/lib/krb5/krb/gc_via_tkt.c:217
+#: ../../src/kprop/kproplog.c:390
#, c-format
-msgid "Server %s not found in Kerberos database"
+msgid ""
+"Could not allocate principal name\n"
+"\n"
msgstr ""
-#: ../../src/lib/krb5/krb/get_in_tkt.c:202
-msgid "Reply has wrong form of session key for anonymous request"
+#: ../../src/kprop/kproplog.c:396
+#, c-format
+msgid "\tUpdate principal : %s\n"
msgstr ""
-#: ../../src/lib/krb5/krb/get_in_tkt.c:1679
-msgid "Failed to store credentials"
+#: ../../src/kprop/kproplog.c:398
+#, c-format
+msgid "\tUpdate size : %u\n"
msgstr ""
-#: ../../src/lib/krb5/krb/get_in_tkt.c:1768
+#: ../../src/kprop/kproplog.c:399
#, c-format
-msgid "Client '%s' not found in Kerberos database"
+msgid "\tUpdate committed : %s\n"
msgstr ""
-#: ../../src/lib/krb5/krb/gic_keytab.c:207
+#: ../../src/kprop/kproplog.c:403
#, c-format
-msgid "Keytab contains no suitable keys for %s"
+msgid "\tUpdate time stamp : None\n"
msgstr ""
-#: ../../src/lib/krb5/krb/gic_pwd.c:75
+#: ../../src/kprop/kproplog.c:405
#, c-format
-msgid "Password for %s"
+msgid "\tUpdate time stamp : %s"
msgstr ""
-#: ../../src/lib/krb5/krb/gic_pwd.c:227
+#: ../../src/kprop/kproplog.c:409
#, c-format
-msgid "Warning: Your password will expire in less than one hour on %s"
+msgid "\tAttributes changed : %d\n"
msgstr ""
-#: ../../src/lib/krb5/krb/gic_pwd.c:231
+#: ../../src/kprop/kproplog.c:474
#, c-format
-msgid "Warning: Your password will expire in %d hour%s on %s"
+msgid ""
+"Unable to initialize Kerberos\n"
+"\n"
msgstr ""
-#: ../../src/lib/krb5/krb/gic_pwd.c:235
+#: ../../src/kprop/kproplog.c:481
#, c-format
-msgid "Warning: Your password will expire in %d days on %s"
+msgid ""
+"Couldn't read database_name\n"
+"\n"
msgstr ""
-#: ../../src/lib/krb5/krb/gic_pwd.c:408
-msgid "Password expired. You must change it now."
+#: ../../src/kprop/kproplog.c:485
+#, c-format
+msgid ""
+"\n"
+"Kerberos update log (%s)\n"
msgstr ""
-#: ../../src/lib/krb5/krb/gic_pwd.c:427 ../../src/lib/krb5/krb/gic_pwd.c:431
+#: ../../src/kprop/kproplog.c:489 ../../src/kprop/kproplog.c:505
#, c-format
-msgid "%s. Please try again."
+msgid ""
+"Unable to map log file %s\n"
+"\n"
msgstr ""
-#: ../../src/lib/krb5/krb/gic_pwd.c:472
+#: ../../src/kprop/kproplog.c:494
#, c-format
-msgid "%.*s%s%s. Please try again.\n"
+msgid ""
+"Couldn't reinitialize ulog file %s\n"
+"\n"
msgstr ""
-#: ../../src/lib/krb5/krb/parse.c:203
+#: ../../src/kprop/kproplog.c:498
#, c-format
-msgid "Principal %s is missing required realm"
+msgid "Reinitialized the ulog.\n"
msgstr ""
-#: ../../src/lib/krb5/krb/parse.c:215
+#: ../../src/kprop/kproplog.c:511
#, c-format
-msgid "Principal %s has realm present"
+msgid ""
+"Corrupt header log, exiting\n"
+"\n"
msgstr ""
-#: ../../src/lib/krb5/krb/plugin.c:169
+#: ../../src/kprop/kproplog.c:515
#, c-format
-msgid "Invalid module specifier %s"
+msgid "Update log dump :\n"
msgstr ""
-#: ../../src/lib/krb5/krb/plugin.c:406
+#: ../../src/kprop/kproplog.c:516
#, c-format
-msgid "Could not find %s plugin module named '%s'"
+msgid "\tLog version # : %u\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth2.c:319
-msgid "krb5_init_creds calls must use same library context"
+#: ../../src/kprop/kproplog.c:517
+#, c-format
+msgid "\tLog state : "
msgstr ""
-#: ../../src/lib/krb5/krb/preauth2.c:713
-msgid "Pre-authentication failed"
+#: ../../src/kprop/kproplog.c:520
+#, c-format
+msgid "Stable\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth2.c:1094
-msgid "Unable to initialize preauth context"
+#: ../../src/kprop/kproplog.c:523
+#, c-format
+msgid "Unstable\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth2.c:1107
+#: ../../src/kprop/kproplog.c:526
#, c-format
-msgid "Preauth module %s"
+msgid "Corrupt\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_otp.c:515
-msgid "Please choose from the following:\n"
+#: ../../src/kprop/kproplog.c:529
+#, c-format
+msgid "Unknown state: %d\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_otp.c:516
-msgid "Vendor:"
+#: ../../src/kprop/kproplog.c:532
+#, c-format
+msgid "\tEntry block size : %u\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_otp.c:528
-msgid "Enter #"
+#: ../../src/kprop/kproplog.c:533
+#, c-format
+msgid "\tNumber of entries : %u\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_otp.c:564
-msgid "OTP Challenge:"
+#: ../../src/kprop/kproplog.c:536
+#, c-format
+msgid "\tLast serial # : None\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_otp.c:593
-msgid "OTP Token PIN"
+#: ../../src/kprop/kproplog.c:539
+#, c-format
+msgid "\tFirst serial # : None\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_otp.c:707
-msgid "OTP value doesn't match any token formats"
+#: ../../src/kprop/kproplog.c:541
+#, c-format
+msgid "\tFirst serial # : "
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_otp.c:774
-msgid "Enter OTP Token Value"
+#: ../../src/kprop/kproplog.c:545
+#, c-format
+msgid "\tLast serial # : "
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_otp.c:920
-msgid "No supported tokens"
+#: ../../src/kprop/kproplog.c:550
+#, c-format
+msgid "\tLast time stamp : None\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_sam2.c:49
-msgid "Challenge for Enigma Logic mechanism"
+#: ../../src/kprop/kproplog.c:553
+#, c-format
+msgid "\tFirst time stamp : None\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_sam2.c:53
-msgid "Challenge for Digital Pathways mechanism"
+#: ../../src/kprop/kproplog.c:555
+#, c-format
+msgid "\tFirst time stamp : %s"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_sam2.c:57
-msgid "Challenge for Activcard mechanism"
+#: ../../src/kprop/kproplog.c:559
+#, c-format
+msgid "\tLast time stamp : %s\n"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_sam2.c:60
-msgid "Challenge for Enhanced S/Key mechanism"
+#: ../../src/lib/apputils/net-server.c:221
+msgid "Got signal to request exit"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_sam2.c:63
-msgid "Challenge for Traditional S/Key mechanism"
+#: ../../src/lib/apputils/net-server.c:235
+msgid "Got signal to reset"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_sam2.c:66
-#: ../../src/lib/krb5/krb/preauth_sam2.c:69
-msgid "Challenge for Security Dynamics mechanism"
+#: ../../src/lib/apputils/net-server.c:301
+#, c-format
+msgid "Invalid port %d"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_sam2.c:72
-msgid "Challenge from authentication server"
+#: ../../src/lib/apputils/net-server.c:314
+#, c-format
+msgid "Removing address %s since wildcard address is being added"
msgstr ""
-#: ../../src/lib/krb5/krb/preauth_sam2.c:166
-msgid "SAM Authentication"
+#: ../../src/lib/apputils/net-server.c:321
+msgid "Address already added to server"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:145
+#: ../../src/lib/apputils/net-server.c:484
#, c-format
-msgid "Cannot find key for %s kvno %d in keytab"
+msgid "closing down fd %d"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:150
+#: ../../src/lib/apputils/net-server.c:498
#, c-format
-msgid "Cannot find key for %s kvno %d in keytab (request ticket server %s)"
+msgid "descriptor %d closed but still in svc_fdset"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:175
-#, c-format
-msgid "Cannot decrypt ticket for %s using keytab key for %s"
+#: ../../src/lib/apputils/net-server.c:524
+msgid "cannot create io event"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:197
-#, c-format
-msgid "Server principal %s does not match request ticket server %s"
+#: ../../src/lib/apputils/net-server.c:529
+msgid "cannot save event"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:226
-msgid "No keys in keytab"
+#: ../../src/lib/apputils/net-server.c:549
+#, c-format
+msgid "file descriptor number %d too high"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:229
-#, c-format
-msgid "Server principal %s does not match any keys in keytab"
+#: ../../src/lib/apputils/net-server.c:556
+msgid "cannot allocate storage for connection info"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:236
+#: ../../src/lib/apputils/net-server.c:591
#, c-format
-msgid ""
-"Request ticket server %s found in keytab but does not match server principal "
-"%s"
+msgid "Cannot create TCP server socket on %s"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:241
+#: ../../src/lib/apputils/net-server.c:600
#, c-format
-msgid "Request ticket server %s not found in keytab (ticket kvno %d)"
+msgid "TCP socket fd number %d (for %s) too high"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:247
+#: ../../src/lib/apputils/net-server.c:607
#, c-format
-msgid ""
-"Request ticket server %s kvno %d not found in keytab; ticket is likely out "
-"of date"
+msgid "Cannot enable SO_REUSEADDR on fd %d"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:252
+#: ../../src/lib/apputils/net-server.c:612
#, c-format
-msgid ""
-"Request ticket server %s kvno %d not found in keytab; keytab is likely out "
-"of date"
+msgid "setsockopt(%d,IPV6_V6ONLY,1) failed"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:261
+#: ../../src/lib/apputils/net-server.c:615
#, c-format
-msgid ""
-"Request ticket server %s kvno %d found in keytab but not with enctype %s"
+msgid "setsockopt(%d,IPV6_V6ONLY,1) worked"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:266
-#, c-format
-msgid ""
-"Request ticket server %s kvno %d enctype %s found in keytab but cannot "
-"decrypt ticket"
+#: ../../src/lib/apputils/net-server.c:618
+msgid "no IPV6_V6ONLY socket option support"
msgstr ""
-#: ../../src/lib/krb5/krb/rd_req_dec.c:898
+#: ../../src/lib/apputils/net-server.c:624
#, c-format
-msgid "Encryption type %s not permitted"
+msgid "Cannot bind server socket on %s"
msgstr ""
-#: ../../src/lib/krb5/os/expand_path.c:316
+#: ../../src/lib/apputils/net-server.c:694
#, c-format
-msgid "Can't find username for uid %lu"
+msgid "Setting up %s socket for address %s"
msgstr ""
-#: ../../src/lib/krb5/os/expand_path.c:405
-#: ../../src/lib/krb5/os/expand_path.c:421
-msgid "Invalid token"
+#: ../../src/lib/apputils/net-server.c:707
+#, c-format
+msgid "Cannot listen on %s server socket on %s"
msgstr ""
-#: ../../src/lib/krb5/os/expand_path.c:506
-msgid "variable missing }"
+#: ../../src/lib/apputils/net-server.c:716
+#, c-format
+msgid "cannot set listening %s socket on %s non-blocking"
msgstr ""
-#: ../../src/lib/krb5/os/locate_kdc.c:822
+#: ../../src/lib/apputils/net-server.c:724
#, c-format
-msgid "Cannot find KDC for realm \"%.*s\""
+msgid "cannot set SO_LINGER on %s socket on %s"
msgstr ""
-#: ../../src/lib/krb5/os/sendto_kdc.c:515
+#: ../../src/lib/apputils/net-server.c:731
#, c-format
-msgid "Cannot contact any KDC for realm '%.*s'"
+msgid "Setting pktinfo on socket %s"
msgstr ""
-#: ../../src/lib/krb5/rcache/rc_io.c:106
+#: ../../src/lib/apputils/net-server.c:736
#, c-format
-msgid "Cannot fstat replay cache file %s: %s"
+msgid "Cannot request packet info for UDP socket address %s port %d"
msgstr ""
-#: ../../src/lib/krb5/rcache/rc_io.c:112
-#, c-format
+#: ../../src/lib/apputils/net-server.c:738
msgid ""
-"Insecure mkstemp() file mode for replay cache file %s; try running this "
-"program with umask 077"
+"System does not support pktinfo yet binding to a wildcard address. Packets "
+"are not guaranteed to return on the received address."
msgstr ""
-#: ../../src/lib/krb5/rcache/rc_io.c:144
-#, c-format
-msgid "Cannot %s replay cache file %s: %s"
+#: ../../src/lib/apputils/net-server.c:750
+msgid "Error attempting to add verto event"
msgstr ""
-#: ../../src/lib/krb5/rcache/rc_io.c:149
+#: ../../src/lib/apputils/net-server.c:759
#, c-format
-msgid "Cannot %s replay cache: %s"
+msgid "Cannot create RPC service: %s"
msgstr ""
-#: ../../src/lib/krb5/rcache/rc_io.c:272
+#: ../../src/lib/apputils/net-server.c:769
#, c-format
-msgid "Insecure file mode for replay cache file %s"
+msgid "Cannot register RPC service: %s"
msgstr ""
-#: ../../src/lib/krb5/rcache/rc_io.c:278
-#, c-format
-msgid "rcache not owned by %d"
+#: ../../src/lib/apputils/net-server.c:813
+msgid "No addresses added to the net server"
msgstr ""
-#: ../../src/lib/krb5/rcache/rc_io.c:402 ../../src/lib/krb5/rcache/rc_io.c:406
-#: ../../src/lib/krb5/rcache/rc_io.c:411
+#: ../../src/lib/apputils/net-server.c:832
#, c-format
-msgid "Can't write to replay cache: %s"
+msgid "Failed getting address info (for %s): %s"
msgstr ""
-#: ../../src/lib/krb5/rcache/rc_io.c:432
+#: ../../src/lib/apputils/net-server.c:862
#, c-format
-msgid "Cannot sync replay cache file: %s"
+msgid "Failed setting up a %s socket (for %s)"
msgstr ""
-#: ../../src/lib/krb5/rcache/rc_io.c:451
-#, c-format
-msgid "Can't read from replay cache: %s"
+#: ../../src/lib/apputils/net-server.c:903
+msgid "setting up network..."
msgstr ""
-#: ../../src/lib/krb5/rcache/rc_io.c:482 ../../src/lib/krb5/rcache/rc_io.c:488
-#: ../../src/lib/krb5/rcache/rc_io.c:493
-#, c-format
-msgid "Can't destroy replay cache: %s"
+#: ../../src/lib/apputils/net-server.c:906
+msgid "Error setting up network"
msgstr ""
-#: ../../src/plugins/kdb/db2/kdb_db2.c:245
-#: ../../src/plugins/kdb/db2/kdb_db2.c:819
+#: ../../src/lib/apputils/net-server.c:909
#, c-format
-msgid "Unsupported argument \"%s\" for db2"
+msgid "set up %d sockets"
msgstr ""
-#: ../../src/plugins/kdb/db2/kdb_db2.c:387
-#, c-format
-msgid "Cannot open DB2 database '%s'"
+#: ../../src/lib/apputils/net-server.c:912
+msgid "no sockets set up?"
msgstr ""
-#: ../../src/plugins/kdb/db2/kdb_db2.c:989
-msgid "Recursive iteration is not supported for hash databases"
+#: ../../src/lib/apputils/net-server.c:975
+#: ../../src/lib/apputils/net-server.c:1029
+msgid "while dispatching (udp)"
msgstr ""
-#: ../../src/plugins/kdb/db2/kdb_db2.c:996
-msgid "Recursive iteration not supported in this version of libdb"
+#: ../../src/lib/apputils/net-server.c:1004
+#, c-format
+msgid "while sending reply to %s/%s from %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:69
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:893
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1094
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1501
-msgid "while reading kerberos container information"
+#: ../../src/lib/apputils/net-server.c:1009
+#, c-format
+msgid "short reply write %d vs %d\n"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:129
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:143
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:504
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:518
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:151
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:166
-msgid "while providing time specification"
+#: ../../src/lib/apputils/net-server.c:1054
+msgid "while receiving from network"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:268
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:304
-msgid "while creating policy object"
+#: ../../src/lib/apputils/net-server.c:1097
+msgid "too many connections"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1509
-msgid "while reading realm information"
+#: ../../src/lib/apputils/net-server.c:1115
+#, c-format
+msgid "dropping %s fd %d from %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:348
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:407
-msgid "while destroying policy object"
+#: ../../src/lib/apputils/net-server.c:1185
+#, c-format
+msgid "allocating buffer for new TCP session from %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:358
-#, c-format
-msgid "This will delete the policy object '%s', are you sure?\n"
+#: ../../src/lib/apputils/net-server.c:1217
+msgid "while dispatching (tcp)"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:473
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:663
-msgid "while modifying policy object"
+#: ../../src/lib/apputils/net-server.c:1249
+msgid "error allocating tcp dispatch private!"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:487
+#: ../../src/lib/apputils/net-server.c:1296
#, c-format
-msgid "while reading information of policy '%s'"
+msgid "TCP client %s wants %lu bytes, cap is %lu"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:692
-msgid "while viewing policy"
+#: ../../src/lib/apputils/net-server.c:1304
+#, c-format
+msgid "error constructing KRB_ERR_FIELD_TOOLONG error! %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:701
+#: ../../src/lib/apputils/net-server.c:1343
#, c-format
-msgid "while viewing policy '%s'"
+msgid "getsockname failed: %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:835
-msgid "while listing policy objects"
+#: ../../src/lib/crypto/krb/prng_fortuna.c:428
+msgid "Random number generator could not be seeded"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:453
-#, c-format
-msgid "for subtree while creating realm '%s'"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:43
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:165
+msgid "A required input parameter could not be read"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:465
-#, c-format
-msgid "for container reference while creating realm '%s'"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:44
+msgid "A required input parameter could not be written"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:490
-#, c-format
-msgid "invalid search scope while creating realm '%s'"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:45
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:175
+msgid "A parameter was malformed"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:505
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:829
-#, c-format
-msgid "'%s' is an invalid option\n"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:48
+msgid "calling error"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:513
-#, c-format
-msgid "Initializing database for realm '%s'\n"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:59
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:195
+msgid "An unsupported mechanism was requested"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:537
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:698
-#, c-format
-msgid "while creating realm '%s'"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:60
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:199
+msgid "An invalid name was supplied"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:557
-#, c-format
-msgid "Enter DN of Kerberos container: "
+#: ../../src/lib/gssapi/generic/disp_major_status.c:61
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:203
+msgid "A supplied name was of an unsupported type"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:592
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:900
-#, c-format
-msgid "while reading information of realm '%s'"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:62
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:208
+msgid "Incorrect channel bindings were supplied"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:736
-msgid "while reading Kerberos container information"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:63
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:179
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:274
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:334
+msgid "An invalid status code was supplied"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:779
-#, c-format
-msgid "for subtree while modifying realm '%s'"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:64
+msgid "A token had an invalid signature"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:790
-#, c-format
-msgid "for container reference while modifying realm '%s'"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:65
+msgid "No credentials were supplied"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:818
-#, c-format
-msgid "specified for search scope while modifying information of realm '%s'"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:66
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:223
+msgid "No context has been established"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:857
-#, c-format
-msgid "while modifying information of realm '%s'"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:67
+msgid "A token was invalid"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:946
-msgid "Realm Name"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:68
+msgid "A credential was invalid"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:949
-msgid "Subtree"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:69
+msgid "The referenced credentials have expired"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:952
-msgid "Principal Container Reference"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:70
+msgid "The context has expired"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:957
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:959
-msgid "SearchScope"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:71
+msgid "Miscellaneous failure"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:957
-msgid "Invalid !"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:72
+msgid "The quality-of-protection requested could not be provided"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:964
-msgid "KDC Services"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:73
+msgid "The operation is forbidden by the local security policy"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:979
-msgid "Admin Services"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:74
+msgid "The operation or option is not available"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:994
-msgid "Passwd Services"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:77
+msgid "routine error"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1010
-msgid "Maximum Ticket Life"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:89
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:311
+msgid "The routine must be called again to complete its function"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1015
-msgid "Maximum Renewable Life"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:90
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:316
+msgid "The token was a duplicate of an earlier token"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1022
-msgid "Ticket flags"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:91
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:321
+msgid "The token's validity period has expired"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1101
-msgid "while listing realms"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:92
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:325
+msgid "A later token has already been processed"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1433
-msgid "while adding entries to database"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:95
+msgid "supplementary info code"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1474
-#, c-format
-msgid "Deleting KDC database of '%s', are you sure?\n"
+#: ../../src/lib/gssapi/generic/disp_major_status.c:106
+#: ../lib/krb5/error_tables/krb5_err.c:23
+msgid "No error"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1485
+#: ../../src/lib/gssapi/generic/disp_major_status.c:107
#, c-format
-msgid "OK, deleting database of '%s'...\n"
+msgid "Unknown %s (field = %d)"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1518
+#: ../../src/lib/gssapi/krb5/acquire_cred.c:165
#, c-format
-msgid "deleting database of '%s'"
+msgid "No key table entry found matching %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1523
-#, c-format
-msgid "** Database of '%s' destroyed.\n"
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:161
+msgid "The routine completed successfully"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:78
-msgid "ldap_service_password_file not configured"
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:170
+msgid "A required output parameter could not be written"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:124
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:131
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:139
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:145
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:173
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:252
-msgid "while setting service object password"
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:212
+msgid "A token had an invalid Message Integrity Check (MIC)"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:152
-msgid "while getting service password filename"
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:217
+msgid ""
+"No credentials were supplied, or the credentials were unavailable or "
+"inaccessible"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:165
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:477
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:227
+msgid "Invalid token was supplied"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:231
+msgid "Invalid credential was supplied"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:235
+msgid "The referenced credential has expired"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:239
+msgid "The referenced context has expired"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:243
+msgid "Unspecified GSS failure. Minor code may provide more information"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:248
+msgid "The quality-of-protection (QOP) requested could not be provided"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:253
+msgid "The operation is forbidden by local security policy"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:258
+msgid "The operation or option is not available or unsupported"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:263
+msgid "The requested credential element already exists"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:268
+msgid "The provided name was not mechanism specific (MN)"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:329
+msgid "An expected per-message token was not received"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1813
+msgid "SPNEGO cannot find mechanisms to negotiate"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1818
+msgid "SPNEGO failed to acquire creds"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1823
+msgid "SPNEGO acceptor did not select a mechanism"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1828
+msgid "SPNEGO failed to negotiate a mechanism"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1833
+msgid "SPNEGO acceptor did not return a valid token"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:54
#, c-format
-msgid "Password for \"%s\""
+msgid "%s: cannot parse <%s>\n"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:168
+#: ../../src/lib/kadm5/logger.c:55
#, c-format
-msgid "Re-enter password for \"%s\""
+msgid "%s: warning - logging entry syntax error\n"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:179
+#: ../../src/lib/kadm5/logger.c:56
#, c-format
-msgid "%s: Invalid password\n"
+msgid "%s: error writing to %s\n"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:195
-msgid "Failed to convert the password to hexadecimal"
+#: ../../src/lib/kadm5/logger.c:57
+#, c-format
+msgid "%s: error writing to %s device\n"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:208
+#: ../../src/lib/kadm5/logger.c:59
+msgid "EMERGENCY"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:60
+msgid "ALERT"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:61
+msgid "CRITICAL"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:62
+msgid "Error"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:63
+msgid "Warning"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:64
+msgid "Notice"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:65
+msgid "info"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:66
+msgid "debug"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:784
#, c-format
-msgid "Failed to open file %s: %s"
+msgid "Couldn't open log file %s: %s\n"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:230
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:272
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:281
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:308
-msgid "Failed to write service object password to file"
+#: ../../src/lib/kadm5/srv/kadm5_hook.c:120
+#, c-format
+msgid "kadm5_hook %s failed postcommit %s: %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:236
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:293
-msgid "Error reading service object password file"
+#: ../../src/lib/kadm5/srv/pwqual_dict.c:106
+msgid "No dictionary file specified, continuing without one."
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:261
+#: ../../src/lib/kadm5/srv/pwqual_dict.c:113
#, c-format
-msgid "Error creating file %s"
+msgid "WARNING! Cannot find dictionary file %s, continuing without one."
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:105
+#: ../../src/lib/kadm5/srv/pwqual_empty.c:42
+msgid "Empty passwords are not allowed"
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/pwqual_hesiod.c:114
+msgid "Password may not match user information."
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/pwqual_princ.c:54
+msgid "Password may not match principal name"
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/server_kdb.c:195
+msgid "History entry contains no key data"
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/server_misc.c:128
#, c-format
-msgid ""
-"Usage: kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
-"\tcmd [cmd_options]\n"
-"create [-subtrees subtree_dn_list] [-sscope search_scope] [-"
-"containerref container_reference_dn]\n"
-"\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-kv mkeyVNO] [-s]\n"
-"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
-"\t\t[ticket_flags] [-r realm]\n"
-"modify [-subtrees subtree_dn_list] [-sscope search_scope] [-"
-"containerref container_reference_dn]\n"
-"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
-"\t\t[ticket_flags] [-r realm]\n"
-"view [-r realm]\n"
-"destroy [-f] [-r realm]\n"
-"list\n"
-"stashsrvpw [-f filename] service_dn\n"
-"create_policy [-r realm] [-maxtktlife max_ticket_life]\n"
-"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
-"modify_policy [-r realm] [-maxtktlife max_ticket_life]\n"
-"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
-"view_policy [-r realm] policy\n"
-"destroy_policy [-r realm] [-force] policy\n"
-"list_policy [-r realm]\n"
+msgid "password quality module %s rejected password for %s: %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:325
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:333
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:341
-msgid "while reading ldap parameters"
+#: ../../src/lib/kdb/kdb5.c:216
+msgid "No default realm set; cannot initialize KDB"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:439
-msgid "while initializing error handling"
+#: ../../src/lib/kdb/kdb5.c:368
+#, c-format
+msgid "Unable to find requested database type: %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:447
-msgid "while initializing ldap handle"
+#: ../../src/lib/kdb/kdb5.c:448 ../lib/krb5/error_tables/kdb5_err.c:55
+msgid "Unable to find requested database type"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:461
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:470
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:483
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:525
-msgid "while retrieving ldap configuration"
+#: ../../src/lib/kdb/kdb5.c:456
+msgid "plugin symbol 'kdb_function_table' lookup failed"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:500
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:507
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:516
-msgid "while initializing server list"
+#: ../../src/lib/kdb/kdb5.c:464
+#, c-format
+msgid ""
+"Unable to load requested database module '%s': plugin symbol "
+"'kdb_function_table' not found"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:547
-msgid "while setting up lib handle"
+#: ../../src/lib/kdb/kdb5.c:602
+msgid "Cannot initialize database library"
msgstr ""
-#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:556
-msgid "while reading ldap configuration"
+#: ../../src/lib/kdb/kdb5.c:1762
+#, c-format
+msgid "Illegal version number for KRB5_TL_MKEY_AUX %d\n"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:68
-msgid "Unable to read Kerberos container"
+#: ../../src/lib/kdb/kdb5.c:1934
+#, c-format
+msgid "Illegal version number for KRB5_TL_ACTKVNO %d\n"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:73
-msgid "Unable to read Realm"
+#: ../../src/lib/kdb/kdb_default.c:164
+#, c-format
+msgid "keyfile (%s) is not a regular file: %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:214
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:73
-msgid "Error processing LDAP DB params"
+#: ../../src/lib/kdb/kdb_default.c:177
+msgid "Could not create temp keytab file name."
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:220
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:79
-msgid "Error reading LDAP server params"
+#: ../../src/lib/kdb/kdb_default.c:202
+#, c-format
+msgid "Temporary stash file already exists: %s."
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:64
-msgid "LDAP bind dn value missing"
+#: ../../src/lib/kdb/kdb_default.c:230
+#, c-format
+msgid "rename of temporary keyfile (%s) to (%s) failed: %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:69
-msgid "LDAP bind password value missing"
+#: ../../src/lib/kdb/kdb_default.c:415
+#, c-format
+msgid "Can not fetch master key (error: %s)."
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:78
-msgid "Error reading password from stash"
+#: ../../src/lib/kdb/kdb_default.c:483
+msgid "Unable to decrypt latest master key with the provided master key\n"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:85
-msgid "Service password length is zero"
+#: ../../src/lib/kdb/kdb_log.c:87
+msgid "could not sync ulog update to disk"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:145
+#: ../../src/lib/kdb/kdb_log.c:101
+msgid "could not sync ulog header to disk"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:122
#, c-format
-msgid "Cannot bind to LDAP server '%s' with SASL mechanism '%s': %s"
+msgid "Subsidiary cache path %s has no parent directory"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:158
+#: ../../src/lib/krb5/ccache/cc_dir.c:128
#, c-format
-msgid "Cannot bind to LDAP server '%s' as '%s': %s"
+msgid "Subsidiary cache path %s filename does not begin with \"tkt\""
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:183
+#: ../../src/lib/krb5/ccache/cc_dir.c:169
#, c-format
-msgid "Cannot create LDAP handle for '%s': %s"
+msgid "%s contains invalid filename"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:129
-msgid "could not complete roll-back, error deleting Kerberos Container"
+#: ../../src/lib/krb5/ccache/cc_dir.c:229
+#, c-format
+msgid "Credential cache directory %s does not exist"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:56
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:67
-msgid "Error reading kerberos container location from krb5.conf"
+#: ../../src/lib/krb5/ccache/cc_dir.c:235
+#, c-format
+msgid "Credential cache directory %s exists but is not a directory"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:75
-msgid "Kerberos container location not specified"
+#: ../../src/lib/krb5/ccache/cc_dir.c:400
+msgid ""
+"Can't create new subsidiary cache because default cache is not a directory "
+"collection"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:56
+#: ../../src/lib/krb5/ccache/cc_kcm.c:757
#, c-format
-msgid "Error reading '%s' attribute: %s"
+msgid "Credentials cache 'KCM:%s' not found"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:219
-msgid "KDB module requires -update argument"
+#: ../../src/lib/krb5/ccache/cc_keyring.c:1151
+msgid ""
+"Can't create new subsidiary cache because default cache is already a "
+"subsidiary"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:225
+#: ../../src/lib/krb5/ccache/cc_keyring.c:1219
#, c-format
-msgid "'%s' value missing"
+msgid "Credentials cache keyring '%s' not found"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:283
+#: ../../src/lib/krb5/ccache/cccursor.c:213
#, c-format
-msgid "unknown option '%s'"
-msgstr ""
-
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:343
-msgid "Minimum connections required per server is 2"
+msgid "Can't find client principal %s in cache collection"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:159
-msgid "Default realm not set"
+#: ../../src/lib/krb5/ccache/cccursor.c:293
+msgid "No Kerberos credentials available"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:261
-msgid "DN information missing"
+#: ../../src/lib/krb5/ccache/cccursor.c:299
+#, c-format
+msgid "No Kerberos credentials available (default cache: %s)"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:473
-msgid "dn information missing"
+#: ../../src/lib/krb5/keytab/kt_file.c:406
+#, c-format
+msgid "No key table entry found for %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:137
-msgid "Principal does not belong to realm"
+#: ../../src/lib/krb5/keytab/kt_file.c:823
+#: ../../src/lib/krb5/keytab/kt_file.c:856
+msgid "Cannot change keytab with keytab iterators active"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:308
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:317
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:325
+#: ../../src/lib/krb5/keytab/kt_file.c:1046
#, c-format
-msgid "%s option not supported"
+msgid "Key table file '%s' not found"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:332
+#: ../../src/lib/krb5/keytab/ktfns.c:127
#, c-format
-msgid "unknown option: %s"
+msgid "Keytab %s is nonexistent or empty"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:339
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:346
-#, c-format
-msgid "%s option value missing"
+#: ../../src/lib/krb5/krb/chpw.c:250
+msgid "Malformed request error"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:696
-msgid "Principal does not belong to the default realm"
+#: ../../src/lib/krb5/krb/chpw.c:253 ../lib/krb5/error_tables/kdb5_err.c:58
+msgid "Server error"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:764
-#, c-format
-msgid ""
-"operation can not continue, more than one entry with principal name \"%s\" "
-"found"
+#: ../../src/lib/krb5/krb/chpw.c:256
+msgid "Authentication error"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:827
-#, c-format
-msgid "'%s' not found"
+#: ../../src/lib/krb5/krb/chpw.c:259
+msgid "Password change rejected"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:904
-msgid "DN is out of the realm subtree"
+#: ../../src/lib/krb5/krb/chpw.c:262
+msgid "Access denied"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:960
-#, c-format
-msgid "ldap object is already kerberized"
+#: ../../src/lib/krb5/krb/chpw.c:265
+msgid "Wrong protocol version"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:980
-#, c-format
-msgid ""
-"link information can not be set/updated as the kerberos principal belongs to "
-"an ldap object"
+#: ../../src/lib/krb5/krb/chpw.c:268
+msgid "Initial password required"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:995
-#, c-format
-msgid "Failed getting object references"
+#: ../../src/lib/krb5/krb/chpw.c:271
+msgid "Success"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1002
-#, c-format
-msgid "kerberos principal is already linked to a ldap object"
+#: ../../src/lib/krb5/krb/chpw.c:274 ../lib/krb5/error_tables/krb5_err.c:257
+msgid "Password change failed"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1340
-msgid "ticket policy object value: "
+#: ../../src/lib/krb5/krb/chpw.c:431
+msgid ""
+"The password must include numbers or symbols. Don't include any part of "
+"your name in the password."
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1388
+#: ../../src/lib/krb5/krb/chpw.c:437
#, c-format
-msgid "Principal delete failed (trying to replace entry): %s"
-msgstr ""
+msgid "The password must contain at least %d character."
+msgid_plural "The password must contain at least %d characters."
+msgstr[0] ""
+msgstr[1] ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1398
+#: ../../src/lib/krb5/krb/chpw.c:446
#, c-format
-msgid "Principal add failed: %s"
-msgstr ""
+msgid "The password must be different from the previous password."
+msgid_plural "The password must be different from the previous %d passwords."
+msgstr[0] ""
+msgstr[1] ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1436
+#: ../../src/lib/krb5/krb/chpw.c:458
#, c-format
-msgid "User modification failed: %s"
-msgstr ""
+msgid "The password can only be changed once a day."
+msgid_plural "The password can only be changed every %d days."
+msgstr[0] ""
+msgstr[1] ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1509
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:294
-msgid "Error reading ticket policy"
+#: ../../src/lib/krb5/krb/chpw.c:504
+msgid "Try a more complex password, or contact your administrator."
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1639
-msgid "unable to decode stored principal key data"
+#: ../../src/lib/krb5/krb/fast.c:216
+msgid "Error constructing AP-REQ armor"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1697
-msgid "unable to decode stored principal pw history"
+#: ../../src/lib/krb5/krb/fast.c:394
+msgid "Failed to decrypt FAST reply"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:223
-msgid "Realm information not available"
+#: ../../src/lib/krb5/krb/fast.c:400
+msgid "nonce modified in FAST response: KDC response modified"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:306
-#, c-format
-msgid "Realm Delete FAILED: %s"
+#: ../../src/lib/krb5/krb/fast.c:466
+msgid "Expecting FX_ERROR pa-data inside FAST container"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:386
-msgid "subtree value: "
+#: ../../src/lib/krb5/krb/fast.c:537
+msgid "FAST response missing finish message in KDC reply"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:403
-msgid "container reference value: "
+#: ../../src/lib/krb5/krb/fast.c:550
+msgid "Ticket modified in KDC reply"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:486
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:549
-msgid "Kerberos Container information is missing"
+#: ../../src/lib/krb5/krb/gc_via_tkt.c:198
+#, c-format
+msgid "KDC returned error string: %.*s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:498
-msgid "Invalid Kerberos container DN"
+#: ../../src/lib/krb5/krb/gc_via_tkt.c:207
+#, c-format
+msgid "Server %s not found in Kerberos database"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:514
-#, c-format
-msgid "Kerberos Container create FAILED: %s"
+#: ../../src/lib/krb5/krb/get_in_tkt.c:202
+msgid "Reply has wrong form of session key for anonymous request"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:557
-#, c-format
-msgid "Kerberos Container delete FAILED: %s"
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1704
+msgid "Failed to store credentials"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:633
-msgid "realm object value: "
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1793
+#, c-format
+msgid "Client '%s' not found in Kerberos database"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:48
-msgid "Not a hexadecimal password"
+#: ../../src/lib/krb5/krb/gic_keytab.c:207
+#, c-format
+msgid "Keytab contains no suitable keys for %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:55
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:66
-msgid "Password corrupt"
+#: ../../src/lib/krb5/krb/gic_pwd.c:75
+#, c-format
+msgid "Password for %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:93
+#: ../../src/lib/krb5/krb/gic_pwd.c:227
#, c-format
-msgid "Cannot open LDAP password file '%s': %s"
+msgid "Warning: Your password will expire in less than one hour on %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:123
+#: ../../src/lib/krb5/krb/gic_pwd.c:231
#, c-format
-msgid "Bind DN entry '%s' missing in LDAP password file '%s'"
+msgid "Warning: Your password will expire in %d hour%s on %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:66
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:142
-msgid "Ticket Policy Name missing"
+#: ../../src/lib/krb5/krb/gic_pwd.c:235
+#, c-format
+msgid "Warning: Your password will expire in %d days on %s"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:154
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231
-msgid "ticket policy object: "
+#: ../../src/lib/krb5/krb/gic_pwd.c:408
+msgid "Password expired. You must change it now."
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:219
-msgid "Ticket Policy Object information missing"
+#: ../../src/lib/krb5/krb/gic_pwd.c:427 ../../src/lib/krb5/krb/gic_pwd.c:431
+#, c-format
+msgid "%s. Please try again."
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:311
-msgid "Ticket Policy Object DN missing"
+#: ../../src/lib/krb5/krb/gic_pwd.c:472
+#, c-format
+msgid "%.*s%s%s. Please try again.\n"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:338
-msgid "Delete Failed: One or more Principals associated with the Ticket Policy"
+#: ../../src/lib/krb5/krb/parse.c:203
+#, c-format
+msgid "Principal %s is missing required realm"
msgstr ""
-#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:447
-msgid "Error reading container object"
+#: ../../src/lib/krb5/krb/parse.c:215
+#, c-format
+msgid "Principal %s has realm present"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:498
+#: ../../src/lib/krb5/krb/plugin.c:169
#, c-format
-msgid "%s: %s"
+msgid "Invalid module specifier %s"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:528
+#: ../../src/lib/krb5/krb/plugin.c:406
#, c-format
-msgid "%s (depth %d): %s"
+msgid "Could not find %s plugin module named '%s'"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:771
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4318
-msgid "Pass phrase for"
+#: ../../src/lib/krb5/krb/preauth2.c:309
+msgid "krb5_init_creds calls must use same library context"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1101
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1111
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1378
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1388
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1929
-msgid "Failed to DER encode PKCS7"
+#: ../../src/lib/krb5/krb/preauth2.c:717
+msgid "Pre-authentication failed"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1202
-msgid "Failed to verify own certificate"
+#: ../../src/lib/krb5/krb/preauth2.c:1098
+msgid "Unable to initialize preauth context"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1362
-msgid "Failed to add digest attribute"
+#: ../../src/lib/krb5/krb/preauth2.c:1111
+#, c-format
+msgid "Preauth module %s"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1490
-msgid "Failed to decode CMS message"
+#: ../../src/lib/krb5/krb/preauth_encts.c:71
+msgid "Encrypted timestamp is disabled"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1508
-msgid "Invalid pkinit packet: octet string expected"
+#: ../../src/lib/krb5/krb/preauth_otp.c:515
+msgid "Please choose from the following:\n"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1526
-msgid "wrong oid\n"
+#: ../../src/lib/krb5/krb/preauth_otp.c:516
+msgid "Vendor:"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1678
-msgid "Failed to verify received certificate"
+#: ../../src/lib/krb5/krb/preauth_otp.c:528
+msgid "Enter #"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1716
-msgid "Failed to verify CMS message"
+#: ../../src/lib/krb5/krb/preauth_otp.c:564
+msgid "OTP Challenge:"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1904
-msgid "Failed to encrypt PKCS7 object"
+#: ../../src/lib/krb5/krb/preauth_otp.c:593
+msgid "OTP Token PIN"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1979
-msgid "Failed to decode PKCS7"
+#: ../../src/lib/krb5/krb/preauth_otp.c:707
+msgid "OTP value doesn't match any token formats"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1996
-msgid "Failed to decrypt PKCS7 message"
+#: ../../src/lib/krb5/krb/preauth_otp.c:774
+msgid "Enter OTP Token Value"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4438
-#, c-format
-msgid "Cannot read certificate file '%s'"
+#: ../../src/lib/krb5/krb/preauth_otp.c:920
+msgid "No supported tokens"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4445
-#, c-format
-msgid "Cannot read key file '%s'"
+#: ../../src/lib/krb5/krb/preauth_sam2.c:49
+msgid "Challenge for Enigma Logic mechanism"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5358
-#, c-format
-msgid "Cannot open file '%s'"
+#: ../../src/lib/krb5/krb/preauth_sam2.c:53
+msgid "Challenge for Digital Pathways mechanism"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5365
-#, c-format
-msgid "Cannot read file '%s'"
+#: ../../src/lib/krb5/krb/preauth_sam2.c:57
+msgid "Challenge for Activcard mechanism"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:6040
-#, c-format
-msgid "unknown code 0x%x"
+#: ../../src/lib/krb5/krb/preauth_sam2.c:60
+msgid "Challenge for Enhanced S/Key mechanism"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:410
-#, c-format
-msgid "Unsupported type while processing '%s'\n"
+#: ../../src/lib/krb5/krb/preauth_sam2.c:63
+msgid "Challenge for Traditional S/Key mechanism"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:444
-msgid "Internal error parsing X509_user_identity\n"
+#: ../../src/lib/krb5/krb/preauth_sam2.c:66
+#: ../../src/lib/krb5/krb/preauth_sam2.c:69
+msgid "Challenge for Security Dynamics mechanism"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:535
-msgid "No user identity options specified"
+#: ../../src/lib/krb5/krb/preauth_sam2.c:72
+msgid "Challenge from authentication server"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:523
-msgid "Pkinit request not signed, but client not anonymous."
+#: ../../src/lib/krb5/krb/preauth_sam2.c:166
+msgid "SAM Authentication"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:561
-msgid "Anonymous pkinit without DH public value not supported."
+#: ../../src/lib/krb5/krb/rd_req_dec.c:145
+#, c-format
+msgid "Cannot find key for %s kvno %d in keytab"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1270
+#: ../../src/lib/krb5/krb/rd_req_dec.c:150
#, c-format
-msgid "No pkinit_identity supplied for realm %s"
+msgid "Cannot find key for %s kvno %d in keytab (request ticket server %s)"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1281
+#: ../../src/lib/krb5/krb/rd_req_dec.c:175
#, c-format
-msgid "No pkinit_anchors supplied for realm %s"
+msgid "Cannot decrypt ticket for %s using keytab key for %s"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1301
+#: ../../src/lib/krb5/krb/rd_req_dec.c:197
#, c-format
-msgid "OCSP is not supported: (realm: %s)"
+msgid "Server principal %s does not match request ticket server %s"
msgstr ""
-#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1691
-msgid "No realms configured correctly for pkinit support"
+#: ../../src/lib/krb5/krb/rd_req_dec.c:226
+msgid "No keys in keytab"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:229
+#, c-format
+msgid "Server principal %s does not match any keys in keytab"
msgstr ""
-#: ../../src/slave/kprop.c:85
+#: ../../src/lib/krb5/krb/rd_req_dec.c:236
#, c-format
msgid ""
-"\n"
-"Usage: %s [-r realm] [-f file] [-d] [-P port] [-s srvtab] slave_host\n"
-"\n"
+"Request ticket server %s found in keytab but does not match server principal "
+"%s"
msgstr ""
-#: ../../src/slave/kprop.c:114
+#: ../../src/lib/krb5/krb/rd_req_dec.c:241
#, c-format
-msgid "Database propagation to %s: SUCCEEDED\n"
+msgid "Request ticket server %s not found in keytab (ticket kvno %d)"
msgstr ""
-#: ../../src/slave/kprop.c:175
-msgid "while setting client principal name"
+#: ../../src/lib/krb5/krb/rd_req_dec.c:247
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d not found in keytab; ticket is likely out "
+"of date"
msgstr ""
-#: ../../src/slave/kprop.c:184
-msgid "while setting server principal name"
+#: ../../src/lib/krb5/krb/rd_req_dec.c:252
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d not found in keytab; keytab is likely out "
+"of date"
msgstr ""
-#: ../../src/slave/kprop.c:197
-msgid "while resolving keytab"
+#: ../../src/lib/krb5/krb/rd_req_dec.c:261
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d found in keytab but not with enctype %s"
msgstr ""
-#: ../../src/slave/kprop.c:205
-msgid "while getting initial credentials\n"
+#: ../../src/lib/krb5/krb/rd_req_dec.c:266
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d enctype %s found in keytab but cannot "
+"decrypt ticket"
msgstr ""
-#: ../../src/slave/kprop.c:241
-msgid "while creating socket"
+#: ../../src/lib/krb5/krb/rd_req_dec.c:871
+#, c-format
+msgid "Encryption type %s not permitted"
msgstr ""
-#: ../../src/slave/kprop.c:257
-msgid "while converting server address"
+#: ../../src/lib/krb5/os/expand_path.c:316
+#, c-format
+msgid "Can't find username for uid %lu"
msgstr ""
-#: ../../src/slave/kprop.c:267
-msgid "while connecting to server"
+#: ../../src/lib/krb5/os/expand_path.c:405
+#: ../../src/lib/krb5/os/expand_path.c:421
+msgid "Invalid token"
msgstr ""
-#: ../../src/slave/kprop.c:274 ../../src/slave/kpropd.c:1199
-msgid "while getting local socket address"
+#: ../../src/lib/krb5/os/expand_path.c:506
+msgid "variable missing }"
msgstr ""
-#: ../../src/slave/kprop.c:279
-msgid "while converting local address"
+#: ../../src/lib/krb5/os/locate_kdc.c:813
+#, c-format
+msgid "Cannot find KDC for realm \"%.*s\""
msgstr ""
-#: ../../src/slave/kprop.c:302
-msgid "in krb5_auth_con_setaddrs"
+#: ../../src/lib/krb5/os/sendto_kdc.c:519
+#, c-format
+msgid "Cannot contact any KDC for realm '%.*s'"
msgstr ""
-#: ../../src/slave/kprop.c:310
-msgid "while authenticating to server"
+#: ../../src/lib/krb5/rcache/rc_io.c:106
+#, c-format
+msgid "Cannot fstat replay cache file %s: %s"
msgstr ""
-#: ../../src/slave/kprop.c:314 ../../src/slave/kprop.c:513
-#: ../../src/slave/kpropd.c:1505
+#: ../../src/lib/krb5/rcache/rc_io.c:112
#, c-format
-msgid "Generic remote error: %s\n"
+msgid ""
+"Insecure mkstemp() file mode for replay cache file %s; try running this "
+"program with umask 077"
msgstr ""
-#: ../../src/slave/kprop.c:320 ../../src/slave/kprop.c:519
-msgid "signalled from server"
+#: ../../src/lib/krb5/rcache/rc_io.c:140
+#, c-format
+msgid "Cannot %s replay cache file %s: %s"
msgstr ""
-#: ../../src/slave/kprop.c:322 ../../src/slave/kprop.c:521
+#: ../../src/lib/krb5/rcache/rc_io.c:145
#, c-format
-msgid "Error text from server: %s\n"
+msgid "Cannot %s replay cache: %s"
msgstr ""
-#: ../../src/slave/kprop.c:350
+#: ../../src/lib/krb5/rcache/rc_io.c:268
#, c-format
-msgid "allocating database file name '%s'"
+msgid "Insecure file mode for replay cache file %s"
msgstr ""
-#: ../../src/slave/kprop.c:356
+#: ../../src/lib/krb5/rcache/rc_io.c:274
#, c-format
-msgid "while trying to open %s"
+msgid "rcache not owned by %d"
msgstr ""
-#: ../../src/slave/kprop.c:363
-msgid "database locked"
+#: ../../src/lib/krb5/rcache/rc_io.c:398 ../../src/lib/krb5/rcache/rc_io.c:402
+#: ../../src/lib/krb5/rcache/rc_io.c:407
+#, c-format
+msgid "Can't write to replay cache: %s"
msgstr ""
-#: ../../src/slave/kprop.c:366 ../../src/slave/kpropd.c:552
+#: ../../src/lib/krb5/rcache/rc_io.c:428
#, c-format
-msgid "while trying to lock '%s'"
+msgid "Cannot sync replay cache file: %s"
msgstr ""
-#: ../../src/slave/kprop.c:370 ../../src/slave/kprop.c:378
+#: ../../src/lib/krb5/rcache/rc_io.c:447
#, c-format
-msgid "while trying to stat %s"
+msgid "Can't read from replay cache: %s"
msgstr ""
-#: ../../src/slave/kprop.c:374
-msgid "while trying to malloc data_ok_fn"
+#: ../../src/lib/krb5/rcache/rc_io.c:478 ../../src/lib/krb5/rcache/rc_io.c:484
+#: ../../src/lib/krb5/rcache/rc_io.c:489
+#, c-format
+msgid "Can't destroy replay cache: %s"
msgstr ""
-#: ../../src/slave/kprop.c:383
+#: ../../src/plugins/kdb/db2/kdb_db2.c:245
+#: ../../src/plugins/kdb/db2/kdb_db2.c:819
#, c-format
-msgid "'%s' more recent than '%s'."
+msgid "Unsupported argument \"%s\" for db2"
msgstr ""
-#: ../../src/slave/kprop.c:399
+#: ../../src/plugins/kdb/db2/kdb_db2.c:387
#, c-format
-msgid "while unlocking database '%s'"
+msgid "Cannot open DB2 database '%s'"
msgstr ""
-#: ../../src/slave/kprop.c:432 ../../src/slave/kprop.c:433
-msgid "while encoding database size"
+#: ../../src/plugins/kdb/db2/kdb_db2.c:989
+msgid "Recursive iteration is not supported for hash databases"
msgstr ""
-#: ../../src/slave/kprop.c:441
-msgid "while sending database size"
+#: ../../src/plugins/kdb/db2/kdb_db2.c:996
+msgid "Recursive iteration not supported in this version of libdb"
msgstr ""
-#: ../../src/slave/kprop.c:451
-msgid "while allocating i_vector"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:69
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:893
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1094
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1501
+msgid "while reading kerberos container information"
msgstr ""
-#: ../../src/slave/kprop.c:474
-#, c-format
-msgid "while sending database block starting at %d"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:129
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:143
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:504
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:518
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:151
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:166
+msgid "while providing time specification"
msgstr ""
-#: ../../src/slave/kprop.c:484
-msgid "Premature EOF found for database file!"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:268
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:304
+msgid "while creating policy object"
msgstr ""
-#: ../../src/slave/kprop.c:497
-msgid "while reading response from server"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1509
+msgid "while reading realm information"
msgstr ""
-#: ../../src/slave/kprop.c:508
-msgid "while decoding error response from server"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:348
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:407
+msgid "while destroying policy object"
msgstr ""
-#: ../../src/slave/kprop.c:539
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:358
#, c-format
-msgid "Kpropd sent database size %d, expecting %d"
+msgid "This will delete the policy object '%s', are you sure?\n"
msgstr ""
-#: ../../src/slave/kprop.c:584
-msgid "while allocating filename for update_last_prop_file"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:473
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:663
+msgid "while modifying policy object"
msgstr ""
-#: ../../src/slave/kprop.c:589
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:487
#, c-format
-msgid "while creating 'last_prop' file, '%s'"
+msgid "while reading information of policy '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:171
-#, c-format
-msgid ""
-"\n"
-"Usage: %s [-r realm] [-s srvtab] [-dS] [-f slave_file]\n"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:692
+msgid "while viewing policy"
msgstr ""
-#: ../../src/slave/kpropd.c:173
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:701
#, c-format
-msgid "\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"
+msgid "while viewing policy '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:174
-#, c-format
-msgid "\t[-x db_args]* [-P port] [-a acl_file]\n"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:835
+msgid "while listing policy objects"
msgstr ""
-#: ../../src/slave/kpropd.c:175
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:453
#, c-format
-msgid "\t[-A admin_server] [--pid-file=pid_file]\n"
+msgid "for subtree while creating realm '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:231
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:465
#, c-format
-msgid "Killing fullprop child (%d)\n"
-msgstr ""
-
-#: ../../src/slave/kpropd.c:260
-msgid "while checking if stdin is a socket"
+msgid "for container reference while creating realm '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:278
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:490
#, c-format
-msgid "ready\n"
+msgid "invalid search scope while creating realm '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:284
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:505
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:829
#, c-format
-msgid "Could not write pid file %s: %s"
+msgid "'%s' is an invalid option\n"
msgstr ""
-#: ../../src/slave/kpropd.c:296
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:513
#, c-format
-msgid "Could not open /dev/null: %s"
+msgid "Initializing database for realm '%s'\n"
msgstr ""
-#: ../../src/slave/kpropd.c:303
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:537
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:698
#, c-format
-msgid "Could not dup the inetd socket: %s"
-msgstr ""
-
-#: ../../src/slave/kpropd.c:338 ../../src/slave/kpropd.c:351
-msgid "do_iprop failed.\n"
+msgid "while creating realm '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:390
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:557
#, c-format
-msgid "getaddrinfo: %s\n"
-msgstr ""
-
-#: ../../src/slave/kpropd.c:396
-msgid "while obtaining socket"
-msgstr ""
-
-#: ../../src/slave/kpropd.c:402
-msgid "while setting SO_REUSEADDR option"
+msgid "Enter DN of Kerberos container: "
msgstr ""
-#: ../../src/slave/kpropd.c:410
-msgid "while unsetting IPV6_V6ONLY option"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:592
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:900
+#, c-format
+msgid "while reading information of realm '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:415
-msgid "while binding listener socket"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:736
+msgid "while reading Kerberos container information"
msgstr ""
-#: ../../src/slave/kpropd.c:426
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:779
#, c-format
-msgid "waiting for a kprop connection\n"
+msgid "for subtree while modifying realm '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:432
-msgid "while accepting connection"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:790
+#, c-format
+msgid "for container reference while modifying realm '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:438
-msgid "while forking"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:818
+#, c-format
+msgid "specified for search scope while modifying information of realm '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:453
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:857
#, c-format
-msgid "waitpid() failed to wait for doit() (%d %s)\n"
+msgid "while modifying information of realm '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:457
-msgid "while waiting to receive database"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:946
+msgid "Realm Name"
msgstr ""
-#: ../../src/slave/kpropd.c:461
-#, c-format
-msgid "Database load process for full propagation completed.\n"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:949
+msgid "Subtree"
msgstr ""
-#: ../../src/slave/kpropd.c:499
-#, c-format
-msgid ""
-"%s: Standard input does not appear to be a network socket.\n"
-"\t(Not run from inetd, and missing the -S option?)\n"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:952
+msgid "Principal Container Reference"
msgstr ""
-#: ../../src/slave/kpropd.c:512
-msgid "while attempting setsockopt (SO_KEEPALIVE)"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:957
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:959
+msgid "SearchScope"
msgstr ""
-#: ../../src/slave/kpropd.c:517
-#, c-format
-msgid "Connection from %s"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:957
+msgid "Invalid !"
msgstr ""
-#: ../../src/slave/kpropd.c:537
-#, c-format
-msgid "Rejected connection from unauthorized principal %s\n"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:964
+msgid "KDC Services"
msgstr ""
-#: ../../src/slave/kpropd.c:541
-#, c-format
-msgid "Rejected connection from unauthorized principal %s"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:979
+msgid "Admin Services"
msgstr ""
-#: ../../src/slave/kpropd.c:558
-#, c-format
-msgid "while opening database file, '%s'"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:994
+msgid "Passwd Services"
msgstr ""
-#: ../../src/slave/kpropd.c:564
-#, c-format
-msgid "while renaming %s to %s"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1010
+msgid "Maximum Ticket Life"
msgstr ""
-#: ../../src/slave/kpropd.c:570
-#, c-format
-msgid "while downgrading lock on '%s'"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1015
+msgid "Maximum Renewable Life"
msgstr ""
-#: ../../src/slave/kpropd.c:577
-#, c-format
-msgid "while unlocking '%s'"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1022
+msgid "Ticket flags"
msgstr ""
-#: ../../src/slave/kpropd.c:589
-msgid "while sending # of received bytes"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1101
+msgid "while listing realms"
msgstr ""
-#: ../../src/slave/kpropd.c:595
-msgid "while trying to close database file"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1433
+msgid "while adding entries to database"
msgstr ""
-#: ../../src/slave/kpropd.c:650
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1474
#, c-format
-msgid "Incremental propagation enabled\n"
+msgid "Deleting KDC database of '%s', are you sure?\n"
msgstr ""
-#: ../../src/slave/kpropd.c:661
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1485
#, c-format
-msgid "%s: unable to get kiprop host based service name for realm %s\n"
+msgid "OK, deleting database of '%s'...\n"
msgstr ""
-#: ../../src/slave/kpropd.c:672
-msgid "while trying to construct host service principal"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1518
+#, c-format
+msgid "deleting database of '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:691
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1523
#, c-format
-msgid "Initializing kadm5 as client %s\n"
+msgid "** Database of '%s' destroyed.\n"
msgstr ""
-#: ../../src/slave/kpropd.c:705
-#, c-format
-msgid "kadm5 initialization failed!\n"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:79
+msgid "ldap_service_password_file not configured"
msgstr ""
-#: ../../src/slave/kpropd.c:714
-msgid "while attempting to connect to master KDC ... retrying"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:124
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:131
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:139
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:145
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:173
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:243
+msgid "while setting service object password"
msgstr ""
-#: ../../src/slave/kpropd.c:718
-#, c-format
-msgid "Sleeping %d seconds to re-initialize kadm5 (RPC ERROR)\n"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:152
+msgid "while getting service password filename"
msgstr ""
-#: ../../src/slave/kpropd.c:734
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:165
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:477
#, c-format
-msgid "while initializing %s interface, retrying"
+msgid "Password for \"%s\""
msgstr ""
-#: ../../src/slave/kpropd.c:738
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:168
#, c-format
-msgid "Sleeping %d seconds to re-initialize kadm5 (krb5kdc not running?)\n"
+msgid "Re-enter password for \"%s\""
msgstr ""
-#: ../../src/slave/kpropd.c:748
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:179
#, c-format
-msgid "kadm5 initialization succeeded\n"
+msgid "%s: Invalid password\n"
msgstr ""
-#: ../../src/slave/kpropd.c:770
-msgid "reading update log header"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:189
+msgid "Failed to convert the password to hexadecimal"
msgstr ""
-#: ../../src/slave/kpropd.c:781
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:199
#, c-format
-msgid "Calling iprop_get_updates_1 (sno=%u sec=%u usec=%u)\n"
+msgid "Failed to open file %s: %s"
msgstr ""
-#: ../../src/slave/kpropd.c:791
-msgid "iprop_get_updates call failed"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:221
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:263
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:272
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:299
+msgid "Failed to write service object password to file"
msgstr ""
-#: ../../src/slave/kpropd.c:797
-#, c-format
-msgid "Reinitializing iprop because get updates failed\n"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:227
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:284
+msgid "Error reading service object password file"
msgstr ""
-#: ../../src/slave/kpropd.c:818
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:252
#, c-format
-msgid "Still waiting for full resync\n"
+msgid "Error creating file %s"
msgstr ""
-#: ../../src/slave/kpropd.c:823
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:105
#, c-format
-msgid "Full resync needed\n"
+msgid ""
+"Usage: kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
+"\tcmd [cmd_options]\n"
+"create [-subtrees subtree_dn_list] [-sscope search_scope] [-"
+"containerref container_reference_dn]\n"
+"\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-kv mkeyVNO] [-s]\n"
+"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
+"\t\t[ticket_flags] [-r realm]\n"
+"modify [-subtrees subtree_dn_list] [-sscope search_scope] [-"
+"containerref container_reference_dn]\n"
+"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
+"\t\t[ticket_flags] [-r realm]\n"
+"view [-r realm]\n"
+"destroy [-f] [-r realm]\n"
+"list\n"
+"stashsrvpw [-f filename] service_dn\n"
+"create_policy [-r realm] [-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+"modify_policy [-r realm] [-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+"view_policy [-r realm] policy\n"
+"destroy_policy [-r realm] [-force] policy\n"
+"list_policy [-r realm]\n"
msgstr ""
-#: ../../src/slave/kpropd.c:824
-msgid "kpropd: Full resync needed."
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:325
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:333
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:341
+msgid "while reading ldap parameters"
msgstr ""
-#: ../../src/slave/kpropd.c:829
-msgid "iprop_full_resync call failed"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:439
+msgid "while initializing error handling"
msgstr ""
-#: ../../src/slave/kpropd.c:840
-#, c-format
-msgid "Full resync request granted\n"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:447
+msgid "while initializing ldap handle"
msgstr ""
-#: ../../src/slave/kpropd.c:841
-msgid "Full resync request granted."
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:461
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:470
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:483
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:525
+msgid "while retrieving ldap configuration"
msgstr ""
-#: ../../src/slave/kpropd.c:850
-#, c-format
-msgid "Exponential backoff\n"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:500
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:507
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:516
+msgid "while initializing server list"
msgstr ""
-#: ../../src/slave/kpropd.c:856
-#, c-format
-msgid "Full resync permission denied\n"
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:547
+msgid "while setting up lib handle"
msgstr ""
-#: ../../src/slave/kpropd.c:857
-msgid "Full resync, permission denied."
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:556
+msgid "while reading ldap configuration"
msgstr ""
-#: ../../src/slave/kpropd.c:862
-#, c-format
-msgid "Full resync error from master\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:68
+msgid "Unable to read Kerberos container"
msgstr ""
-#: ../../src/slave/kpropd.c:863
-msgid " Full resync, error returned from master KDC."
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:73
+msgid "Unable to read Realm"
msgstr ""
-#: ../../src/slave/kpropd.c:871
-#, c-format
-msgid "Full resync invalid result from master\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:214
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:73
+msgid "Error processing LDAP DB params"
msgstr ""
-#: ../../src/slave/kpropd.c:873
-msgid "Full resync, invalid return from master KDC."
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:220
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:79
+msgid "Error reading LDAP server params"
msgstr ""
-#: ../../src/slave/kpropd.c:889
-#, c-format
-msgid "Got incremental updates (sno=%u sec=%u usec=%u)\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:64
+msgid "LDAP bind dn value missing"
msgstr ""
-#: ../../src/slave/kpropd.c:901
-#, c-format
-msgid "ulog_replay failed (%s), updates not registered\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:69
+msgid "LDAP bind password value missing"
msgstr ""
-#: ../../src/slave/kpropd.c:904
-#, c-format
-msgid "ulog_replay failed (%s), updates not registered."
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:78
+msgid "Error reading password from stash"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:85
+msgid "Service password length is zero"
msgstr ""
-#: ../../src/slave/kpropd.c:913
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:145
#, c-format
-msgid "Incremental updates: %d updates / %lu us"
+msgid "Cannot bind to LDAP server '%s' with SASL mechanism '%s': %s"
msgstr ""
-#: ../../src/slave/kpropd.c:916
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:158
#, c-format
-msgid "Incremental updates: %d updates / %lu us\n"
+msgid "Cannot bind to LDAP server '%s' as '%s': %s"
msgstr ""
-#: ../../src/slave/kpropd.c:924
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:183
#, c-format
-msgid "get_updates permission denied\n"
+msgid "Cannot create LDAP handle for '%s': %s"
msgstr ""
-#: ../../src/slave/kpropd.c:925
-msgid "get_updates, permission denied."
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:129
+msgid "could not complete roll-back, error deleting Kerberos Container"
msgstr ""
-#: ../../src/slave/kpropd.c:930
-#, c-format
-msgid "get_updates error from master\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:56
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:67
+msgid "Error reading kerberos container location from krb5.conf"
msgstr ""
-#: ../../src/slave/kpropd.c:931
-msgid "get_updates, error returned from master KDC."
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:75
+msgid "Kerberos container location not specified"
msgstr ""
-#: ../../src/slave/kpropd.c:939
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:56
#, c-format
-msgid "get_updates master busy; backoff\n"
+msgid "Error reading '%s' attribute: %s"
msgstr ""
-#: ../../src/slave/kpropd.c:948
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:219
+msgid "KDB module requires -update argument"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:225
#, c-format
-msgid "KDC is synchronized with master.\n"
+msgid "'%s' value missing"
msgstr ""
-#: ../../src/slave/kpropd.c:956
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:283
#, c-format
-msgid "get_updates invalid result from master\n"
+msgid "unknown option '%s'"
msgstr ""
-#: ../../src/slave/kpropd.c:957
-msgid "get_updates, invalid return from master KDC."
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:343
+msgid "Minimum connections required per server is 2"
msgstr ""
-#: ../../src/slave/kpropd.c:972
-#, c-format
-msgid "Busy signal received from master, backoff for %d secs\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:159
+msgid "Default realm not set"
msgstr ""
-#: ../../src/slave/kpropd.c:979
-#, c-format
-msgid "Waiting for %d seconds before checking for updates again\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:261
+msgid "DN information missing"
msgstr ""
-#: ../../src/slave/kpropd.c:990
-#, c-format
-msgid "ERROR returned by master, bailing\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:473
+msgid "dn information missing"
msgstr ""
-#: ../../src/slave/kpropd.c:991
-msgid "ERROR returned by master KDC, bailing.\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:137
+msgid "Principal does not belong to realm"
msgstr ""
-#: ../../src/slave/kpropd.c:1108
-msgid "copying db args"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:308
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:317
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:325
+#, c-format
+msgid "%s option not supported"
msgstr ""
-#: ../../src/slave/kpropd.c:1133
-msgid "Unable to get default realm"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:332
+#, c-format
+msgid "unknown option: %s"
msgstr ""
-#: ../../src/slave/kpropd.c:1140
-msgid "Unable to set default realm"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:339
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:346
+#, c-format
+msgid "%s option value missing"
msgstr ""
-#: ../../src/slave/kpropd.c:1150
-msgid "while trying to construct my service name"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:671
+msgid "DN is out of the realm subtree"
msgstr ""
-#: ../../src/slave/kpropd.c:1157
-msgid "while allocating filename for temp file"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:703
+msgid "ldap object is already kerberized"
msgstr ""
-#: ../../src/slave/kpropd.c:1165
-msgid "while initializing"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:797
+msgid "Principal does not belong to the default realm"
msgstr ""
-#: ../../src/slave/kpropd.c:1173
-msgid "Unable to map log!\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:865
+#, c-format
+msgid ""
+"operation can not continue, more than one entry with principal name \"%s\" "
+"found"
msgstr ""
-#: ../../src/slave/kpropd.c:1219
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:928
#, c-format
-msgid "Error in krb5_auth_con_ini: %s"
+msgid "'%s' not found"
msgstr ""
-#: ../../src/slave/kpropd.c:1227
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:992
#, c-format
-msgid "Error in krb5_auth_con_setflags: %s"
+msgid ""
+"link information can not be set/updated as the kerberos principal belongs to "
+"an ldap object"
msgstr ""
-#: ../../src/slave/kpropd.c:1235
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1007
#, c-format
-msgid "Error in krb5_auth_con_setaddrs: %s"
+msgid "Failed getting object references"
msgstr ""
-#: ../../src/slave/kpropd.c:1243
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1014
#, c-format
-msgid "Error in krb5_kt_resolve: %s"
+msgid "kerberos principal is already linked to a ldap object"
msgstr ""
-#: ../../src/slave/kpropd.c:1252
-#, c-format
-msgid "Error in krb5_recvauth: %s"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1352
+msgid "ticket policy object value: "
msgstr ""
-#: ../../src/slave/kpropd.c:1259
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1400
#, c-format
-msgid "Error in krb5_copy_prinicpal: %s"
+msgid "Principal delete failed (trying to replace entry): %s"
msgstr ""
-#: ../../src/slave/kpropd.c:1275
-msgid "while unparsing ticket etype"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1410
+#, c-format
+msgid "Principal add failed: %s"
msgstr ""
-#: ../../src/slave/kpropd.c:1279
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1448
#, c-format
-msgid "authenticated client: %s (etype == %s)\n"
+msgid "User modification failed: %s"
msgstr ""
-#: ../../src/slave/kpropd.c:1358
-msgid "while reading size of database from client"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1521
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:294
+msgid "Error reading ticket policy"
msgstr ""
-#: ../../src/slave/kpropd.c:1368
-msgid "while decoding database size from client"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1651
+msgid "unable to decode stored principal key data"
msgstr ""
-#: ../../src/slave/kpropd.c:1381
-msgid "while initializing i_vector"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1709
+msgid "unable to decode stored principal pw history"
msgstr ""
-#: ../../src/slave/kpropd.c:1386
-#, c-format
-msgid "Full propagation transfer started.\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:223
+msgid "Realm information not available"
msgstr ""
-#: ../../src/slave/kpropd.c:1439
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:306
#, c-format
-msgid "Full propagation transfer finished.\n"
-msgstr ""
-
-#: ../../src/slave/kpropd.c:1500
-msgid "while decoding error packet from client"
+msgid "Realm Delete FAILED: %s"
msgstr ""
-#: ../../src/slave/kpropd.c:1509
-msgid "signaled from server"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:386
+msgid "subtree value: "
msgstr ""
-#: ../../src/slave/kpropd.c:1511
-#, c-format
-msgid "Error text from client: %s\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:403
+msgid "container reference value: "
msgstr ""
-#: ../../src/slave/kpropd.c:1560
-#, c-format
-msgid "while trying to fork %s"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:486
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:549
+msgid "Kerberos Container information is missing"
msgstr ""
-#: ../../src/slave/kpropd.c:1564
-#, c-format
-msgid "while trying to exec %s"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:498
+msgid "Invalid Kerberos container DN"
msgstr ""
-#: ../../src/slave/kpropd.c:1571
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:514
#, c-format
-msgid "while waiting for %s"
+msgid "Kerberos Container create FAILED: %s"
msgstr ""
-#: ../../src/slave/kpropd.c:1577
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:557
#, c-format
-msgid "%s load terminated"
+msgid "Kerberos Container delete FAILED: %s"
msgstr ""
-#: ../../src/slave/kpropd.c:1583
-#, c-format
-msgid "%s returned a bad exit status (%d)"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:633
+msgid "realm object value: "
msgstr ""
-#: ../../src/slave/kproplog.c:27
-#, c-format
-msgid ""
-"\n"
-"Usage: %s [-h] [-v] [-v] [-e num]\n"
-"\t%s -R\n"
-"\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:48
+msgid "Not a hexadecimal password"
msgstr ""
-#: ../../src/slave/kproplog.c:129
-#, c-format
-msgid ""
-"\n"
-"Couldn't allocate memory"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:55
+msgid "Password corrupt"
msgstr ""
-#: ../../src/slave/kproplog.c:223
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:78
#, c-format
-msgid "\t\tAttribute flags\n"
+msgid "Cannot open LDAP password file '%s': %s"
msgstr ""
-#: ../../src/slave/kproplog.c:228
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:108
#, c-format
-msgid "\t\tMaximum ticket life\n"
+msgid "Bind DN entry '%s' missing in LDAP password file '%s'"
msgstr ""
-#: ../../src/slave/kproplog.c:233
-#, c-format
-msgid "\t\tMaximum renewable life\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:66
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:142
+msgid "Ticket Policy Name missing"
msgstr ""
-#: ../../src/slave/kproplog.c:238
-#, c-format
-msgid "\t\tPrincipal expiration\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:154
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231
+msgid "ticket policy object: "
msgstr ""
-#: ../../src/slave/kproplog.c:243
-#, c-format
-msgid "\t\tPassword expiration\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:219
+msgid "Ticket Policy Object information missing"
msgstr ""
-#: ../../src/slave/kproplog.c:248
-#, c-format
-msgid "\t\tLast successful auth\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:311
+msgid "Ticket Policy Object DN missing"
msgstr ""
-#: ../../src/slave/kproplog.c:253
-#, c-format
-msgid "\t\tLast failed auth\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:338
+msgid "Delete Failed: One or more Principals associated with the Ticket Policy"
msgstr ""
-#: ../../src/slave/kproplog.c:258
-#, c-format
-msgid "\t\tFailed passwd attempt\n"
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:447
+msgid "Error reading container object"
msgstr ""
-#: ../../src/slave/kproplog.c:263
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:132
#, c-format
-msgid "\t\tPrincipal\n"
+msgid "%s (path: %s): %s"
msgstr ""
-#: ../../src/slave/kproplog.c:268
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:164
#, c-format
-msgid "\t\tKey data\n"
+msgid "Unsupported argument \"%s\" for LMDB"
msgstr ""
-#: ../../src/slave/kproplog.c:275
-#, c-format
-msgid "\t\tTL data\n"
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:294
+msgid "LMDB environment open failure"
msgstr ""
-#: ../../src/slave/kproplog.c:282
-#, c-format
-msgid "\t\tLength\n"
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:319
+msgid "LMDB read failure"
msgstr ""
-#: ../../src/slave/kproplog.c:287
-#, c-format
-msgid "\t\tPassword last changed\n"
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:394
+msgid "LMDB write failure"
msgstr ""
-#: ../../src/slave/kproplog.c:292
-#, c-format
-msgid "\t\tModifying principal\n"
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:418
+msgid "LMDB delete failure"
msgstr ""
-#: ../../src/slave/kproplog.c:297
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:521
#, c-format
-msgid "\t\tModification time\n"
+msgid "LMDB file %s does not exist"
msgstr ""
-#: ../../src/slave/kproplog.c:302
-#, c-format
-msgid "\t\tModified where\n"
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:566
+msgid "LMDB open failure"
msgstr ""
-#: ../../src/slave/kproplog.c:307
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:593
#, c-format
-msgid "\t\tPassword policy\n"
+msgid "LMDB file %s already exists"
msgstr ""
-#: ../../src/slave/kproplog.c:312
-#, c-format
-msgid "\t\tPassword policy switch\n"
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:658
+msgid "LMDB create error"
msgstr ""
-#: ../../src/slave/kproplog.c:317
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:676
#, c-format
-msgid "\t\tPassword history KVNO\n"
+msgid "Could not unlink %s"
msgstr ""
-#: ../../src/slave/kproplog.c:322
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:760
#, c-format
-msgid "\t\tPassword history\n"
+msgid "Unsupported argument \"%s\" for lmdb"
msgstr ""
-#: ../../src/slave/kproplog.c:356
-#, c-format
-msgid ""
-"Corrupt update entry\n"
-"\n"
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:806
+msgid "LMDB lockout write failure"
msgstr ""
-#: ../../src/slave/kproplog.c:361
-#, c-format
-msgid "Update Entry\n"
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:882
+msgid "LMDB principal iteration failure"
msgstr ""
-#: ../../src/slave/kproplog.c:363
-#, c-format
-msgid "\tUpdate serial # : %u\n"
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:985
+msgid "LMDB policy iteration failure"
msgstr ""
-#: ../../src/slave/kproplog.c:367
-#, c-format
-msgid "\tDummy entry\n"
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1016
+msgid "LMDB transaction commit failure"
msgstr ""
-#: ../../src/slave/kproplog.c:375
-#, c-format
-msgid ""
-"Entry data decode failure\n"
-"\n"
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1115
+msgid "LMDB lockout update failure"
msgstr ""
-#: ../../src/slave/kproplog.c:379
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:500
#, c-format
-msgid "\tUpdate operation : "
+msgid "%s: %s"
msgstr ""
-#: ../../src/slave/kproplog.c:381
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:530
#, c-format
-msgid "Delete\n"
+msgid "%s (depth %d): %s"
msgstr ""
-#: ../../src/slave/kproplog.c:383
-#, c-format
-msgid "Add\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:773
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4324
+msgid "Pass phrase for"
msgstr ""
-#: ../../src/slave/kproplog.c:387
-#, c-format
-msgid ""
-"Could not allocate principal name\n"
-"\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1103
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1113
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1380
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1390
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1931
+msgid "Failed to DER encode PKCS7"
msgstr ""
-#: ../../src/slave/kproplog.c:393
-#, c-format
-msgid "\tUpdate principal : %s\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1204
+msgid "Failed to verify own certificate"
msgstr ""
-#: ../../src/slave/kproplog.c:395
-#, c-format
-msgid "\tUpdate size : %u\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1364
+msgid "Failed to add digest attribute"
msgstr ""
-#: ../../src/slave/kproplog.c:396
-#, c-format
-msgid "\tUpdate committed : %s\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1492
+msgid "Failed to decode CMS message"
msgstr ""
-#: ../../src/slave/kproplog.c:400
-#, c-format
-msgid "\tUpdate time stamp : None\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1510
+msgid "Invalid pkinit packet: octet string expected"
msgstr ""
-#: ../../src/slave/kproplog.c:402
-#, c-format
-msgid "\tUpdate time stamp : %s"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1528
+msgid "wrong oid\n"
msgstr ""
-#: ../../src/slave/kproplog.c:406
-#, c-format
-msgid "\tAttributes changed : %d\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1680
+msgid "Failed to verify received certificate"
msgstr ""
-#: ../../src/slave/kproplog.c:471
-#, c-format
-msgid ""
-"Unable to initialize Kerberos\n"
-"\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1718
+msgid "Failed to verify CMS message"
msgstr ""
-#: ../../src/slave/kproplog.c:478
-#, c-format
-msgid ""
-"Couldn't read database_name\n"
-"\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1906
+msgid "Failed to encrypt PKCS7 object"
msgstr ""
-#: ../../src/slave/kproplog.c:482
-#, c-format
-msgid ""
-"\n"
-"Kerberos update log (%s)\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1981
+msgid "Failed to decode PKCS7"
msgstr ""
-#: ../../src/slave/kproplog.c:486 ../../src/slave/kproplog.c:501
-#, c-format
-msgid ""
-"Unable to map log file %s\n"
-"\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1998
+msgid "Failed to decrypt PKCS7 message"
msgstr ""
-#: ../../src/slave/kproplog.c:491
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4444
#, c-format
-msgid ""
-"Couldn't reinitialize ulog file %s\n"
-"\n"
+msgid "Cannot read certificate file '%s'"
msgstr ""
-#: ../../src/slave/kproplog.c:495
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4451
#, c-format
-msgid "Reinitialized the ulog.\n"
+msgid "Cannot read key file '%s'"
msgstr ""
-#: ../../src/slave/kproplog.c:507
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5313
#, c-format
-msgid ""
-"Corrupt header log, exiting\n"
-"\n"
+msgid "Cannot open file '%s'"
msgstr ""
-#: ../../src/slave/kproplog.c:511
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5320
#, c-format
-msgid "Update log dump :\n"
+msgid "Cannot read file '%s'"
msgstr ""
-#: ../../src/slave/kproplog.c:512
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5995
#, c-format
-msgid "\tLog version # : %u\n"
+msgid "unknown code 0x%x"
msgstr ""
-#: ../../src/slave/kproplog.c:513
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:419
#, c-format
-msgid "\tLog state : "
+msgid "Unsupported type while processing '%s'\n"
msgstr ""
-#: ../../src/slave/kproplog.c:516
-#, c-format
-msgid "Stable\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:453
+msgid "Internal error parsing X509_user_identity\n"
msgstr ""
-#: ../../src/slave/kproplog.c:519
-#, c-format
-msgid "Unstable\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:544
+msgid "No user identity options specified"
msgstr ""
-#: ../../src/slave/kproplog.c:522
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:405
#, c-format
-msgid "Corrupt\n"
+msgid "PKINIT: no freshness token, rejecting auth from %s"
msgstr ""
-#: ../../src/slave/kproplog.c:525
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:409
#, c-format
-msgid "Unknown state: %d\n"
+msgid "PKINIT: freshness token received from %s"
msgstr ""
-#: ../../src/slave/kproplog.c:528
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:411
#, c-format
-msgid "\tEntry block size : %u\n"
+msgid "PKINIT: no freshness token received from %s"
msgstr ""
-#: ../../src/slave/kproplog.c:529
-#, c-format
-msgid "\tNumber of entries : %u\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:542
+msgid "Pkinit request not signed, but client not anonymous."
msgstr ""
-#: ../../src/slave/kproplog.c:532
-#, c-format
-msgid "\tLast serial # : None\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:580
+msgid "Anonymous pkinit without DH public value not supported."
msgstr ""
-#: ../../src/slave/kproplog.c:535
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1304
#, c-format
-msgid "\tFirst serial # : None\n"
+msgid "No pkinit_identity supplied for realm %s"
msgstr ""
-#: ../../src/slave/kproplog.c:537
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1315
#, c-format
-msgid "\tFirst serial # : "
+msgid "No pkinit_anchors supplied for realm %s"
msgstr ""
-#: ../../src/slave/kproplog.c:541
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1335
#, c-format
-msgid "\tLast serial # : "
+msgid "OCSP is not supported: (realm: %s)"
msgstr ""
-#: ../../src/slave/kproplog.c:546
-#, c-format
-msgid "\tLast time stamp : None\n"
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1736
+msgid "No realms configured correctly for pkinit support"
msgstr ""
-#: ../../src/slave/kproplog.c:549
-#, c-format
-msgid "\tFirst time stamp : None\n"
+#: ../../src/plugins/preauth/spake/groups.c:237
+msgid "No SPAKE preauth groups configured"
msgstr ""
-#: ../../src/slave/kproplog.c:551
+#: ../../src/plugins/preauth/spake/groups.c:257
#, c-format
-msgid "\tFirst time stamp : %s"
+msgid "SPAKE challenge group not a permitted group: %s"
msgstr ""
-#: ../../src/slave/kproplog.c:555
-#, c-format
-msgid "\tLast time stamp : %s\n"
+#: ../../src/plugins/preauth/spake/spake_kdc.c:536
+msgid "Unknown SPAKE request type"
msgstr ""
#: ../../src/util/support/errors.c:77
$(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
$(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
common.h t_accname.c
+$(OUTPRE)t_add_cred.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+ common.h t_add_cred.c
$(OUTPRE)t_ccselect.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
$(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
ss_internal.h utils.c
options.so options.po $(OUTPRE)options.$(OBJEXT): $(BUILDTOP)/include/ss/ss_err.h \
$(COM_ERR_DEPS) copyright.h options.c ss.h
-cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.h
+cmd_tbl.lex.o: cmd_tbl.lex.c
ct.tab.o: $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) \
ct.tab.c ss.h
ss_err.so ss_err.po $(OUTPRE)ss_err.$(OBJEXT): $(COM_ERR_DEPS) \
projects / thirdparty / krb5.git / commitdiff
