From: Greg Hudson Date: Sun, 4 May 2025 04:15:44 +0000 (-0400) Subject: make regen X-Git-Tag: krb5-1.22-beta1~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76ca2f3e684367dfef264e05d24b1d7a6f99ba04;p=thirdparty%2Fkrb5.git make regen Also fix SRCS in util/support/Makefile.in to name regex.cpp and not regex.c. --- diff --git a/src/kadmin/dbutil/deps b/src/kadmin/dbutil/deps index d4d96316e6..0d4ebe7a3a 100644 --- a/src/kadmin/dbutil/deps +++ b/src/kadmin/dbutil/deps @@ -123,11 +123,12 @@ $(OUTPRE)dump.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h dump.c kdb5_util.h + $(top_srcdir)/include/k5-regex.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \ + $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + dump.c kdb5_util.h $(OUTPRE)kdb5_mkey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ @@ -144,11 +145,12 @@ $(OUTPRE)kdb5_mkey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h kdb5_mkey.c kdb5_util.h + $(top_srcdir)/include/k5-regex.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \ + $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + kdb5_mkey.c kdb5_util.h $(OUTPRE)tabdump.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ diff --git a/src/lib/kadm5/srv/deps b/src/lib/kadm5/srv/deps index 8539c6d2ae..530b836bc4 100644 --- a/src/lib/kadm5/srv/deps +++ b/src/lib/kadm5/srv/deps @@ -227,9 +227,9 @@ svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): \ $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \ $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \ $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \ - $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/plugin.h \ - svr_iters.c + $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-regex.h \ + $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/plugin.h svr_iters.c svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ diff --git a/src/lib/krb5/os/deps b/src/lib/krb5/os/deps index 4c052d5502..4b43f13fbe 100644 --- a/src/lib/krb5/os/deps +++ b/src/lib/krb5/os/deps @@ -321,12 +321,13 @@ localauth_rule.so localauth_rule.po $(OUTPRE)localauth_rule.$(OBJEXT): \ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/localauth_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - localauth_rule.c os-proto.h + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-regex.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/localauth_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h localauth_rule.c \ + os-proto.h locate_kdc.so locate_kdc.po $(OUTPRE)locate_kdc.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ diff --git a/src/man/k5identity.man b/src/man/k5identity.man index ba7c533bf5..2f89a30433 100644 --- a/src/man/k5identity.man +++ b/src/man/k5identity.man @@ -54,8 +54,8 @@ recognized: If the realm of the server principal is known, it is matched against \fIvalue\fP, which may be a pattern using shell wildcards. For host\-based server principals, the realm will generally only be -known if there is a domain_realm section in -krb5.conf(5) with a mapping for the hostname. +known if there is a \fI\%[domain_realm]\fP section in +\fI\%krb5.conf\fP with a mapping for the hostname. .TP \fBservice\fP If the server principal is a host\-based principal, its service @@ -83,18 +83,16 @@ accessing the IMAP service on \fBmail.example.com\fP: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX alice@KRBTEST.COM realm=KRBTEST.COM alice/root@EXAMPLE.COM host=*.servers.example.com alice/mail@EXAMPLE.COM host=mail.example.com service=imap -.ft P -.fi +.EE .UNINDENT .UNINDENT .SH SEE ALSO .sp -kerberos(1), krb5.conf(5) +kerberos(1), \fI\%krb5.conf\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/k5login.man b/src/man/k5login.man index 47276bcb9c..a139781db1 100644 --- a/src/man/k5login.man +++ b/src/man/k5login.man @@ -45,18 +45,16 @@ containing just the following line: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX bob@FOOBAR.ORG -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp This would allow \fBbob\fP to use Kerberos network applications, such as ssh(1), to access \fBalice\fP\(aqs account, using \fBbob\fP\(aqs Kerberos tickets. In a default configuration (with \fBk5login_authoritative\fP set -to true in krb5.conf(5)), this .k5login file would not let +to true in \fI\%krb5.conf\fP), this .k5login file would not let \fBalice\fP use those network applications to access her account, since she is not listed! With no .k5login file, or with \fBk5login_authoritative\fP set to false, a default rule would permit the principal \fBalice\fP in the @@ -68,13 +66,11 @@ in root\(aqs .k5login file on each host: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX alice@BLEEP.COM joeadmin/root@BLEEP.COM -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp diff --git a/src/man/k5srvutil.man b/src/man/k5srvutil.man index 7b41dc7628..7f61be2df1 100644 --- a/src/man/k5srvutil.man +++ b/src/man/k5srvutil.man @@ -78,15 +78,15 @@ each key. In all cases, the default keytab is used unless this is overridden by the \fB\-f\fP option. .sp -k5srvutil uses the kadmin(1) program to edit the keytab in +k5srvutil uses the \fI\%kadmin\fP program to edit the keytab in place. .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kadmin(1), ktutil(1), kerberos(7) +\fI\%kadmin\fP, \fI\%ktutil\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kadm5.acl.man b/src/man/kadm5.acl.man index 14aa3dee29..42db3c8cdf 100644 --- a/src/man/kadm5.acl.man +++ b/src/man/kadm5.acl.man @@ -1,3 +1,4 @@ +'\" t .\" Man page generated from reStructuredText. . . @@ -32,14 +33,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] kadm5.acl \- Kerberos ACL file .SH DESCRIPTION .sp -The Kerberos kadmind(8) daemon uses an Access Control List +The Kerberos \fI\%kadmind\fP daemon uses an Access Control List (ACL) file to manage access rights to the Kerberos database. For operations that affect principals, the ACL file also controls which principals can operate on which other principals. .sp The default location of the Kerberos ACL file is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP unless this is overridden by the \fIacl_file\fP -variable in kdc.conf(5)\&. +variable in \fI\%kdc.conf\fP\&. .SH SYNTAX .sp Empty lines and lines starting with the sharp sign (\fB#\fP) are @@ -47,11 +48,9 @@ ignored. Lines containing ACL entries have the format: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX principal permissions [target_principal [restrictions] ] -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -127,7 +126,7 @@ _ T{ p T} T{ -[Dis]allows the propagation of the principal database (used in incr_db_prop) +[Dis]allows the propagation of the principal database (used in \fI\%Incremental database propagation\fP) T} _ T{ @@ -185,7 +184,7 @@ in which \fB*number\fP matches the corresponding wildcard in .B {+|\-}\fIflagname\fP flag is forced to the indicated value. The permissible flags are the same as those for the \fBdefault_principal_flags\fP -variable in kdc.conf(5)\&. +variable in \fI\%kdc.conf\fP\&. .TP .B \fI\-clearpolicy\fP policy is forced to be empty. @@ -194,7 +193,7 @@ policy is forced to be empty. policy is forced to be \fIpol\fP\&. .TP .B \-{\fIexpire, pwexpire, maxlife, maxrenewlife\fP} \fItime\fP -(getdate string) associated value will be forced to +(\fI\%getdate time\fP string) associated value will be forced to MIN(\fItime\fP, requested value). .UNINDENT .UNINDENT @@ -217,16 +216,14 @@ Here is an example of a kadm5.acl file: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX */admin@ATHENA.MIT.EDU * # line 1 joeadmin@ATHENA.MIT.EDU ADMCIL # line 2 joeadmin/*@ATHENA.MIT.EDU i */root@ATHENA.MIT.EDU # line 3 */root@ATHENA.MIT.EDU ci *1@ATHENA.MIT.EDU # line 4 */root@ATHENA.MIT.EDU l * # line 5 sms@ATHENA.MIT.EDU x * \-maxlife 9h \-postdateable # line 6 -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -260,17 +257,17 @@ postdateable tickets or tickets with a life of longer than 9 hours. .SH MODULE BEHAVIOR .sp The ACL file can coexist with other authorization modules in release -1.16 and later, as configured in the kadm5_auth section of -krb5.conf(5)\&. The ACL file will positively authorize +1.16 and later, as configured in the \fI\%kadm5_auth interface\fP section of +\fI\%krb5.conf\fP\&. The ACL file will positively authorize operations according to the rules above, but will never authoritatively deny an operation, so other modules can authorize operations in addition to those authorized by the ACL file. .sp To operate without an ACL file, set the \fIacl_file\fP variable in -kdc.conf(5) to the empty string with \fBacl_file = ""\fP\&. +\fI\%kdc.conf\fP to the empty string with \fBacl_file = \(dq\(dq\fP\&. .SH SEE ALSO .sp -kdc.conf(5), kadmind(8) +\fI\%kdc.conf\fP, \fI\%kadmind\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kadmin.man b/src/man/kadmin.man index 8745fd9afa..227c46ec4b 100644 --- a/src/man/kadmin.man +++ b/src/man/kadmin.man @@ -56,8 +56,8 @@ kadmin \- Kerberos V5 database administration program kadmin and kadmin.local are command\-line interfaces to the Kerberos V5 administration system. They provide nearly identical functionalities; the difference is that kadmin.local directly accesses the KDC -database, while kadmin performs operations using kadmind(8)\&. -Except as explicitly noted otherwise, this man page will use "kadmin" +database, while kadmin performs operations using \fI\%kadmind\fP\&. +Except as explicitly noted otherwise, this man page will use \(dqkadmin\(dq to refer to both versions. kadmin provides for the maintenance of Kerberos principals, password policies, and service key tables (keytabs). @@ -103,7 +103,7 @@ with the \fB\-k\fP option. Requests anonymous processing. Two types of anonymous principals are supported. For fully anonymous Kerberos, configure PKINIT on the KDC and configure \fBpkinit_anchors\fP in the client\(aqs -krb5.conf(5)\&. Then use the \fB\-n\fP option with a principal +\fI\%krb5.conf\fP\&. Then use the \fB\-n\fP option with a principal of the form \fB@REALM\fP (an empty principal name followed by the at\-sign and a realm name). If permitted by the KDC, an anonymous ticket will be returned. A second form of anonymous tickets is @@ -119,7 +119,7 @@ Use \fIcredentials_cache\fP as the credentials cache. The cache should contain a service ticket for the \fBkadmin/admin\fP or \fBkadmin/ADMINHOST\fP (where \fIADMINHOST\fP is the fully\-qualified hostname of the admin server) service; it can be acquired with the -kinit(1) program. If this option is not specified, kadmin +\fI\%kinit\fP program. If this option is not specified, kadmin requests a new service ticket from the KDC, and stores it in its own temporary ccache. .TP @@ -142,9 +142,9 @@ Specifies the admin server which kadmin should contact. If using kadmin.local, prompt for the database master password instead of reading it from a stash file. .TP -\fB\-e\fP "\fIenc\fP:\fIsalt\fP ..." +\fB\-e\fP \(dq\fIenc\fP:\fIsalt\fP ...\(dq Sets the keysalt list to be used for any new keys created. See -Keysalt_lists in kdc.conf(5) for a list of possible +\fI\%Keysalt lists\fP in \fI\%kdc.conf\fP for a list of possible values. .TP \fB\-O\fP @@ -223,7 +223,7 @@ Specifies the password or SASL secret used to bind to the LDAP server. Using this option may expose the password to other users on the system via the process list; to avoid this, instead stash the password using the \fBstashsrvpw\fP command of -kdb5_ldap_util(8)\&. +\fI\%kdb5_ldap_util\fP\&. .TP \fB\-x sasl_mech=\fP\fImechanism\fP Specifies the SASL mechanism used to bind to the LDAP server. @@ -254,7 +254,7 @@ are printed to standard error. New in release 1.12. .SH COMMANDS .sp When using the remote client, available commands may be restricted -according to the privileges specified in the kadm5.acl(5) file +according to the privileges specified in the \fI\%kadm5.acl\fP file on the admin server. .SS add_principal .INDENT 0.0 @@ -278,17 +278,17 @@ Options: .INDENT 0.0 .TP \fB\-expire\fP \fIexpdate\fP -(getdate string) The expiration date of the principal. +(\fI\%getdate time\fP string) The expiration date of the principal. .TP \fB\-pwexpire\fP \fIpwexpdate\fP -(getdate string) The password expiration date. +(\fI\%getdate time\fP string) The password expiration date. .TP \fB\-maxlife\fP \fImaxlife\fP -(duration or getdate string) The maximum ticket life +(\fI\%Time duration\fP or \fI\%getdate time\fP string) The maximum ticket life for the principal. .TP \fB\-maxrenewlife\fP \fImaxrenewlife\fP -(duration or getdate string) The maximum renewable +(\fI\%Time duration\fP or \fI\%getdate time\fP string) The maximum renewable life of tickets for the principal. .TP \fB\-kvno\fP \fIkvno\fP @@ -407,7 +407,7 @@ via the process list. .TP \fB\-e\fP \fIenc\fP:\fIsalt\fP,... Uses the specified keysalt list for setting the keys of the -principal. See Keysalt_lists in kdc.conf(5) for a +principal. See \fI\%Keysalt lists\fP in \fI\%kdc.conf\fP for a list of possible values. .TP \fB\-x\fP \fIdb_princ_args\fP @@ -455,17 +455,15 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kadmin: addprinc jennifer -No policy specified for "jennifer@ATHENA.MIT.EDU"; +No policy specified for \(dqjennifer@ATHENA.MIT.EDU\(dq; defaulting to no policy. Enter password for principal jennifer@ATHENA.MIT.EDU: Re\-enter password for principal jennifer@ATHENA.MIT.EDU: -Principal "jennifer@ATHENA.MIT.EDU" created. +Principal \(dqjennifer@ATHENA.MIT.EDU\(dq created. kadmin: -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS modify_principal @@ -506,6 +504,23 @@ given. This command requires the \fBadd\fP and \fBdelete\fP privileges. .sp Alias: \fBrenprinc\fP +.SS add_alias +.INDENT 0.0 +.INDENT 3.5 +\fBadd_alias\fP \fIalias_princ\fP \fItarget_princ\fP +.UNINDENT +.UNINDENT +.sp +Create an alias \fIalias_princ\fP pointing to \fItarget_princ\fP\&. Aliases may +be chained (that is, \fItarget_princ\fP may itself be an alias) up to a +depth of 10. +.sp +This command requires the \fBadd\fP privilege for \fIalias_princ\fP and the +\fBmodify\fP privilege for \fItarget_princ\fP\&. +.sp +(New in release 1.22.) +.sp +Aliases: \fBalias\fP .SS delete_principal .INDENT 0.0 .INDENT 3.5 @@ -513,8 +528,8 @@ Alias: \fBrenprinc\fP .UNINDENT .UNINDENT .sp -Deletes the specified \fIprincipal\fP from the database. This command -prompts for deletion, unless the \fB\-force\fP option is given. +Deletes the specified \fIprincipal\fP or alias from the database. This +command prompts for deletion, unless the \fB\-force\fP option is given. .sp This command requires the \fBdelete\fP privilege. .sp @@ -548,7 +563,7 @@ the process list. .TP \fB\-e\fP \fIenc\fP:\fIsalt\fP,... Uses the specified keysalt list for setting the keys of the -principal. See Keysalt_lists in kdc.conf(5) for a +principal. See \fI\%Keysalt lists\fP in \fI\%kdc.conf\fP for a list of possible values. .TP \fB\-keepold\fP @@ -560,15 +575,13 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kadmin: cpw systest Enter password for principal systest@BLEEP.COM: Re\-enter password for principal systest@BLEEP.COM: Password for systest@BLEEP.COM changed. kadmin: -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS purgekeys @@ -604,8 +617,7 @@ Examples: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kadmin: getprinc tlyu/admin Principal: tlyu/admin@BLEEP.COM Expiration date: [never] @@ -628,8 +640,7 @@ systest@BLEEP.COM 3 86400 604800 1 785926535 753241234 785900000 tlyu/admin@BLEEP.COM 786100034 0 0 kadmin: -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS list_principals @@ -655,16 +666,14 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kadmin: listprincs test* test3@SECURE\-TEST.OV.COM test2@SECURE\-TEST.OV.COM test1@SECURE\-TEST.OV.COM testuser@SECURE\-TEST.OV.COM kadmin: -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS get_strings @@ -701,7 +710,7 @@ specified indicators will be accepted. (New in release 1.14.) \fBsession_enctypes\fP Specifies the encryption types supported for session keys when the principal is authenticated to as a server. See -Encryption_types in kdc.conf(5) for a list of the +\fI\%Encryption types\fP in \fI\%kdc.conf\fP for a list of the accepted values. .TP \fBotp\fP @@ -714,14 +723,14 @@ Specifies a matching expression that defines the certificate attributes required for the client certificate used by the principal during PKINIT authentication. The matching expression is in the same format as those used by the \fBpkinit_cert_match\fP -option in krb5.conf(5)\&. (New in release 1.16.) +option in \fI\%krb5.conf\fP\&. (New in release 1.16.) .TP \fBpac_privsvr_enctype\fP Forces the encryption type of the PAC KDC checksum buffers to the specified encryption type for tickets issued to this server, by deriving a key from the local krbtgt key if it is of a different encryption type. It may be necessary to set this value to -"aes256\-sha1" on the cross\-realm krbtgt entry for an Active +\(dqaes256\-sha1\(dq on the cross\-realm krbtgt entry for an Active Directory realm when using aes\-sha2 keys on the local krbtgt entry. .UNINDENT @@ -734,12 +743,10 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX set_string host/foo.mit.edu session_enctypes aes128\-cts -set_string user@FOO.COM otp "[{""type"":""hotp"",""username"":""al""}]" -.ft P -.fi +set_string user@FOO.COM otp \(dq[{\(dq\(dqtype\(dq\(dq:\(dq\(dqhotp\(dq\(dq,\(dq\(dqusername\(dq\(dq:\(dq\(dqal\(dq\(dq}]\(dq +.EE .UNINDENT .UNINDENT .SS del_string @@ -771,11 +778,11 @@ The following options are available: .INDENT 0.0 .TP \fB\-maxlife\fP \fItime\fP -(duration or getdate string) Sets the maximum +(\fI\%Time duration\fP or \fI\%getdate time\fP string) Sets the maximum lifetime of a password. .TP \fB\-minlife\fP \fItime\fP -(duration or getdate string) Sets the minimum +(\fI\%Time duration\fP or \fI\%getdate time\fP string) Sets the minimum lifetime of a password. .TP \fB\-minlength\fP \fIlength\fP @@ -802,7 +809,7 @@ resets to 0 after a successful attempt to authenticate. A .INDENT 0.0 .TP \fB\-failurecountinterval\fP \fIfailuretime\fP -(duration or getdate string) Sets the allowable time +(\fI\%Time duration\fP or \fI\%getdate time\fP string) Sets the allowable time between authentication failures. If an authentication failure happens after \fIfailuretime\fP has elapsed since the previous failure, the number of authentication failures is reset to 1. A @@ -811,7 +818,7 @@ failure, the number of authentication failures is reset to 1. A .INDENT 0.0 .TP \fB\-lockoutduration\fP \fIlockouttime\fP -(duration or getdate string) Sets the duration for +(\fI\%Time duration\fP or \fI\%getdate time\fP string) Sets the duration for which the principal is locked from authenticating if too many authentication failures occur without the specified failure count interval elapsing. A duration of 0 (the default) means the @@ -821,7 +828,7 @@ with \fBmodprinc \-unlock\fP\&. \fB\-allowedkeysalts\fP Specifies the key/salt tuples supported for long\-term keys when setting or changing a principal\(aqs password/keys. See -Keysalt_lists in kdc.conf(5) for a list of the +\fI\%Keysalt lists\fP in \fI\%kdc.conf\fP for a list of the accepted values, but note that key/salt tuples must be separated with commas (\(aq,\(aq) only. To clear the allowed key/salt policy use a value of \(aq\-\(aq. @@ -831,12 +838,10 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C -kadmin: add_policy \-maxlife "2 days" \-minlength 5 guests +.EX +kadmin: add_policy \-maxlife \(dq2 days\(dq \-minlength 5 guests kadmin: -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS modify_policy @@ -871,14 +876,12 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kadmin: del_policy guests -Are you sure you want to delete the policy "guests"? +Are you sure you want to delete the policy \(dqguests\(dq? (yes/no): yes kadmin: -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS get_policy @@ -900,8 +903,7 @@ Examples: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kadmin: get_policy admin Policy: admin Maximum password life: 180 days 00:00:00 @@ -914,12 +916,11 @@ Reference count: 17 kadmin: get_policy \-terse admin admin 15552000 0 6 2 5 17 kadmin: -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp -The "Reference count" is the number of principals using that policy. +The \(dqReference count\(dq is the number of principals using that policy. With the LDAP KDC database module, the reference count field is not meaningful. .SS list_policies @@ -943,8 +944,7 @@ Examples: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kadmin: listpols test\-pol dict\-only @@ -955,8 +955,7 @@ kadmin: listpols t* test\-pol test\-pol\-nopw kadmin: -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS ktadd @@ -987,7 +986,7 @@ used. .TP \fB\-e\fP \fIenc\fP:\fIsalt\fP,... Uses the specified keysalt list for setting the new keys of the -principal. See Keysalt_lists in kdc.conf(5) for a +principal. See \fI\%Keysalt lists\fP in \fI\%kdc.conf\fP for a list of possible values. .TP \fB\-q\fP @@ -1009,15 +1008,13 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kadmin: ktadd \-k /tmp/foo\-new\-keytab host/foo.mit.edu Entry for principal host/foo.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256\-cts\-hmac\-sha1\-96 added to keytab FILE:/tmp/foo\-new\-keytab kadmin: -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS ktremove @@ -1030,8 +1027,8 @@ kadmin: Removes entries for the specified \fIprincipal\fP from a keytab. Requires no permissions, since this does not require database access. .sp -If the string "all" is specified, all entries for that principal are -removed; if the string "old" is specified, all entries for that +If the string \(dqall\(dq is specified, all entries for that principal are +removed; if the string \(dqold\(dq is specified, all entries for that principal except those with the highest kvno are removed. Otherwise, the value specified is parsed as an integer, and all entries whose kvno match that integer are removed. @@ -1053,14 +1050,12 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kadmin: ktremove kadmin/admin all Entry for principal kadmin/admin with kvno 3 removed from keytab FILE:/etc/krb5.keytab kadmin: -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS lock @@ -1086,11 +1081,11 @@ The kadmin program was originally written by Tom Yu at MIT, as an interface to the OpenVision Kerberos administration program. .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kpasswd(1), kadmind(8), kerberos(7) +\fI\%kpasswd\fP, \fI\%kadmind\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kadmind.man b/src/man/kadmind.man index 89d4a3eb78..4a9e56318f 100644 --- a/src/man/kadmind.man +++ b/src/man/kadmind.man @@ -50,24 +50,24 @@ kadmind starts the Kerberos administration server. kadmind typically runs on the primary Kerberos server, which stores the KDC database. If the KDC database uses the LDAP module, the administration server and the KDC server need not run on the same machine. kadmind accepts -remote requests from programs such as kadmin(1) and -kpasswd(1) to administer the information in these database. +remote requests from programs such as \fI\%kadmin\fP and +\fI\%kpasswd\fP to administer the information in these database. .sp kadmind requires a number of configuration files to be set up in order for it to work: .INDENT 0.0 .TP -.B kdc.conf(5) +.B \fI\%kdc.conf\fP The KDC configuration file contains configuration information for the KDC and admin servers. kadmind uses settings in this file to locate the Kerberos database, and is also affected by the \fBacl_file\fP, \fBdict_file\fP, \fBkadmind_port\fP, and iprop\-related settings. .TP -.B kadm5.acl(5) +.B \fI\%kadm5.acl\fP kadmind\(aqs ACL (access control list) tells it which principals are allowed to perform administration actions. The pathname to the -ACL file can be specified with the \fBacl_file\fP kdc.conf(5) +ACL file can be specified with the \fBacl_file\fP \fI\%kdc.conf\fP variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. .UNINDENT .sp @@ -78,7 +78,7 @@ kadmind can be configured for incremental database propagation. Incremental propagation allows replica KDC servers to receive principal and policy updates incrementally instead of receiving full dumps of the database. This facility can be enabled in the -kdc.conf(5) file with the \fBiprop_enable\fP option. Incremental +\fI\%kdc.conf\fP file with the \fBiprop_enable\fP option. Incremental propagation requires the principal \fBkiprop/PRIMARY\e@REALM\fP (where PRIMARY is the primary KDC\(aqs canonical host name, and REALM the realm name). In release 1.13, this principal is automatically created and @@ -109,7 +109,7 @@ provides incremental updates to other Kerberos replicas. \fB\-port\fP \fIport\-number\fP specifies the port on which the administration server listens for connections. The default port is determined by the -\fBkadmind_port\fP configuration variable in kdc.conf(5)\&. +\fBkadmind_port\fP configuration variable in \fI\%kdc.conf\fP\&. .TP \fB\-P\fP \fIpid_file\fP specifies the file to which the PID of kadmind process should be @@ -135,16 +135,24 @@ specifies the file path to be used for dumping the KDB in response to full resync requests when iprop is enabled. .TP \fB\-x\fP \fIdb_args\fP -specifies database\-specific arguments. See Database Options in kadmin(1) for supported arguments. +specifies database\-specific arguments. See \fI\%Database Options\fP in \fI\%kadmin\fP for supported arguments. .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. +.sp +As of release 1.22, kadmind supports systemd socket activation via the +LISTEN_PID and LISTEN_FDS environment variables. Sockets provided by +the caller must correspond to configured listener addresses (via the +\fBkadmind_listen\fP or \fBkpasswd_listen\fP variables or equivalents) or +they will be ignored. Any configured listener addresses that do not +correspond to caller\-provided sockets will be ignored if socket +activation is used. .SH SEE ALSO .sp -kpasswd(1), kadmin(1), kdb5_util(8), -kdb5_ldap_util(8), kadm5.acl(5), kerberos(7) +\fI\%kpasswd\fP, \fI\%kadmin\fP, \fI\%kdb5_util\fP, +\fI\%kdb5_ldap_util\fP, \fI\%kadm5.acl\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kdb5_ldap_util.man b/src/man/kdb5_ldap_util.man index 35fdd0b72f..b6bd1cd1eb 100644 --- a/src/man/kdb5_ldap_util.man +++ b/src/man/kdb5_ldap_util.man @@ -60,9 +60,9 @@ Specifies the URI of the LDAP server. .UNINDENT .sp By default, kdb5_ldap_util operates on the default realm (as specified -in krb5.conf(5)) and connects and authenticates to the LDAP +in \fI\%krb5.conf\fP) and connects and authenticates to the LDAP server in the same manner as :ref:kadmind(8)\(ga would given the -parameters in dbdefaults in kdc.conf(5)\&. +parameters in \fI\%[dbdefaults]\fP in \fI\%kdc.conf\fP\&. .SH COMMANDS .SS create .INDENT 0.0 @@ -104,7 +104,7 @@ realm container. \fB\-k\fP \fImkeytype\fP Specifies the key type of the master key in the database. The default is given by the \fBmaster_key_type\fP variable in -kdc.conf(5)\&. +\fI\%kdc.conf\fP\&. .TP \fB\-kv\fP \fImkeyVNO\fP Specifies the version number of the master key in the database; @@ -113,7 +113,7 @@ the default is 1. Note that 0 is not allowed. \fB\-M\fP \fImkeyname\fP Specifies the principal name for the master key in the database. If not specified, the name is determined by the -\fBmaster_key_name\fP variable in kdc.conf(5)\&. +\fBmaster_key_name\fP variable in \fI\%kdc.conf\fP\&. .TP \fB\-m\fP Specifies that the master database password should be read from @@ -130,35 +130,33 @@ Specifies the stash file of the master database password. Specifies that the stash file is to be created. .TP \fB\-maxtktlife\fP \fImax_ticket_life\fP -(getdate string) Specifies maximum ticket life for +(\fI\%getdate time\fP string) Specifies maximum ticket life for principals in this realm. .TP \fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP -(getdate string) Specifies maximum renewable life of +(\fI\%getdate time\fP string) Specifies maximum renewable life of tickets for principals in this realm. .TP .B \fIticket_flags\fP Specifies global ticket flags for the realm. Allowable flags are documented in the description of the \fBadd_principal\fP command in -kadmin(1)\&. +\fI\%kadmin\fP\&. .UNINDENT .sp Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu \-r ATHENA.MIT.EDU create \-subtrees o=org \-sscope SUB -Password for "cn=admin,o=org": +Password for \(dqcn=admin,o=org\(dq: Initializing database for realm \(aqATHENA.MIT.EDU\(aq You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re\-enter KDC database master key to verify: -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS modify @@ -192,31 +190,29 @@ container object in which the principals of a realm will be created. .TP \fB\-maxtktlife\fP \fImax_ticket_life\fP -(getdate string) Specifies maximum ticket life for +(\fI\%getdate time\fP string) Specifies maximum ticket life for principals in this realm. .TP \fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP -(getdate string) Specifies maximum renewable life of +(\fI\%getdate time\fP string) Specifies maximum renewable life of tickets for principals in this realm. .TP .B \fIticket_flags\fP Specifies global ticket flags for the realm. Allowable flags are documented in the description of the \fBadd_principal\fP command in -kadmin(1)\&. +\fI\%kadmin\fP\&. .UNINDENT .sp Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX shell% kdb5_ldap_util \-r ATHENA.MIT.EDU \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu modify +requires_preauth -Password for "cn=admin,o=org": +Password for \(dqcn=admin,o=org\(dq: shell% -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS view @@ -232,11 +228,10 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu \-r ATHENA.MIT.EDU view -Password for "cn=admin,o=org": +Password for \(dqcn=admin,o=org\(dq: Realm Name: ATHENA.MIT.EDU Subtree: ou=users,o=org Subtree: ou=servers,o=org @@ -244,8 +239,7 @@ SearchScope: ONE Maximum ticket life: 0 days 01:00:00 Maximum renewable life: 0 days 10:00:00 Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS destroy @@ -266,17 +260,15 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX shell% kdb5_ldap_util \-r ATHENA.MIT.EDU \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu destroy -Password for "cn=admin,o=org": +Password for \(dqcn=admin,o=org\(dq: Deleting KDC database of \(aqATHENA.MIT.EDU\(aq, are you sure? (type \(aqyes\(aq to confirm)? yes OK, deleting database of \(aqATHENA.MIT.EDU\(aq... shell% -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS list @@ -292,17 +284,15 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX shell% kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu list -Password for "cn=admin,o=org": +Password for \(dqcn=admin,o=org\(dq: ATHENA.MIT.EDU OPENLDAP.MIT.EDU MEDIA\-LAB.MIT.EDU shell% -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS stashsrvpw @@ -325,10 +315,10 @@ default, \fB/usr/local/var/service_passwd\fP is used. .TP .B \fIname\fP Specifies the name of the object whose password is to be stored. -If krb5kdc(8) or kadmind(8) are configured for +If \fI\%krb5kdc\fP or \fI\%kadmind\fP are configured for simple binding, this should be the distinguished name it will use as given by the \fBldap_kdc_dn\fP or \fBldap_kadmind_dn\fP -variable in kdc.conf(5)\&. If the KDC or kadmind is +variable in \fI\%kdc.conf\fP\&. If the KDC or kadmind is configured for SASL binding, this should be the authentication name it will use as given by the \fBldap_kdc_sasl_authcid\fP or \fBldap_kadmind_sasl_authcid\fP variable. @@ -338,14 +328,12 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kdb5_ldap_util stashsrvpw \-f /home/andrew/conf_keyfile cn=service\-kdc,o=org -Password for "cn=service\-kdc,o=org": -Re\-enter password for "cn=service\-kdc,o=org": -.ft P -.fi +Password for \(dqcn=service\-kdc,o=org\(dq: +Re\-enter password for \(dqcn=service\-kdc,o=org\(dq: +.EE .UNINDENT .UNINDENT .SS create_policy @@ -363,18 +351,18 @@ Creates a ticket policy in the directory. Options: .INDENT 0.0 .TP \fB\-maxtktlife\fP \fImax_ticket_life\fP -(getdate string) Specifies maximum ticket life for +(\fI\%getdate time\fP string) Specifies maximum ticket life for principals. .TP \fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP -(getdate string) Specifies maximum renewable life of +(\fI\%getdate time\fP string) Specifies maximum renewable life of tickets for principals. .TP .B \fIticket_flags\fP Specifies the ticket flags. If this option is not specified, by default, no restriction will be set by the policy. Allowable flags are documented in the description of the \fBadd_principal\fP -command in kadmin(1)\&. +command in \fI\%kadmin\fP\&. .TP .B \fIpolicy_name\fP Specifies the name of the ticket policy. @@ -384,15 +372,13 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu - \-r ATHENA.MIT.EDU create_policy \-maxtktlife "1 day" - \-maxrenewlife "1 week" \-allow_postdated +needchange + \-r ATHENA.MIT.EDU create_policy \-maxtktlife \(dq1 day\(dq + \-maxrenewlife \(dq1 week\(dq \-allow_postdated +needchange \-allow_forwardable tktpolicy -Password for "cn=admin,o=org": -.ft P -.fi +Password for \(dqcn=admin,o=org\(dq: +.EE .UNINDENT .UNINDENT .SS modify_policy @@ -413,15 +399,13 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu \-r ATHENA.MIT.EDU modify_policy - \-maxtktlife "60 minutes" \-maxrenewlife "10 hours" + \-maxtktlife \(dq60 minutes\(dq \-maxrenewlife \(dq10 hours\(dq +allow_postdated \-requires_preauth tktpolicy -Password for "cn=admin,o=org": -.ft P -.fi +Password for \(dqcn=admin,o=org\(dq: +.EE .UNINDENT .UNINDENT .SS view_policy @@ -438,17 +422,15 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu \-r ATHENA.MIT.EDU view_policy tktpolicy -Password for "cn=admin,o=org": +Password for \(dqcn=admin,o=org\(dq: Ticket policy: tktpolicy Maximum ticket life: 0 days 01:00:00 Maximum renewable life: 0 days 10:00:00 Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS destroy_policy @@ -475,16 +457,14 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu \-r ATHENA.MIT.EDU destroy_policy tktpolicy -Password for "cn=admin,o=org": +Password for \(dqcn=admin,o=org\(dq: This will delete the policy object \(aqtktpolicy\(aq, are you sure? (type \(aqyes\(aq to confirm)? yes ** policy object \(aqtktpolicy\(aq deleted. -.ft P -.fi +.EE .UNINDENT .UNINDENT .SS list_policy @@ -500,25 +480,23 @@ Example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu \-r ATHENA.MIT.EDU list_policy -Password for "cn=admin,o=org": +Password for \(dqcn=admin,o=org\(dq: tktpolicy tmppolicy userpolicy -.ft P -.fi +.EE .UNINDENT .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kadmin(1), kerberos(7) +\fI\%kadmin\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kdb5_util.man b/src/man/kdb5_util.man index 9c64d646ea..d73e45f87b 100644 --- a/src/man/kdb5_util.man +++ b/src/man/kdb5_util.man @@ -65,14 +65,14 @@ specifies the Kerberos realm of the database. .TP \fB\-d\fP \fIdbname\fP specifies the name under which the principal database is stored; -by default the database is that listed in kdc.conf(5)\&. The +by default the database is that listed in \fI\%kdc.conf\fP\&. The password policy database and lock files are also derived from this value. .TP \fB\-k\fP \fImkeytype\fP specifies the key type of the master key in the database. The default is given by the \fBmaster_key_type\fP variable in -kdc.conf(5)\&. +\fI\%kdc.conf\fP\&. .TP \fB\-kv\fP \fImkeyVNO\fP Specifies the version number of the master key in the database; @@ -81,7 +81,7 @@ the default is 1. Note that 0 is not allowed. \fB\-M\fP \fImkeyname\fP principal name for the master key in the database. If not specified, the name is determined by the \fBmaster_key_name\fP -variable in kdc.conf(5)\&. +variable in \fI\%kdc.conf\fP\&. .TP \fB\-m\fP specifies that the master database password should be read from @@ -90,7 +90,7 @@ the keyboard rather than fetched from a file on disk. \fB\-sf\fP \fIstash_file\fP specifies the stash filename of the master database password. If not specified, the filename is determined by the -\fBkey_stash_file\fP variable in kdc.conf(5)\&. +\fBkey_stash_file\fP variable in \fI\%kdc.conf\fP\&. .TP \fB\-P\fP \fIpassword\fP specifies the master database password. Using this option may @@ -98,7 +98,7 @@ expose the password to other users on the system via the process list. .TP \fB\-x\fP \fIdb_args\fP -specifies database\-specific options. See kadmin(1) for +specifies database\-specific options. See \fI\%kadmin\fP for supported options. .UNINDENT .SH COMMANDS @@ -132,7 +132,7 @@ the \fB\-f\fP argument, does not prompt the user. .sp Stores the master principal\(aqs keys in a stash file. The \fB\-f\fP argument can be used to override the \fIkeyfile\fP specified in -kdc.conf(5)\&. +\fI\%kdc.conf\fP\&. .SS dump .INDENT 0.0 .INDENT 3.5 @@ -144,24 +144,24 @@ kdc.conf(5)\&. .UNINDENT .sp Dumps the current Kerberos and KADM5 database into an ASCII file. By -default, the database is dumped in current format, "kdb5_util -load_dump version 7". If filename is not specified, or is the string -"\-", the dump is sent to standard output. Options: +default, the database is dumped in current format, \(dqkdb5_util +load_dump version 7\(dq. If filename is not specified, or is the string +\(dq\-\(dq, the dump is sent to standard output. Options: .INDENT 0.0 .TP \fB\-b7\fP -causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util -load_dump version 4"). This was the dump format produced on +causes the dump to be in the Kerberos 5 Beta 7 format (\(dqkdb5_util +load_dump version 4\(dq). This was the dump format produced on releases prior to 1.2.2. .TP \fB\-r13\fP -causes the dump to be in the Kerberos 5 1.3 format ("kdb5_util -load_dump version 5"). This was the dump format produced on +causes the dump to be in the Kerberos 5 1.3 format (\(dqkdb5_util +load_dump version 5\(dq). This was the dump format produced on releases prior to 1.8. .TP \fB\-r18\fP -causes the dump to be in the Kerberos 5 1.8 format ("kdb5_util -load_dump version 6"). This was the dump format produced on +causes the dump to be in the Kerberos 5 1.8 format (\(dqkdb5_util +load_dump version 6\(dq). This was the dump format produced on releases prior to 1.11. .TP \fB\-verbose\fP @@ -218,17 +218,17 @@ Options: .TP \fB\-b7\fP requires the database to be in the Kerberos 5 Beta 7 format -("kdb5_util load_dump version 4"). This was the dump format +(\(dqkdb5_util load_dump version 4\(dq). This was the dump format produced on releases prior to 1.2.2. .TP \fB\-r13\fP -requires the database to be in Kerberos 5 1.3 format ("kdb5_util -load_dump version 5"). This was the dump format produced on +requires the database to be in Kerberos 5 1.3 format (\(dqkdb5_util +load_dump version 5\(dq). This was the dump format produced on releases prior to 1.8. .TP \fB\-r18\fP -requires the database to be in Kerberos 5 1.8 format ("kdb5_util -load_dump version 6"). This was the dump format produced on +requires the database to be in Kerberos 5 1.8 format (\(dqkdb5_util +load_dump version 6\(dq). This was the dump format produced on releases prior to 1.11. .TP \fB\-hash\fP @@ -269,12 +269,12 @@ salt types to be used for the new keys. Adds a new master key to the master key principal, but does not mark it as active. Existing master keys will remain. The \fB\-e\fP option specifies the encryption type of the new master key; see -Encryption_types in kdc.conf(5) for a list of possible +\fI\%Encryption types\fP in \fI\%kdc.conf\fP for a list of possible values. The \fB\-s\fP option stashes the new master key in the stash file, which will be created if it doesn\(aqt already exist. .sp After a new master key is added, it should be propagated to replica -servers via a manual or periodic invocation of kprop(8)\&. Then, +servers via a manual or periodic invocation of \fI\%kprop\fP\&. Then, the stash files on the replica servers should be updated with the kdb5_util \fBstash\fP command. Once those steps are complete, the key is ready to be marked active with the kdb5_util \fBuse_mkey\fP command. @@ -289,7 +289,7 @@ Sets the activation time of the master key specified by \fImkeyVNO\fP\&. Once a master key becomes active, it will be used to encrypt newly created principal keys. If no \fItime\fP argument is given, the current time is used, causing the specified master key version to become -active immediately. The format for \fItime\fP is getdate string. +active immediately. The format for \fItime\fP is \fI\%getdate time\fP string. .sp After a new master key becomes active, the kdb5_util \fBupdate_princ_encryption\fP command can be used to update all @@ -303,7 +303,7 @@ principal keys to be encrypted in the new master key. .sp List all master keys, from most recent to earliest, in the master key principal. The output will show the kvno, enctype, and salt type for -each mkey, similar to the output of kadmin(1) \fBgetprinc\fP\&. A +each mkey, similar to the output of \fI\%kadmin\fP \fBgetprinc\fP\&. A \fB*\fP following an mkey denotes the currently active master key. .SS purge_mkeys .INDENT 0.0 @@ -374,7 +374,7 @@ instead of the default tab\-separated (unquoted, unescaped) format .TP \fB\-e\fP write empty hexadecimal string fields as empty fields instead of -as "\-1". +as \(dq\-1\(dq. .TP \fB\-n\fP produce numeric output for fields that normally have symbolic @@ -389,6 +389,17 @@ output Dump types: .INDENT 0.0 .TP +\fBalias\fP +principal alias information +.INDENT 7.0 +.TP +\fBaliasname\fP +the name of the alias +.TP +\fBtargetname\fP +the target of the alias +.UNINDENT +.TP \fBkeydata\fP principal encryption key information, including actual key data (which is still encrypted in the master key) @@ -524,8 +535,7 @@ Examples: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ kdb5_util tabdump \-o keyinfo.txt keyinfo $ cat keyinfo.txt name keyindex kvno enctype salttype salt @@ -540,17 +550,16 @@ K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal sqlite> .quit $ awk \-F\(aq\et\(aq \(aq$4 ~ /aes256\-/ { print }\(aq keyinfo.txt K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1 -.ft P -.fi +.EE .UNINDENT .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kadmin(1), kerberos(7) +\fI\%kadmin\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kdc.conf.man b/src/man/kdc.conf.man index dc69b92554..5ed36be247 100644 --- a/src/man/kdc.conf.man +++ b/src/man/kdc.conf.man @@ -1,3 +1,4 @@ +'\" t .\" Man page generated from reStructuredText. . . @@ -31,9 +32,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH NAME kdc.conf \- Kerberos V5 KDC configuration file .sp -The kdc.conf file supplements krb5.conf(5) for programs which -are typically only used on a KDC, such as the krb5kdc(8) and -kadmind(8) daemons and the kdb5_util(8) program. +The kdc.conf file supplements \fI\%krb5.conf\fP for programs which +are typically only used on a KDC, such as the \fI\%krb5kdc\fP and +\fI\%kadmind\fP daemons and the \fI\%kdb5_util\fP program. Relations documented here may also be specified in krb5.conf; for the KDC programs mentioned, krb5.conf and kdc.conf will be merged into a single configuration profile. @@ -47,7 +48,7 @@ changes to take effect. .SH STRUCTURE .sp The kdc.conf file is set up in the same format as the -krb5.conf(5) file. +\fI\%krb5.conf\fP file. .SH SECTIONS .sp The kdc.conf file may contain the following sections: @@ -123,7 +124,7 @@ value is 5. .TP \fBspake_preauth_kdc_challenge\fP (String.) Specifies the group for a SPAKE optimistic challenge. -See the \fBspake_preauth_groups\fP variable in libdefaults +See the \fBspake_preauth_groups\fP variable in \fI\%[libdefaults]\fP for possible values. The default is not to issue an optimistic challenge. (New in release 1.17.) .UNINDENT @@ -136,14 +137,12 @@ to define one parameter for the ATHENA.MIT.EDU realm: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [realms] ATHENA.MIT.EDU = { max_renewable_life = 7d 0h 0m 0s } -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -152,11 +151,11 @@ The following tags may be specified in a [realms] subsection: .TP \fBacl_file\fP (String.) Location of the access control list file that -kadmind(8) uses to determine which principals are allowed +\fI\%kadmind\fP uses to determine which principals are allowed which permissions on the Kerberos database. To operate without an ACL file, set this relation to the empty string with \fBacl_file = -""\fP\&. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. For more -information on Kerberos ACL file see kadm5.acl(5)\&. +\(dq\(dq\fP\&. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. For more +information on Kerberos ACL file see \fI\%kadm5.acl\fP\&. .TP \fBdatabase_module\fP (String.) This relation indicates the name of the configuration @@ -172,7 +171,7 @@ and the \fI\%[dbmodules]\fP configuration section does not specify a database name. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP\&. .TP \fBdefault_principal_expiration\fP -(abstime string.) Specifies the default expiration date of +(\fI\%Absolute time\fP string.) Specifies the default expiration date of principals created in this realm. The default value is 0, which means no expiration date. .TP @@ -311,7 +310,7 @@ release 1.17. Its value is used as a fallback if .TP \fBiprop_listen\fP (Whitespace\- or comma\-separated list.) Specifies the iprop RPC -listening addresses and/or ports for the kadmind(8) daemon. +listening addresses and/or ports for the \fI\%kadmind\fP daemon. Each entry may be an interface address, a port number, or an address and port number separated by a colon. If the address contains colons, enclose it in square brackets. If no address is @@ -328,7 +327,7 @@ relation is required in the replica KDC configuration file, and this relation or \fBiprop_listen\fP is required in the primary configuration file, as there is no default port number. Port numbers specified in \fBiprop_listen\fP entries will override this -port number for the kadmind(8) daemon. +port number for the \fI\%kadmind\fP daemon. .TP \fBiprop_resync_timeout\fP (Delta time string.) Specifies the amount of time to wait for a @@ -349,18 +348,20 @@ default value will not use values from the [dbmodules] section.) .TP \fBkadmind_listen\fP (Whitespace\- or comma\-separated list.) Specifies the kadmin RPC -listening addresses and/or ports for the kadmind(8) daemon. -Each entry may be an interface address, a port number, or an -address and port number separated by a colon. If the address -contains colons, enclose it in square brackets. If no address is -specified, the wildcard address is used. If kadmind fails to bind -to any of the specified addresses, it will fail to start. The -default is to bind to the wildcard address at the port specified -in \fBkadmind_port\fP, or the standard kadmin port (749). New in -release 1.15. +listening addresses and/or ports for the \fI\%kadmind\fP daemon. +Each entry may be an interface address, a port number, an address +and port number separated by a colon, or a UNIX domain socket +pathname. If the address contains colons, enclose it in square +brackets. If no address is specified, the wildcard address is +used. To disable listening for kadmin RPC connections, set this +relation to the empty string with \fBkadmind_listen = \(dq\(dq\fP\&. If +kadmind fails to bind to any of the specified addresses, it will +fail to start. The default is to bind to the wildcard address at +the port specified in \fBkadmind_port\fP, or the standard kadmin +port (749). New in release 1.15. .TP \fBkadmind_port\fP -(Port number.) Specifies the port on which the kadmind(8) +(Port number.) Specifies the port on which the \fI\%kadmind\fP daemon is to listen for this realm. Port numbers specified in \fBkadmind_listen\fP entries will override this port number. The assigned port for kadmind is 749, which is used by default. @@ -370,57 +371,57 @@ assigned port for kadmind is 749, which is used by default. stored (via kdb5_util stash). The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/.k5.REALM\fP, where \fIREALM\fP is the Kerberos realm. .TP \fBkdc_listen\fP -(Whitespace\- or comma\-separated list.) Specifies the UDP -listening addresses and/or ports for the krb5kdc(8) daemon. -Each entry may be an interface address, a port number, or an -address and port number separated by a colon. If the address -contains colons, enclose it in square brackets. If no address is -specified, the wildcard address is used. If no port is specified, -the standard port (88) is used. If the KDC daemon fails to bind -to any of the specified addresses, it will fail to start. The -default is to bind to the wildcard address on the standard port. -New in release 1.15. +(Whitespace\- or comma\-separated list.) Specifies the listening +addresses and/or ports for the \fI\%krb5kdc\fP daemon. Each +entry may be an interface address, a port number, an address and +port number separated by a colon, or a UNIX domain socket +pathname. If the address contains colons, enclose it in square +brackets. If no address is specified, the wildcard address is +used. If no port is specified, the standard port (88) is used. +To disable listening on UDP, set this relation to the empty string +with \fBkdc_listen = \(dq\(dq\fP\&. If the KDC daemon fails to bind to any +of the specified addresses, it will fail to start. The default is +to bind to the wildcard address on the standard port. New in +release 1.15. .TP \fBkdc_ports\fP (Whitespace\- or comma\-separated list, deprecated.) Prior to release 1.15, this relation lists the ports for the -krb5kdc(8) daemon to listen on for UDP requests. In +\fI\%krb5kdc\fP daemon to listen on for UDP requests. In release 1.15 and later, it has the same meaning as \fBkdc_listen\fP if that relation is not defined. .TP \fBkdc_tcp_listen\fP (Whitespace\- or comma\-separated list.) Specifies the TCP -listening addresses and/or ports for the krb5kdc(8) daemon. -Each entry may be an interface address, a port number, or an -address and port number separated by a colon. If the address -contains colons, enclose it in square brackets. If no address is -specified, the wildcard address is used. If no port is specified, -the standard port (88) is used. To disable listening on TCP, set -this relation to the empty string with \fBkdc_tcp_listen = ""\fP\&. -If the KDC daemon fails to bind to any of the specified addresses, -it will fail to start. The default is to bind to the wildcard -address on the standard port. New in release 1.15. +listening addresses and/or ports for the \fI\%krb5kdc\fP daemon. +The syntax is identical to that of \fBkdc_listen\fP\&. To disable +listening on TCP, set this relation to the empty string with +\fBkdc_tcp_listen = \(dq\(dq\fP\&. The default is to bind to the same +addresses and ports as for UDP. New in release 1.15. .TP \fBkdc_tcp_ports\fP (Whitespace\- or comma\-separated list, deprecated.) Prior to release 1.15, this relation lists the ports for the -krb5kdc(8) daemon to listen on for UDP requests. In +\fI\%krb5kdc\fP daemon to listen on for UDP requests. In release 1.15 and later, it has the same meaning as \fBkdc_tcp_listen\fP if that relation is not defined. .TP \fBkpasswd_listen\fP -(Comma\-separated list.) Specifies the kpasswd listening addresses -and/or ports for the kadmind(8) daemon. Each entry may be -an interface address, a port number, or an address and port number -separated by a colon. If the address contains colons, enclose it -in square brackets. If no address is specified, the wildcard -address is used. If kadmind fails to bind to any of the specified -addresses, it will fail to start. The default is to bind to the -wildcard address at the port specified in \fBkpasswd_port\fP, or the -standard kpasswd port (464). New in release 1.15. +(Comma\-separated list.) Specifies the kpasswd listening +addresses and/or ports for the \fI\%kadmind\fP daemon. Each +entry may be an interface address, a port number, an address and +port number separated by a colon, or a UNIX domain socket +pathname. If the address contains colons, enclose it in square +brackets. If no address is specified, the wildcard address is +used. To disable listening for kpasswd requests, set this +relation to the empty string with \fBkpasswd_listen = \(dq\(dq\fP\&. If +kadmind fails to bind to any of the specified addresses, it will +fail to start. The default is to bind to the wildcard address at +the port specified in \fBkpasswd_port\fP, or the standard kpasswd +port (464). New in release 1.15. .TP \fBkpasswd_port\fP -(Port number.) Specifies the port on which the kadmind(8) +(Port number.) Specifies the port on which the \fI\%kadmind\fP daemon is to listen for password change requests for this realm. Port numbers specified in \fBkpasswd_listen\fP entries will override this port number. The assigned port for password change requests @@ -436,12 +437,12 @@ default value for this is \fBaes256\-cts\-hmac\-sha1\-96\fP\&. For a list of al values, see \fI\%Encryption types\fP\&. .TP \fBmax_life\fP -(duration string.) Specifies the maximum time period for +(\fI\%Time duration\fP string.) Specifies the maximum time period for which a ticket may be valid in this realm. The default value is 24 hours. .TP \fBmax_renewable_life\fP -(duration string.) Specifies the maximum time period +(\fI\%Time duration\fP string.) Specifies the maximum time period during which a valid ticket may be renewed in this realm. The default value is 0. .TP @@ -456,7 +457,7 @@ disable referral processing altogether. (Boolean value.) If set to true, the KDC will check the list of transited realms for cross\-realm tickets against the transit path computed from the realm names and the capaths section of its -krb5.conf(5) file; if the path in the ticket to be issued +\fI\%krb5.conf\fP file; if the path in the ticket to be issued contains any realms not in the computed path, the ticket will not be issued, and an error will be returned to the client instead. If this value is set to false, such tickets will be issued @@ -490,7 +491,7 @@ specified multiple times. New in release 1.17. \fBsupported_enctypes\fP (List of \fIkey\fP:\fIsalt\fP strings.) Specifies the default key/salt combinations of principals for this realm. Any principals created -through kadmin(1) will have keys of these types. The +through \fI\%kadmin\fP will have keys of these types. The default value for this tag is \fBaes256\-cts\-hmac\-sha1\-96:normal aes128\-cts\-hmac\-sha1\-96:normal\fP\&. For lists of possible values, see \fI\%Keysalt lists\fP\&. .UNINDENT @@ -538,14 +539,12 @@ define one database parameter for the ATHENA.MIT.EDU realm: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [dbmodules] ATHENA.MIT.EDU = { disable_last_success = true } -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -562,16 +561,16 @@ value should be \fBdb2\fP for the DB2 module, \fBklmdb\fP for the LMDB module, or \fBkldap\fP for the LDAP module. .TP \fBdisable_last_success\fP -If set to \fBtrue\fP, suppresses KDC updates to the "Last successful -authentication" field of principal entries requiring +If set to \fBtrue\fP, suppresses KDC updates to the \(dqLast successful +authentication\(dq field of principal entries requiring preauthentication. Setting this flag may improve performance. (Principal entries which do not require preauthentication never -update the "Last successful authentication" field.). First +update the \(dqLast successful authentication\(dq field.). First introduced in release 1.9. .TP \fBdisable_lockout\fP -If set to \fBtrue\fP, suppresses KDC updates to the "Last failed -authentication" and "Failed password attempts" fields of principal +If set to \fBtrue\fP, suppresses KDC updates to the \(dqLast failed +authentication\(dq and \(dqFailed password attempts\(dq fields of principal entries requiring preauthentication. Setting this flag may improve performance, but also disables account lockout. First introduced in release 1.9. @@ -582,8 +581,8 @@ maintained per LDAP server. .TP \fBldap_kdc_dn\fP and \fBldap_kadmind_dn\fP These LDAP\-specific tags indicate the default DN for binding to -the LDAP server. The krb5kdc(8) daemon uses -\fBldap_kdc_dn\fP, while the kadmind(8) daemon and other +the LDAP server. The \fI\%krb5kdc\fP daemon uses +\fBldap_kdc_dn\fP, while the \fI\%kadmind\fP daemon and other administrative programs use \fBldap_kadmind_dn\fP\&. The kadmind DN must have the rights to read and write the Kerberos data in the LDAP database. The KDC DN must have the same rights, unless @@ -637,7 +636,7 @@ for SASL authentication. This file must be kept secure. \fBmapsize\fP This LMDB\-specific tag indicates the maximum size of the two database environments in megabytes. The default value is 128. -Increase this value to address "Environment mapsize limit reached" +Increase this value to address \(dqEnvironment mapsize limit reached\(dq errors. New in release 1.17. .TP \fBmax_readers\fP @@ -670,16 +669,16 @@ modules. The value should be an absolute path. .UNINDENT .SS [logging] .sp -The [logging] section indicates how krb5kdc(8) and -kadmind(8) perform logging. It may contain the following +The [logging] section indicates how \fI\%krb5kdc\fP and +\fI\%kadmind\fP perform logging. It may contain the following relations: .INDENT 0.0 .TP \fBadmin_server\fP -Specifies how kadmind(8) performs logging. +Specifies how \fI\%kadmind\fP performs logging. .TP \fBkdc\fP -Specifies how krb5kdc(8) performs logging. +Specifies how \fI\%krb5kdc\fP performs logging. .TP \fBdefault\fP Specifies how either daemon performs logging in the absence of @@ -736,15 +735,13 @@ to the file \fB/var/adm/kadmin.log\fP and sent to the device .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [logging] kdc = CONSOLE kdc = SYSLOG:INFO:DAEMON admin_server = FILE:/var/adm/kadmin.log admin_server = DEVICE=/dev/tty04 -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -799,8 +796,7 @@ In the following example, requests are sent to a remote server via UDP: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [otp] MyRemoteTokenType = { server = radius.mydomain.com:1812 @@ -809,8 +805,7 @@ In the following example, requests are sent to a remote server via UDP: retries = 5 strip_realm = true } -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -821,14 +816,12 @@ something applicable for your situation: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [otp] DEFAULT = { strip_realm = false } -.ft P -.fi +.EE .UNINDENT .UNINDENT .SH PKINIT OPTIONS @@ -849,14 +842,12 @@ realm\-specific subsection of [realms]: .INDENT 3.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [realms] EXAMPLE.COM = { pkinit_anchors = FILE:/usr/local/example.com.crt } -.ft P -.fi +.EE .UNINDENT .UNINDENT .IP 2. 3 @@ -864,19 +855,17 @@ generic value in the [kdcdefaults] section: .INDENT 3.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [kdcdefaults] pkinit_anchors = DIR:/usr/local/generic_trusted_cas/ -.ft P -.fi +.EE .UNINDENT .UNINDENT .UNINDENT .sp For information about the syntax of some of these options, see -Specifying PKINIT identity information in -krb5.conf(5)\&. +\fI\%Specifying PKINIT identity information\fP in +\fI\%krb5.conf\fP\&. .INDENT 0.0 .TP \fBpkinit_anchors\fP @@ -970,7 +959,7 @@ in PKINIT requests. The default value is false. (New in release .sp Any tag in the configuration files which requires a list of encryption types can be set to some combination of the following strings. -Encryption types marked as "weak" and "deprecated" are available for +Encryption types marked as \(dqweak\(dq and \(dqdeprecated\(dq are available for compatibility but not recommended for use. .TS center; @@ -1064,11 +1053,11 @@ _ .sp The string \fBDEFAULT\fP can be used to refer to the default set of types for the variable in question. Types or families can be removed -from the current list by prefixing them with a minus sign ("\-"). -Types or families can be prefixed with a plus sign ("+") for symmetry; +from the current list by prefixing them with a minus sign (\(dq\-\(dq). +Types or families can be prefixed with a plus sign (\(dq+\(dq) for symmetry; it has the same meaning as just listing the type or family. For -example, "\fBDEFAULT \-rc4\fP" would be the default set of encryption -types with RC4 types removed, and "\fBdes3 DEFAULT\fP" would be the +example, \(dq\fBDEFAULT \-rc4\fP\(dq would be the default set of encryption +types with RC4 types removed, and \(dq\fBdes3 DEFAULT\fP\(dq would be the default set of encryption types with triple DES types moved to the front. .sp @@ -1086,18 +1075,16 @@ encryption types in the KDC database. .sp Kerberos keys for users are usually derived from passwords. Kerberos commands and configuration parameters that affect generation of keys -take lists of enctype\-salttype ("keysalt") pairs, known as \fIkeysalt +take lists of enctype\-salttype (\(dqkeysalt\(dq) pairs, known as \fIkeysalt lists\fP\&. Each keysalt pair is an enctype name followed by a salttype name, in the format \fIenc\fP:\fIsalt\fP\&. Individual keysalt list members are -separated by comma (",") characters or space characters. For example: +separated by comma (\(dq,\(dq) characters or space characters. For example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kadmin \-e aes256\-cts:normal,aes128\-cts:normal -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -1144,8 +1131,7 @@ Here\(aqs an example of a kdc.conf file: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [kdcdefaults] kdc_listen = 88 kdc_tcp_listen = 88 @@ -1170,18 +1156,17 @@ Here\(aqs an example of a kdc.conf file: openldap_ldapconf = { db_library = kldap disable_last_success = true - ldap_kdc_dn = "cn=krbadmin,dc=mit,dc=edu" + ldap_kdc_dn = \(dqcn=krbadmin,dc=mit,dc=edu\(dq # this object needs to have read rights on # the realm container and principal subtrees - ldap_kadmind_dn = "cn=krbadmin,dc=mit,dc=edu" + ldap_kadmind_dn = \(dqcn=krbadmin,dc=mit,dc=edu\(dq # this object needs to have read and write rights on # the realm container and principal subtrees ldap_service_password_file = /etc/kerberos/service.keyfile ldap_servers = ldaps://kerberos.mit.edu ldap_conns_per_server = 5 } -.ft P -.fi +.EE .UNINDENT .UNINDENT .SH FILES @@ -1189,7 +1174,7 @@ Here\(aqs an example of a kdc.conf file: \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kdc.conf\fP .SH SEE ALSO .sp -krb5.conf(5), krb5kdc(8), kadm5.acl(5) +\fI\%krb5.conf\fP, \fI\%krb5kdc\fP, \fI\%kadm5.acl\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kdestroy.man b/src/man/kdestroy.man index c21ed3d5ea..e8e400f691 100644 --- a/src/man/kdestroy.man +++ b/src/man/kdestroy.man @@ -76,7 +76,7 @@ your .logout file, so that your tickets are destroyed automatically when you log out. .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH FILES .INDENT 0.0 @@ -86,7 +86,7 @@ Default location of Kerberos 5 credentials cache .UNINDENT .SH SEE ALSO .sp -kinit(1), klist(1), kerberos(7) +\fI\%kinit\fP, \fI\%klist\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kerberos.man b/src/man/kerberos.man index f40b877bd8..27179f22ae 100644 --- a/src/man/kerberos.man +++ b/src/man/kerberos.man @@ -37,7 +37,7 @@ environment. After authenticating yourself to Kerberos, you can use Kerberos\-enabled programs without having to present passwords or certificates to those programs. .sp -If you receive the following response from kinit(1): +If you receive the following response from \fI\%kinit\fP: .sp kinit: Client not found in Kerberos database while getting initial credentials @@ -61,19 +61,17 @@ might be in realm EXAMPLE.COM). .sp When writing a Kerberos name, the principal name is separated from the instance (if not null) by a slash, and the realm (if not the local -realm) follows, preceded by an "@" sign. The following are examples +realm) follows, preceded by an \(dq@\(dq sign. The following are examples of valid Kerberos names: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX david jennifer/admin joeuser@BLEEP.COM cbrown/root@FUBAR.ORG -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -89,13 +87,13 @@ or \fBadmin\fP, to expire in a few minutes, while tickets that carry more ordinary privileges may be good for several hours or a day. If your login session extends beyond the time limit, you will have to re\-authenticate yourself to Kerberos to get new tickets using the -kinit(1) command. +\fI\%kinit\fP command. .sp Some tickets are \fBrenewable\fP beyond their initial lifetime. This means that \fBkinit \-R\fP can extend their lifetime without requiring you to re\-authenticate. .sp -If you wish to delete your local tickets, use the kdestroy(1) +If you wish to delete your local tickets, use the \fI\%kdestroy\fP command. .sp Kerberos tickets can be forwarded. In order to forward tickets, you @@ -164,7 +162,7 @@ or \fB/var/tmp\fP if \fBTMPDIR\fP is not set. Specifies a filename to write trace log output to. Trace logs can help illuminate decisions made internally by the Kerberos libraries. For example, \fBenv KRB5_TRACE=/dev/stderr kinit\fP -would send tracing information for kinit(1) to +would send tracing information for \fI\%kinit\fP to \fB/dev/stderr\fP\&. The default is not to write trace log output anywhere. .TP @@ -173,7 +171,7 @@ Default client keytab file name. If unset, \fB@CKTNAME@\fP will be used). .TP \fBKPROP_PORT\fP -kprop(8) port to use. Defaults to 754. +\fI\%kprop\fP port to use. Defaults to 754. .TP \fBGSS_MECH_CONFIG\fP Specifies a filename containing GSSAPI mechanism module @@ -187,10 +185,10 @@ login system programs and setuid programs, which are designed to be secure when run within an untrusted process environment. .SH SEE ALSO .sp -kdestroy(1), kinit(1), klist(1), -kswitch(1), kpasswd(1), ksu(1), -krb5.conf(5), kdc.conf(5), kadmin(1), -kadmind(8), kdb5_util(8), krb5kdc(8) +\fI\%kdestroy\fP, \fI\%kinit\fP, \fI\%klist\fP, +\fI\%kswitch\fP, \fI\%kpasswd\fP, \fI\%ksu\fP, +\fI\%krb5.conf\fP, \fI\%kdc.conf\fP, \fI\%kadmin\fP, +\fI\%kadmind\fP, \fI\%kdb5_util\fP, \fI\%krb5kdc\fP .SH BUGS .SH AUTHORS .nf diff --git a/src/man/kinit.man b/src/man/kinit.man index 6a8da39e02..33286d5b00 100644 --- a/src/man/kinit.man +++ b/src/man/kinit.man @@ -68,7 +68,7 @@ choice of principal name. display verbose output. .TP \fB\-l\fP \fIlifetime\fP -(duration string.) Requests a ticket with the lifetime +(\fI\%Time duration\fP string.) Requests a ticket with the lifetime \fIlifetime\fP\&. .sp For example, \fBkinit \-l 5:30\fP or \fBkinit \-l 5h30m\fP\&. @@ -79,7 +79,7 @@ longer than the maximum ticket lifetime (configured by each site) will not override the configured maximum ticket lifetime. .TP \fB\-s\fP \fIstart_time\fP -(duration string.) Requests a postdated ticket. Postdated +(\fI\%Time duration\fP string.) Requests a postdated ticket. Postdated tickets are issued with the \fBinvalid\fP flag set, and need to be resubmitted to the KDC for validation before use. .sp @@ -87,7 +87,7 @@ resubmitted to the KDC for validation before use. can become valid. .TP \fB\-r\fP \fIrenewable_life\fP -(duration string.) Requests renewable tickets, with a total +(\fI\%Time duration\fP string.) Requests renewable tickets, with a total lifetime of \fIrenewable_life\fP\&. .TP \fB\-f\fP @@ -128,9 +128,9 @@ expired ticket cannot be renewed, even if the ticket is still within its renewable life. .sp Note that renewable tickets that have expired as reported by -klist(1) may sometimes be renewed using this option, +\fI\%klist\fP may sometimes be renewed using this option, because the KDC applies a grace period to account for client\-KDC -clock skew. See krb5.conf(5) \fBclockskew\fP setting. +clock skew. See \fI\%krb5.conf\fP \fBclockskew\fP setting. .TP \fB\-k\fP [\fB\-i\fP | \fB\-t\fP \fIkeytab_file\fP] requests a ticket, obtained from a key in the local host\(aqs keytab. @@ -149,7 +149,7 @@ Requests anonymous processing. Two types of anonymous principals are supported. .sp For fully anonymous Kerberos, configure pkinit on the KDC and -configure \fBpkinit_anchors\fP in the client\(aqs krb5.conf(5)\&. +configure \fBpkinit_anchors\fP in the client\(aqs \fI\%krb5.conf\fP\&. Then use the \fB\-n\fP option with a principal of the form \fB@REALM\fP (an empty principal name followed by the at\-sign and a realm name). If permitted by the KDC, an anonymous ticket will be @@ -208,7 +208,7 @@ specify a pre\-authentication \fIattribute\fP and \fIvalue\fP to be interpreted by pre\-authentication modules. The acceptable attribute and value values vary from module to module. This option may be specified multiple times to specify multiple -attributes. If no value is specified, it is assumed to be "yes". +attributes. If no value is specified, it is assumed to be \(dqyes\(dq. .sp The following attributes are recognized by the PKINIT pre\-authentication mechanism: @@ -233,7 +233,7 @@ supported. .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH FILES .INDENT 0.0 @@ -246,7 +246,7 @@ default location for the local host\(aqs keytab. .UNINDENT .SH SEE ALSO .sp -klist(1), kdestroy(1), kerberos(7) +\fI\%klist\fP, \fI\%kdestroy\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/klist.man b/src/man/klist.man index 10431cc566..3f5c1dd298 100644 --- a/src/man/klist.man +++ b/src/man/klist.man @@ -70,8 +70,7 @@ abbreviations: .INDENT 7.0 .INDENT 3.5 .sp -.nf -.ft C +.EX F Forwardable f forwarded P Proxiable @@ -86,8 +85,7 @@ A preAuthenticated T Transit policy checked O Okay as delegate a anonymous -.ft P -.fi +.EE .UNINDENT .UNINDENT .TP @@ -136,7 +134,7 @@ appropriate. If the \fBKRB5CCNAME\fP environment variable is set, its value is used to locate the default ticket cache. .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH FILES .INDENT 0.0 @@ -149,7 +147,7 @@ Default location for the local host\(aqs keytab file. .UNINDENT .SH SEE ALSO .sp -kinit(1), kdestroy(1), kerberos(7) +\fI\%kinit\fP, \fI\%kdestroy\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kpasswd.man b/src/man/kpasswd.man index 7c54b25c0c..918dbbf3c6 100644 --- a/src/man/kpasswd.man +++ b/src/man/kpasswd.man @@ -55,11 +55,11 @@ identity of the user invoking the kpasswd command. .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kadmin(1), kadmind(8), kerberos(7) +\fI\%kadmin\fP, \fI\%kadmind\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kprop.man b/src/man/kprop.man index 5bd294e50d..91f8394daf 100644 --- a/src/man/kprop.man +++ b/src/man/kprop.man @@ -44,7 +44,7 @@ kprop \- propagate a Kerberos V5 principal database to a replica server kprop is used to securely propagate a Kerberos V5 database dump file from the primary Kerberos server to a replica Kerberos server, which is specified by \fIreplica_host\fP\&. The dump file must be created by -kdb5_util(8)\&. +\fI\%kdb5_util\fP\&. .SH OPTIONS .INDENT 0.0 .TP @@ -57,7 +57,7 @@ to be found; by default the dumped database file is normally \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/replica_datatrans\fP\&. .TP \fB\-P\fP \fIport\fP -Specifies the port to use to contact the kpropd(8) server +Specifies the port to use to contact the \fI\%kpropd\fP server on the remote host. .TP \fB\-d\fP @@ -68,12 +68,12 @@ Specifies the location of the keytab file. .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kpropd(8), kdb5_util(8), krb5kdc(8), -kerberos(7) +\fI\%kpropd\fP, \fI\%kdb5_util\fP, \fI\%krb5kdc\fP, +\fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kpropd.man b/src/man/kpropd.man index c98ddcc13e..2740ed711a 100644 --- a/src/man/kpropd.man +++ b/src/man/kpropd.man @@ -47,15 +47,15 @@ kpropd \- Kerberos V5 replica KDC update server .SH DESCRIPTION .sp The \fIkpropd\fP command runs on the replica KDC server. It listens for -update requests made by the kprop(8) program. If incremental +update requests made by the \fI\%kprop\fP program. If incremental propagation is enabled, it periodically requests incremental updates from the primary KDC. .sp When the replica receives a kprop request from the primary, kpropd accepts the dumped KDC database and places it in a file, and then runs -kdb5_util(8) to load the dumped database into the active -database which is used by krb5kdc(8)\&. This allows the primary -Kerberos server to use kprop(8) to propagate its database to +\fI\%kdb5_util\fP to load the dumped database into the active +database which is used by \fI\%krb5kdc\fP\&. This allows the primary +Kerberos server to use \fI\%kprop\fP to propagate its database to the replica servers. Upon a successful download of the KDC database file, the replica Kerberos server will have an up\-to\-date KDC database. @@ -66,11 +66,9 @@ the \fB/etc/inetd.conf\fP file which looks like this: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -84,18 +82,18 @@ kpropd in standalone mode; this option is now accepted for backward compatibility but does nothing. .sp Incremental propagation may be enabled with the \fBiprop_enable\fP -variable in kdc.conf(5)\&. If incremental propagation is +variable in \fI\%kdc.conf\fP\&. If incremental propagation is enabled, the replica periodically polls the primary KDC for updates, at an interval determined by the \fBiprop_replica_poll\fP variable. If the replica receives updates, kpropd updates its log file with any updates -from the primary. kproplog(8) can be used to view a summary of +from the primary. \fI\%kproplog\fP can be used to view a summary of the update entry log on the replica KDC. If incremental propagation is enabled, the principal \fBkiprop/replicahostname@REALM\fP (where \fIreplicahostname\fP is the name of the replica KDC host, and \fIREALM\fP is the name of the Kerberos realm) must be present in the replica\(aqs keytab file. .sp -kproplog(8) can be used to force full replication when iprop is +\fI\%kproplog\fP can be used to force full replication when iprop is enabled. .SH OPTIONS .INDENT 0.0 @@ -115,7 +113,7 @@ to be stored; by default the dumped database file is \fB@LOCALSTATEDIR@\fP\fB/kr Path to the Kerberos database file, if not the default. .TP \fB\-p\fP -Allows the user to specify the pathname to the kdb5_util(8) +Allows the user to specify the pathname to the \fI\%kdb5_util\fP program; by default the pathname used is \fB@SBINDIR@\fP\fB/kdb5_util\fP\&. .TP \fB\-D\fP @@ -144,7 +142,7 @@ In standalone mode, write the process ID of the daemon into Path to a keytab to use for acquiring acceptor credentials. .TP \fB\-x\fP \fIdb_args\fP -Database\-specific arguments. See Database Options in kadmin(1) for supported arguments. +Database\-specific arguments. See \fI\%Database Options\fP in \fI\%kadmin\fP for supported arguments. .UNINDENT .SH FILES .INDENT 0.0 @@ -153,16 +151,16 @@ Database\-specific arguments. See Database Options in kadmin(1) for supported a Access file for kpropd; the default location is \fB/usr/local/var/krb5kdc/kpropd.acl\fP\&. Each entry is a line containing the principal of a host from which the local machine -will allow Kerberos database propagation via kprop(8)\&. +will allow Kerberos database propagation via \fI\%kprop\fP\&. .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kprop(8), kdb5_util(8), krb5kdc(8), -kerberos(7), inetd(8) +\fI\%kprop\fP, \fI\%kdb5_util\fP, \fI\%krb5kdc\fP, +\fI\%kerberos\fP, inetd(8) .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kproplog.man b/src/man/kproplog.man index 172420581d..7a00879a2e 100644 --- a/src/man/kproplog.man +++ b/src/man/kproplog.man @@ -39,8 +39,8 @@ kproplog \- display the contents of the Kerberos principal update log The kproplog command displays the contents of the KDC database update log to standard output. It can be used to keep track of incremental updates to the principal database. The update log file contains the -update log maintained by the kadmind(8) process on the primary -KDC server and the kpropd(8) process on the replica KDC +update log maintained by the \fI\%kadmind\fP process on the primary +KDC server and the \fI\%kpropd\fP process on the replica KDC servers. When updates occur, they are logged to this file. Subsequently any KDC replica configured for incremental updates will request the current data from the primary KDC and update their log @@ -79,8 +79,7 @@ output generated for one entry: .INDENT 7.0 .INDENT 3.5 .sp -.nf -.ft C +.EX Update Entry Update serial # : 4 Update operation : Add @@ -95,18 +94,17 @@ Update Entry Modifying principal Modification time TL data -.ft P -.fi +.EE .UNINDENT .UNINDENT .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kpropd(8), kerberos(7) +\fI\%kpropd\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/krb5-config.man b/src/man/krb5-config.man index ac51dcdc00..685db45f9e 100644 --- a/src/man/krb5-config.man +++ b/src/man/krb5-config.man @@ -1,3 +1,4 @@ +'\" t .\" Man page generated from reStructuredText. . . @@ -122,17 +123,15 @@ the following output: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX shell% krb5\-config \-\-libs krb5 \-L/opt/krb5/lib \-Wl,\-rpath \-Wl,/opt/krb5/lib \-L/usr/local/lib \-lkrb5 \-lk5crypto \-lcom_err -.ft P -.fi +.EE .UNINDENT .UNINDENT .SH SEE ALSO .sp -kerberos(7), cc(1) +\fI\%kerberos\fP, cc(1) .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man index 7f81ee5024..d4caa2bd33 100644 --- a/src/man/krb5.conf.man +++ b/src/man/krb5.conf.man @@ -1,3 +1,4 @@ +'\" t .\" Man page generated from reStructuredText. . . @@ -53,11 +54,9 @@ the form: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX foo = bar -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -65,14 +64,12 @@ or: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX fubar = { foo = bar baz = quux } -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -81,12 +78,10 @@ following directives at the beginning of a line: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX include FILENAME includedir DIRNAME -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -94,8 +89,8 @@ includedir DIRNAME directory must exist and be readable. Including a directory includes all files within the directory whose names consist solely of alphanumeric characters, dashes, or underscores. Starting in release -1.15, files with names ending in ".conf" are also included, unless the -name begins with ".". Included profile files are syntactically +1.15, files with names ending in \(dq.conf\(dq are also included, unless the +name begins with \(dq.\(dq. Included profile files are syntactically independent of their parents, so each included file must begin with a section header. Starting in release 1.17, files are read in alphanumeric order; in previous releases, they may be read in any @@ -118,18 +113,16 @@ headers: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX module MODULEPATH:RESIDUAL -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp \fIMODULEPATH\fP may be relative to the library path of the krb5 installation, or it may be an absolute path. \fIRESIDUAL\fP is provided to the module at initialization time. If krb5.conf uses a module -directive, kdc.conf(5) should also use one if it exists. +directive, \fI\%kdc.conf\fP should also use one if it exists. .SH SECTIONS .sp The krb5.conf file may contain the following sections: @@ -176,7 +169,7 @@ _ .TE .sp Additionally, krb5.conf may include any of the relations described in -kdc.conf(5), but it is not a recommended practice. +\fI\%kdc.conf\fP, but it is not a recommended practice. .SS [libdefaults] .sp The libdefaults section may contain any of the following relations: @@ -196,7 +189,7 @@ release 1.21.) .TP \fBallow_weak_crypto\fP If this flag is set to false, then weak encryption types (as noted -in Encryption_types in kdc.conf(5)) will be filtered +in \fI\%Encryption types\fP in \fI\%kdc.conf\fP) will be filtered out of the lists \fBdefault_tgs_enctypes\fP, \fBdefault_tkt_enctypes\fP, and \fBpermitted_enctypes\fP\&. The default value for this tag is false. @@ -209,7 +202,7 @@ principal will be accepted. The default value is false. .TP \fBccache_type\fP This parameter determines the format of credential cache types -created by kinit(1) or other programs. The default value +created by \fI\%kinit\fP or other programs. The default value is 4, which represents the most current format. Smaller values can be used for compatibility with very old implementations of Kerberos which interact with credential caches on the same host. @@ -250,14 +243,14 @@ expansion (see below). New in release 1.18. Identifies the default Kerberos realm for the client. Set its value to your Kerberos realm. If this value is not set, then a realm must be specified with every Kerberos principal when -invoking programs such as kinit(1)\&. +invoking programs such as \fI\%kinit\fP\&. .TP \fBdefault_tgs_enctypes\fP Identifies the supported list of session key encryption types that the client should request when making a TGS\-REQ, in order of preference from highest to lowest. The list may be delimited with -commas or whitespace. See Encryption_types in -kdc.conf(5) for a list of the accepted values for this tag. +commas or whitespace. See \fI\%Encryption types\fP in +\fI\%kdc.conf\fP for a list of the accepted values for this tag. Starting in release 1.18, the default value is the value of \fBpermitted_enctypes\fP\&. For previous releases or if \fBpermitted_enctypes\fP is not set, the default value is @@ -356,7 +349,7 @@ default value is false. New in release 1.10. .TP \fBk5login_authoritative\fP If this flag is true, principals must be listed in a local user\(aqs -k5login file to be granted login access, if a \&.k5login(5) +k5login file to be granted login access, if a \fI\%\&.k5login\fP file exists. If this flag is false, a principal may still be granted login access through other mechanisms even if a k5login file exists but does not list the principal. The default value is @@ -419,7 +412,7 @@ parameter expansion (see below) in release 1.17 and later. \fBpreferred_preauth_types\fP This allows you to set the preferred preauthentication types which the client will attempt before others which may be advertised by a -KDC. The default value for this setting is "17, 16, 15, 14", +KDC. The default value for this setting is \(dq17, 16, 15, 14\(dq, which forces libkrb5 to attempt to use PKINIT if it is supported. .TP \fBproxiable\fP @@ -433,7 +426,7 @@ single\-component hostnames when DNS canonicalization is not used forward canonicalization failed). The default value is the first search domain of the system\(aqs DNS configuration. To disable qualification of shortnames, set this relation to the empty string -with \fBqualify_shortname = ""\fP\&. (New in release 1.18.) +with \fBqualify_shortname = \(dq\(dq\fP\&. (New in release 1.18.) .TP \fBrdns\fP If this flag is true, reverse name lookup will be used in addition @@ -452,11 +445,11 @@ realm, which may involve consulting DNS if \fBdns_lookup_kdc\fP is set. The default is not to search domain components. .TP \fBrenew_lifetime\fP -(duration string.) Sets the default renewable lifetime +(\fI\%Time duration\fP string.) Sets the default renewable lifetime for initial ticket requests. The default value is 0. .TP \fBrequest_timeout\fP -(duration string.) Sets the maximum total time for KDC and +(\fI\%Time duration\fP string.) Sets the maximum total time for KDC and password change requests. This timeout does not affect the intervals between requests, so setting a low timeout may result in fewer requests being attempted and/or some servers not being @@ -502,7 +495,7 @@ The default value for the client is \fBedwards25519\fP\&. The default value for the KDC is empty. New in release 1.17. .TP \fBticket_lifetime\fP -(duration string.) Sets the default lifetime for initial +(\fI\%Time duration\fP string.) Sets the default lifetime for initial ticket requests. The default value is 1 day. .TP \fBudp_preference_limit\fP @@ -535,7 +528,7 @@ following tags may be specified in the realm\(aqs subsection: \fBadmin_server\fP Identifies the host where the administration server is running. Typically, this is the primary Kerberos server. This tag must be -given a value in order to communicate with the kadmind(8) +given a value in order to communicate with the \fI\%kadmind\fP server for the realm. .TP \fBauth_to_local\fP @@ -572,8 +565,7 @@ For example: .INDENT 7.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [realms] ATHENA.MIT.EDU = { auth_to_local = RULE:[2:$1](johndoe)s/^.*$/guest/ @@ -581,8 +573,7 @@ For example: auth_to_local = RULE:[2:$2](^.*;root)s/^.*$/root/ auth_to_local = DEFAULT } -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -642,20 +633,21 @@ to a value conforming to one of the previous values. For example, been set to \fBFILE:/tmp/my_proxy.pem\fP\&. .TP \fBkdc\fP -The name or address of a host running a KDC for that realm. An -optional port number, separated from the hostname by a colon, may -be included. If the name or address contains colons (for example, -if it is an IPv6 address), enclose it in square brackets to +The name or address of a host running a KDC for the realm, or a +UNIX domain socket path of a locally running KDC. An optional +port number, separated from the hostname by a colon, may be +included. If the name or address contains colons (for example, if +it is an IPv6 address), enclose it in square brackets to distinguish the colon from a port separator. For your computer to be able to communicate with the KDC for each realm, this tag must be given a value in each realm subsection in the configuration file, or there must be DNS SRV records specifying the KDCs. .TP \fBkpasswd_server\fP -Points to the server where all the password changes are performed. -If there is no such entry, DNS will be queried (unless forbidden -by \fBdns_lookup_kdc\fP). Finally, port 464 on the \fBadmin_server\fP -host will be tried. +The location of the password change server for the realm, using +the same syntax as \fBkdc\fP\&. If there is no such entry, DNS will +be queried (unless forbidden by \fBdns_lookup_kdc\fP). Finally, +port 464 on the \fBadmin_server\fP host will be tried. .TP \fBmaster_kdc\fP The name for \fBprimary_kdc\fP prior to release 1.19. Its value is @@ -698,14 +690,12 @@ Tag names should be in lower case. For example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [domain_realm] crash.mit.edu = TEST.ATHENA.MIT.EDU .dev.mit.edu = TEST.ATHENA.MIT.EDU mit.edu = ATHENA.MIT.EDU -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -739,7 +729,7 @@ There is a tag for each participating client realm, and each tag has subtags for each of the server realms. The value of the subtags is an intermediate realm which may participate in the cross\-realm authentication. The subtags may be repeated if there is more then one -intermediate realm. A value of "." means that the two realms share +intermediate realm. A value of \(dq.\(dq means that the two realms share keys directly, and no intermediate realms should be allowed to participate. .sp @@ -757,8 +747,7 @@ would look like this: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [capaths] ANL.GOV = { TEST.ANL.GOV = . @@ -778,8 +767,7 @@ would look like this: ES.NET = { ANL.GOV = . } -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -788,8 +776,7 @@ systems would look like this: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [capaths] NERSC.GOV = { ANL.GOV = ES.NET @@ -811,8 +798,7 @@ systems would look like this: NERSC.GOV = ANL.GOV NERSC.GOV = ES.NET } -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -829,8 +815,7 @@ For example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [appdefaults] telnet = { ATHENA.MIT.EDU = { @@ -845,8 +830,7 @@ For example: option2 = false } option2 = true -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -970,7 +954,7 @@ following built\-in modules exist for this interface: .INDENT 0.0 .TP \fBacl\fP -This module reads the kadm5.acl(5) file, and authorizes +This module reads the \fI\%kadm5.acl\fP file, and authorizes operations which are allowed according to the rules in the file. .TP \fBself\fP @@ -1046,7 +1030,7 @@ realm\(aqs section, and applies the default method if no .TP \fBk5login\fP This module authorizes a principal to a local account according to -the account\(aqs \&.k5login(5) file. +the account\(aqs \fI\%\&.k5login\fP file. .TP \fBan2ln\fP This module authorizes a principal to a local account if the @@ -1095,14 +1079,12 @@ realm\-specific subsection of [libdefaults]: .INDENT 3.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [libdefaults] EXAMPLE.COM = { pkinit_anchors = FILE:/usr/local/example.com.crt } -.ft P -.fi +.EE .UNINDENT .UNINDENT .IP 2. 3 @@ -1110,14 +1092,12 @@ realm\-specific value in the [realms] section: .INDENT 3.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [realms] OTHERREALM.ORG = { pkinit_anchors = FILE:/usr/local/otherrealm.org.crt } -.ft P -.fi +.EE .UNINDENT .UNINDENT .IP 3. 3 @@ -1125,12 +1105,10 @@ generic value in the [libdefaults] section: .INDENT 3.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [libdefaults] pkinit_anchors = DIR:/usr/local/generic_trusted_cas/ -.ft P -.fi +.EE .UNINDENT .UNINDENT .UNINDENT @@ -1188,8 +1166,10 @@ module\-name is specified, the default is \fB@PKCS11MOD@\fP\&. a particular smard card reader or token if there is more than one available. \fBcertid=\fP and/or \fBcertlabel=\fP may be specified to force the selection of a particular certificate on the device. -See the \fBpkinit_cert_match\fP configuration option for more ways -to select a particular certificate to use for PKINIT. +Specifier values must not contain colon characters, as colons are +always treated as separators. See the \fBpkinit_cert_match\fP +configuration option for more ways to select a particular +certificate to use for PKINIT. .TP \fBENV:\fP\fIenvvar\fP \fIenvvar\fP specifies the name of an environment variable which has @@ -1281,13 +1261,11 @@ Examples: .INDENT 7.0 .INDENT 3.5 .sp -.nf -.ft C +.EX pkinit_cert_match = ||.*DoE.*.*@EXAMPLE.COM pkinit_cert_match = &&msScLogin,clientAuth.*DoE.* pkinit_cert_match = msScLogin,clientAuthdigitalSignature -.ft P -.fi +.EE .UNINDENT .UNINDENT .TP @@ -1480,8 +1458,7 @@ Here is an example of a generic krb5.conf file: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX [libdefaults] default_realm = ATHENA.MIT.EDU dns_lookup_kdc = true @@ -1511,8 +1488,7 @@ Here is an example of a generic krb5.conf file: EXAMPLE.COM = { ATHENA.MIT.EDU = . } -.ft P -.fi +.EE .UNINDENT .UNINDENT .SH FILES diff --git a/src/man/krb5kdc.man b/src/man/krb5kdc.man index 3b619435bf..3975369051 100644 --- a/src/man/krb5kdc.man +++ b/src/man/krb5kdc.man @@ -53,7 +53,7 @@ Distribution Center (AS/KDC). The \fB\-r\fP \fIrealm\fP option specifies the realm for which the server should provide service. This option may be specified multiple times to serve multiple realms. If no \fB\-r\fP option is given, the default -realm (as specified in krb5.conf(5)) will be served. +realm (as specified in \fI\%krb5.conf\fP) will be served. .sp The \fB\-d\fP \fIdbname\fP option specifies the name under which the principal database can be found. This option does not apply to the @@ -80,8 +80,8 @@ process. The \fB\-p\fP \fIportnum\fP option specifies the default UDP and TCP port numbers which the KDC should listen on for Kerberos version 5 requests, as a comma\-separated list. This value overrides the port -numbers specified in the kdcdefaults section of -kdc.conf(5), but may be overridden by realm\-specific values. +numbers specified in the \fI\%[kdcdefaults]\fP section of +\fI\%kdc.conf\fP, but may be overridden by realm\-specific values. If no value is given from any source, the default port is 88. .sp The \fB\-w\fP \fInumworkers\fP option tells the KDC to fork \fInumworkers\fP @@ -93,7 +93,7 @@ terminate the worker subprocess if the it is itself terminated or if any other worker process exits. .sp The \fB\-x\fP \fIdb_args\fP option specifies database\-specific arguments. -See Database Options in kadmin(1) for +See \fI\%Database Options\fP in \fI\%kadmin\fP for supported arguments. .sp The \fB\-T\fP \fIoffset\fP option specifies a time offset, in seconds, which @@ -109,29 +109,34 @@ For example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX krb5kdc \-p 2001 \-r REALM1 \-p 2002 \-r REALM2 \-r REALM3 -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp specifies that the KDC listen on port 2001 for REALM1 and on port 2002 for REALM2 and REALM3. Additionally, per\-realm parameters may be -specified in the kdc.conf(5) file. The location of this file +specified in the \fI\%kdc.conf\fP file. The location of this file may be specified by the \fBKRB5_KDC_PROFILE\fP environment variable. Per\-realm parameters specified in this file take precedence over -options specified on the command line. See the kdc.conf(5) +options specified on the command line. See the \fI\%kdc.conf\fP description for further details. .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. +.sp +As of release 1.22, krb5kdc supports systemd socket activation via the +LISTEN_PID and LISTEN_FDS environment variables. Sockets provided by +the caller must correspond to configured listener addresses (via the +\fBkdc_listen\fP variable or equivalent) or they will be ignored. Any +configured listener addresses that do not correspond to +caller\-provided sockets will be ignored if socket activation is used. .SH SEE ALSO .sp -kdb5_util(8), kdc.conf(5), krb5.conf(5), -kdb5_ldap_util(8), kerberos(7) +\fI\%kdb5_util\fP, \fI\%kdc.conf\fP, \fI\%krb5.conf\fP, +\fI\%kdb5_ldap_util\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/ksu.man b/src/man/ksu.man index 83553bc7bd..16d174fce7 100644 --- a/src/man/ksu.man +++ b/src/man/ksu.man @@ -58,11 +58,11 @@ the target user, and the other is to create a new security context. .INDENT 0.0 .INDENT 3.5 For the sake of clarity, all references to and attributes of -the user invoking the program will start with "source" -(e.g., "source user", "source cache", etc.). +the user invoking the program will start with \(dqsource\(dq +(e.g., \(dqsource user\(dq, \(dqsource cache\(dq, etc.). .sp Likewise, all references to and attributes of the target -account will start with "target". +account will start with \(dqtarget\(dq. .UNINDENT .UNINDENT .SH AUTHENTICATION @@ -100,7 +100,7 @@ option, see the OPTIONS section. Upon successful authentication, ksu checks whether the target principal is authorized to access the target account. In the target user\(aqs home directory, ksu attempts to access two authorization files: -\&.k5login(5) and .k5users. In the .k5login file each line +\fI\%\&.k5login\fP and .k5users. In the .k5login file each line contains the name of a principal that is authorized to access the account. .sp @@ -108,13 +108,11 @@ For example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX jqpublic@USC.EDU jqpublic/secure@USC.EDU jqpublic/admin@USC.EDU -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -253,11 +251,9 @@ the resulting cache does not already exist. For example: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX krb5cc_1984.2 -.ft P -.fi +.EE .UNINDENT .UNINDENT .UNINDENT @@ -299,12 +295,12 @@ ticket granting ticket options that are specified will be used when getting a ticket granting ticket from the Kerberos server. .TP \fB\-l\fP \fIlifetime\fP -(duration string.) Specifies the lifetime to be requested +(\fI\%Time duration\fP string.) Specifies the lifetime to be requested for the ticket; if this option is not specified, the default ticket lifetime (12 hours) is used instead. .TP \fB\-r\fP \fItime\fP -(duration string.) Specifies that the \fBrenewable\fP option +(\fI\%Time duration\fP string.) Specifies that the \fBrenewable\fP option should be requested for the ticket, and specifies the desired total lifetime of the ticket. .TP @@ -333,11 +329,9 @@ executes the specified command. Example of usage: .INDENT 7.0 .INDENT 3.5 .sp -.nf -.ft C +.EX ksu bob \-e ls \-lag -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -360,13 +354,11 @@ example: .INDENT 7.0 .INDENT 3.5 .sp -.nf -.ft C +.EX jqpublic@USC.EDU ls mail /local/kerberos/klist jqpublic/secure@USC.EDU * jqpublic/admin@USC.EDU -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -400,11 +392,9 @@ used as follows: .INDENT 7.0 .INDENT 3.5 .sp -.nf -.ft C +.EX \-a \-c [command [arguments]]. -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -435,8 +425,8 @@ authorized to execute (via .k5users file). .TP \fBHAVE_GETUSERSHELL\fP If the source user is non\-root, ksu insists that the target user\(aqs -shell to be invoked is a "legal shell". \fIgetusershell(3)\fP is -called to obtain the names of "legal shells". Note that the +shell to be invoked is a \(dqlegal shell\(dq. \fIgetusershell(3)\fP is +called to obtain the names of \(dqlegal shells\(dq. Note that the target user\(aqs shell is obtained from the passwd file. .UNINDENT .sp @@ -444,11 +434,9 @@ Sample configuration: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C -KSU_OPTS = \-DGET_TGT_VIA_PASSWD \-DPRINC_LOOK_AHEAD \-DCMD_PATH=\(aq"/bin /usr/ucb /local/bin" -.ft P -.fi +.EX +KSU_OPTS = \-DGET_TGT_VIA_PASSWD \-DPRINC_LOOK_AHEAD \-DCMD_PATH=\(aq\(dq/bin /usr/ucb /local/bin\(dq +.EE .UNINDENT .UNINDENT .sp @@ -466,11 +454,11 @@ ksu deletes all expired tickets from the source cache. GENNADY (ARI) MEDVINSKY .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kerberos(7), kinit(1) +\fI\%kerberos\fP, \fI\%kinit\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kswitch.man b/src/man/kswitch.man index 265a61221f..f6e4abcc7c 100644 --- a/src/man/kswitch.man +++ b/src/man/kswitch.man @@ -51,7 +51,7 @@ made primary. .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH FILES .INDENT 0.0 @@ -61,8 +61,8 @@ Default location of Kerberos 5 credentials cache .UNINDENT .SH SEE ALSO .sp -kinit(1), kdestroy(1), klist(1), -kerberos(7) +\fI\%kinit\fP, \fI\%kdestroy\fP, \fI\%klist\fP, +\fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/ktutil.man b/src/man/ktutil.man index 7ea54a2b64..ce810f8d42 100644 --- a/src/man/ktutil.man +++ b/src/man/ktutil.man @@ -133,8 +133,7 @@ Aliases: \fBexit\fP, \fBq\fP .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX ktutil: add_entry \-password \-p alice@BLEEP.COM \-k 1 \-e aes128\-cts\-hmac\-sha1\-96 Password for alice@BLEEP.COM: @@ -143,19 +142,18 @@ ktutil: add_entry \-password \-p alice@BLEEP.COM \-k 1 \-e Password for alice@BLEEP.COM: ktutil: write_kt alice.keytab ktutil: -.ft P -.fi +.EE .UNINDENT .UNINDENT .UNINDENT .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kadmin(1), kdb5_util(8), kerberos(7) +\fI\%kadmin\fP, \fI\%kdb5_util\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/kvno.man b/src/man/kvno.man index 493d079ca5..a7a522fa9f 100644 --- a/src/man/kvno.man +++ b/src/man/kvno.man @@ -122,7 +122,7 @@ encrypted in the server\(aqs long\-term key. .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH FILES .INDENT 0.0 @@ -132,7 +132,7 @@ Default location of the credentials cache .UNINDENT .SH SEE ALSO .sp -kinit(1), kdestroy(1), kerberos(7) +\fI\%kinit\fP, \fI\%kdestroy\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/sclient.man b/src/man/sclient.man index 7c23582e84..0d65552bb1 100644 --- a/src/man/sclient.man +++ b/src/man/sclient.man @@ -36,16 +36,16 @@ sclient \- sample Kerberos version 5 client .SH DESCRIPTION .sp sclient is a sample application, primarily useful for testing -purposes. It contacts a sample server sserver(8) and +purposes. It contacts a sample server \fI\%sserver\fP and authenticates to it using Kerberos version 5 tickets, then displays the server\(aqs response. .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kinit(1), sserver(8), kerberos(7) +\fI\%kinit\fP, \fI\%sserver\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/man/sserver.man b/src/man/sserver.man index 096c13c297..dbe2d6d89a 100644 --- a/src/man/sserver.man +++ b/src/man/sserver.man @@ -38,7 +38,7 @@ sserver \- sample Kerberos version 5 server [ \fIserver_port\fP ] .SH DESCRIPTION .sp -sserver and sclient(1) are a simple demonstration client/server +sserver and \fI\%sclient\fP are a simple demonstration client/server application. When sclient connects to sserver, it performs a Kerberos authentication, and then sserver returns to sclient the Kerberos principal which was used for the Kerberos authentication. It makes a @@ -47,7 +47,7 @@ good test that Kerberos has been successfully installed on a machine. The service name used by sserver and sclient is sample. Hence, sserver will require that there be a keytab entry for the service \fBsample/hostname.domain.name@REALM.NAME\fP\&. This keytab is generated -using the kadmin(1) program. The keytab file is usually +using the \fI\%kadmin\fP program. The keytab file is usually installed as \fB@KTNAME@\fP\&. .sp The \fB\-S\fP option allows for a different keytab than the default. @@ -57,11 +57,9 @@ sserver is normally invoked out of inetd(8), using a line in .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX sample stream tcp nowait root /usr/local/sbin/sserver sserver -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -71,17 +69,15 @@ like this: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX sample 13135/tcp -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp When using sclient, you will first have to have an entry in the -Kerberos database, by using kadmin(1), and then you have to get -Kerberos tickets, by using kinit(1)\&. Also, if you are running +Kerberos database, by using \fI\%kadmin\fP, and then you have to get +Kerberos tickets, by using \fI\%kinit\fP\&. Also, if you are running the sclient program on a different host than the sserver it will be connecting to, be sure that both hosts have an entry in /etc/services for the sample tcp port, and that the same port number is in both @@ -91,13 +87,11 @@ When you run sclient you should see something like this: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX sendauth succeeded, reply is: reply len 32, contents: You are nlgilman@JIMI.MIT.EDU -.ft P -.fi +.EE .UNINDENT .UNINDENT .SH COMMON ERROR MESSAGES @@ -107,12 +101,10 @@ kinit returns the error: .INDENT 3.0 .INDENT 3.5 .sp -.nf -.ft C +.EX kinit: Client not found in Kerberos database while getting initial credentials -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -123,11 +115,9 @@ sclient returns the error: .INDENT 3.0 .INDENT 3.5 .sp -.nf -.ft C +.EX unknown service sample/tcp; check /etc/services -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -138,11 +128,9 @@ sclient returns the error: .INDENT 3.0 .INDENT 3.5 .sp -.nf -.ft C +.EX connect: Connection refused -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp @@ -153,30 +141,26 @@ sclient returns the error: .INDENT 3.0 .INDENT 3.5 .sp -.nf -.ft C +.EX sclient: Server not found in Kerberos database while using sendauth -.ft P -.fi +.EE .UNINDENT .UNINDENT .sp This means that the \fBsample/hostname@LOCAL.REALM\fP service was not defined in the Kerberos database; it should be created using -kadmin(1), and a keytab file needs to be generated to make +\fI\%kadmin\fP, and a keytab file needs to be generated to make the key for that service principal available for sclient. .IP 5. 3 sclient returns the error: .INDENT 3.0 .INDENT 3.5 .sp -.nf -.ft C +.EX sendauth rejected, error reply is: - "No such file or directory" -.ft P -.fi + \(dqNo such file or directory\(dq +.EE .UNINDENT .UNINDENT .sp @@ -185,11 +169,11 @@ probably not installed in the proper directory. .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -sclient(1), kerberos(7), services(5), inetd(8) +\fI\%sclient\fP, \fI\%kerberos\fP, services(5), inetd(8) .SH AUTHOR MIT .SH COPYRIGHT diff --git a/src/plugins/preauth/pkinit/deps b/src/plugins/preauth/pkinit/deps index b6f4476fe8..90d5d8da89 100644 --- a/src/plugins/preauth/pkinit/deps +++ b/src/plugins/preauth/pkinit/deps @@ -28,13 +28,17 @@ pkinit_srv.so pkinit_srv.po $(OUTPRE)pkinit_srv.$(OBJEXT): \ pkinit_srv.c pkinit_trace.h pkinit_lib.so pkinit_lib.po $(OUTPRE)pkinit_lib.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \ $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \ - pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_lib.c \ - pkinit_trace.h + $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h pkcs11.h pkinit.h \ + pkinit_accessor.h pkinit_crypto.h pkinit_lib.c pkinit_trace.h pkinit_kdf_test.so pkinit_kdf_test.po $(OUTPRE)pkinit_kdf_test.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \ @@ -93,12 +97,12 @@ pkinit_identity.so pkinit_identity.po $(OUTPRE)pkinit_identity.$(OBJEXT): \ pkinit_matching.so pkinit_matching.po $(OUTPRE)pkinit_matching.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \ - $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \ - pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_matching.c \ - pkinit_trace.h + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-regex.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ + pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \ + pkinit_matching.c pkinit_trace.h pkinit_crypto_openssl.so pkinit_crypto_openssl.po $(OUTPRE)pkinit_crypto_openssl.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ diff --git a/src/po/mit-krb5.pot b/src/po/mit-krb5.pot index bdc31f59bb..1f883bf4ef 100644 --- a/src/po/mit-krb5.pot +++ b/src/po/mit-krb5.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: mit-krb5 1.22-prerelease\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-08-20 16:45-0400\n" +"POT-Creation-Date: 2025-05-03 23:52-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -55,7 +55,7 @@ msgid "Other credential caches present, use -A to destroy all\n" msgstr "" #: ../../src/clients/kdestroy/kdestroy.c:110 -#: ../../src/clients/kinit/kinit.c:332 ../../src/clients/ksu/main.c:295 +#: ../../src/clients/kinit/kinit.c:332 ../../src/clients/ksu/main.c:284 #, c-format msgid "Only one -c option allowed\n" msgstr "" @@ -77,10 +77,10 @@ msgid "-A option is exclusive with -p option\n" msgstr "" #: ../../src/clients/kdestroy/kdestroy.c:150 -#: ../../src/clients/klist/klist.c:240 ../../src/clients/ksu/main.c:134 -#: ../../src/clients/ksu/main.c:140 ../../src/clients/kswitch/kswitch.c:94 -#: ../../src/kadmin/ktutil/ktutil.c:51 ../../src/kdc/main.c:924 -#: ../../src/kprop/kprop.c:103 ../../src/kprop/kpropd.c:1059 +#: ../../src/clients/klist/klist.c:240 ../../src/clients/ksu/main.c:133 +#: ../../src/clients/ksu/main.c:139 ../../src/clients/kswitch/kswitch.c:94 +#: ../../src/kadmin/ktutil/ktutil.c:51 ../../src/kdc/main.c:919 +#: ../../src/kprop/kprop.c:103 ../../src/kprop/kpropd.c:1060 msgid "while initializing krb5" msgstr "" @@ -116,7 +116,7 @@ msgstr "" msgid "while resolving ccache" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:211 ../../src/clients/ksu/main.c:1023 +#: ../../src/clients/kdestroy/kdestroy.c:211 ../../src/clients/ksu/main.c:1011 msgid "while destroying cache" msgstr "" @@ -345,7 +345,7 @@ msgid "while getting default ccache" msgstr "" #: ../../src/clients/kinit/kinit.c:462 ../../src/clients/kinit/kinit.c:530 -#: ../../src/clients/kpasswd/kpasswd.c:30 ../../src/clients/ksu/main.c:248 +#: ../../src/clients/kpasswd/kpasswd.c:30 ../../src/clients/ksu/main.c:247 #, c-format msgid "when parsing name %s" msgstr "" @@ -626,8 +626,8 @@ msgid "while starting keytab scan" msgstr "" #: ../../src/clients/klist/klist.c:327 ../../src/clients/klist/klist.c:485 -#: ../../src/clients/ksu/ccache.c:340 ../../src/kadmin/dbutil/dump.c:487 -#: ../../src/kadmin/dbutil/tabdump.c:549 +#: ../../src/clients/ksu/ccache.c:340 ../../src/kadmin/dbutil/dump.c:442 +#: ../../src/kadmin/dbutil/tabdump.c:587 msgid "while unparsing principal name" msgstr "" @@ -668,7 +668,7 @@ msgid "while retrieving a ticket" msgstr "" #: ../../src/clients/klist/klist.c:689 ../../src/clients/ksu/ccache.c:326 -#: ../../src/kprop/kpropd.c:1206 ../../src/kprop/kpropd.c:1271 +#: ../../src/kprop/kpropd.c:1213 ../../src/kprop/kpropd.c:1278 msgid "while unparsing client name" msgstr "" @@ -720,17 +720,18 @@ msgstr "" msgid "\tTicket server: %s\n" msgstr "" -#: ../../src/clients/klist/klist.c:843 ../../src/clients/klist/klist.c:853 +#: ../../src/clients/klist/klist.c:844 ../../src/clients/klist/klist.c:854 +#: ../../src/clients/klist/klist.c:864 #, c-format msgid "broken address (type %d length %d)" msgstr "" -#: ../../src/clients/klist/klist.c:862 +#: ../../src/clients/klist/klist.c:873 #, c-format msgid "unknown addrtype %d" msgstr "" -#: ../../src/clients/klist/klist.c:871 +#: ../../src/clients/klist/klist.c:882 #, c-format msgid "unprintable address (type %d, error %d %s)" msgstr "" @@ -868,7 +869,7 @@ msgstr "" msgid " in remotely using an unsecure (non-encrypted) channel. \n" msgstr "" -#: ../../src/clients/ksu/krb_auth_su.c:107 ../../src/clients/ksu/main.c:480 +#: ../../src/clients/ksu/krb_auth_su.c:107 ../../src/clients/ksu/main.c:468 msgid "while reclaiming root uid" msgstr "" @@ -928,274 +929,274 @@ msgid "" "[args... ] ]\n" msgstr "" -#: ../../src/clients/ksu/main.c:150 +#: ../../src/clients/ksu/main.c:149 msgid "" "program name too long - quitting to avoid triggering system logging bugs" msgstr "" -#: ../../src/clients/ksu/main.c:176 +#: ../../src/clients/ksu/main.c:175 msgid "while allocating memory" msgstr "" -#: ../../src/clients/ksu/main.c:189 +#: ../../src/clients/ksu/main.c:188 msgid "while setting euid to source user" msgstr "" -#: ../../src/clients/ksu/main.c:200 ../../src/clients/ksu/main.c:241 +#: ../../src/clients/ksu/main.c:199 ../../src/clients/ksu/main.c:240 #, c-format msgid "Bad lifetime value (%s hours?)\n" msgstr "" -#: ../../src/clients/ksu/main.c:212 ../../src/clients/ksu/main.c:303 +#: ../../src/clients/ksu/main.c:211 ../../src/clients/ksu/main.c:292 msgid "when gathering parameters" msgstr "" -#: ../../src/clients/ksu/main.c:262 +#: ../../src/clients/ksu/main.c:261 #, c-format msgid "-z option is mutually exclusive with -Z.\n" msgstr "" -#: ../../src/clients/ksu/main.c:270 +#: ../../src/clients/ksu/main.c:269 #, c-format msgid "-Z option is mutually exclusive with -z.\n" msgstr "" -#: ../../src/clients/ksu/main.c:283 +#: ../../src/clients/ksu/main.c:279 #, c-format msgid "while looking for credentials cache %s" msgstr "" -#: ../../src/clients/ksu/main.c:289 -#, c-format -msgid "malformed credential cache name %s\n" -msgstr "" - -#: ../../src/clients/ksu/main.c:347 +#: ../../src/clients/ksu/main.c:336 #, c-format msgid "ksu: who are you?\n" msgstr "" -#: ../../src/clients/ksu/main.c:351 +#: ../../src/clients/ksu/main.c:340 #, c-format msgid "Your uid doesn't match your passwd entry?!\n" msgstr "" -#: ../../src/clients/ksu/main.c:366 +#: ../../src/clients/ksu/main.c:355 #, c-format msgid "ksu: unknown login %s\n" msgstr "" -#: ../../src/clients/ksu/main.c:386 +#: ../../src/clients/ksu/main.c:367 +#, c-format +msgid "ksu: failed to get default ccache name\n" +msgstr "" + +#: ../../src/clients/ksu/main.c:374 msgid "while getting source cache" msgstr "" -#: ../../src/clients/ksu/main.c:395 +#: ../../src/clients/ksu/main.c:383 msgid "while selecting the best principal" msgstr "" -#: ../../src/clients/ksu/main.c:403 +#: ../../src/clients/ksu/main.c:391 msgid "while returning to source uid after finding best principal" msgstr "" -#: ../../src/clients/ksu/main.c:423 +#: ../../src/clients/ksu/main.c:411 #, c-format msgid "account %s: authorization failed\n" msgstr "" -#: ../../src/clients/ksu/main.c:458 +#: ../../src/clients/ksu/main.c:446 msgid "while parsing temporary name" msgstr "" -#: ../../src/clients/ksu/main.c:463 +#: ../../src/clients/ksu/main.c:451 msgid "while creating temporary cache" msgstr "" -#: ../../src/clients/ksu/main.c:469 ../../src/clients/ksu/main.c:709 +#: ../../src/clients/ksu/main.c:457 ../../src/clients/ksu/main.c:697 #, c-format msgid "while copying cache %s to %s" msgstr "" -#: ../../src/clients/ksu/main.c:487 +#: ../../src/clients/ksu/main.c:475 #, c-format msgid "" "WARNING: Your password may be exposed if you enter it here and are logged\n" msgstr "" -#: ../../src/clients/ksu/main.c:489 +#: ../../src/clients/ksu/main.c:477 #, c-format msgid " in remotely using an unsecure (non-encrypted) channel.\n" msgstr "" -#: ../../src/clients/ksu/main.c:495 +#: ../../src/clients/ksu/main.c:483 #, c-format msgid "Goodbye\n" msgstr "" -#: ../../src/clients/ksu/main.c:499 +#: ../../src/clients/ksu/main.c:487 #, c-format msgid "Could not get a tgt for " msgstr "" -#: ../../src/clients/ksu/main.c:521 +#: ../../src/clients/ksu/main.c:509 #, c-format msgid "Authentication failed.\n" msgstr "" -#: ../../src/clients/ksu/main.c:529 +#: ../../src/clients/ksu/main.c:517 msgid "When unparsing name" msgstr "" -#: ../../src/clients/ksu/main.c:533 +#: ../../src/clients/ksu/main.c:521 #, c-format msgid "Authenticated %s\n" msgstr "" -#: ../../src/clients/ksu/main.c:540 +#: ../../src/clients/ksu/main.c:528 msgid "while switching to target for authorization check" msgstr "" -#: ../../src/clients/ksu/main.c:547 +#: ../../src/clients/ksu/main.c:535 msgid "while checking authorization" msgstr "" -#: ../../src/clients/ksu/main.c:553 +#: ../../src/clients/ksu/main.c:541 msgid "while switching back from target after authorization check" msgstr "" -#: ../../src/clients/ksu/main.c:560 +#: ../../src/clients/ksu/main.c:548 #, c-format msgid "Account %s: authorization for %s for execution of\n" msgstr "" -#: ../../src/clients/ksu/main.c:562 +#: ../../src/clients/ksu/main.c:550 #, c-format msgid " %s successful\n" msgstr "" -#: ../../src/clients/ksu/main.c:568 +#: ../../src/clients/ksu/main.c:556 #, c-format msgid "Account %s: authorization for %s successful\n" msgstr "" -#: ../../src/clients/ksu/main.c:580 +#: ../../src/clients/ksu/main.c:568 #, c-format msgid "Account %s: authorization for %s for execution of %s failed\n" msgstr "" -#: ../../src/clients/ksu/main.c:588 +#: ../../src/clients/ksu/main.c:576 #, c-format msgid "Account %s: authorization of %s failed\n" msgstr "" -#: ../../src/clients/ksu/main.c:603 +#: ../../src/clients/ksu/main.c:591 msgid "while calling cc_filter" msgstr "" -#: ../../src/clients/ksu/main.c:611 +#: ../../src/clients/ksu/main.c:599 msgid "while erasing target cache" msgstr "" -#: ../../src/clients/ksu/main.c:631 +#: ../../src/clients/ksu/main.c:619 #, c-format msgid "ksu: permission denied (shell).\n" msgstr "" -#: ../../src/clients/ksu/main.c:640 +#: ../../src/clients/ksu/main.c:628 #, c-format msgid "ksu: couldn't set environment variable USER\n" msgstr "" -#: ../../src/clients/ksu/main.c:646 +#: ../../src/clients/ksu/main.c:634 #, c-format msgid "ksu: couldn't set environment variable HOME\n" msgstr "" -#: ../../src/clients/ksu/main.c:651 +#: ../../src/clients/ksu/main.c:639 #, c-format msgid "ksu: couldn't set environment variable SHELL\n" msgstr "" -#: ../../src/clients/ksu/main.c:662 +#: ../../src/clients/ksu/main.c:650 #, c-format msgid "ksu: initgroups failed.\n" msgstr "" -#: ../../src/clients/ksu/main.c:667 +#: ../../src/clients/ksu/main.c:655 #, c-format msgid "Leaving uid as %s (%ld)\n" msgstr "" -#: ../../src/clients/ksu/main.c:670 +#: ../../src/clients/ksu/main.c:658 #, c-format msgid "Changing uid to %s (%ld)\n" msgstr "" -#: ../../src/clients/ksu/main.c:696 +#: ../../src/clients/ksu/main.c:684 msgid "while getting name of target ccache" msgstr "" -#: ../../src/clients/ksu/main.c:716 +#: ../../src/clients/ksu/main.c:704 #, c-format msgid "%s does not have correct permissions for %s, %s aborted" msgstr "" -#: ../../src/clients/ksu/main.c:737 +#: ../../src/clients/ksu/main.c:725 #, c-format msgid "Internal error: command %s did not get resolved\n" msgstr "" -#: ../../src/clients/ksu/main.c:754 ../../src/clients/ksu/main.c:790 +#: ../../src/clients/ksu/main.c:742 ../../src/clients/ksu/main.c:778 #, c-format msgid "while trying to execv %s" msgstr "" -#: ../../src/clients/ksu/main.c:780 +#: ../../src/clients/ksu/main.c:768 msgid "while calling waitpid" msgstr "" -#: ../../src/clients/ksu/main.c:785 +#: ../../src/clients/ksu/main.c:773 msgid "while trying to fork." msgstr "" -#: ../../src/clients/ksu/main.c:835 +#: ../../src/clients/ksu/main.c:823 msgid "while reading cache name from ccache" msgstr "" -#: ../../src/clients/ksu/main.c:841 +#: ../../src/clients/ksu/main.c:829 #, c-format msgid "ksu: couldn't set environment variable %s\n" msgstr "" -#: ../../src/clients/ksu/main.c:867 +#: ../../src/clients/ksu/main.c:855 msgid "while resetting target ccache name" msgstr "" -#: ../../src/clients/ksu/main.c:881 +#: ../../src/clients/ksu/main.c:869 msgid "while determining target ccache name" msgstr "" -#: ../../src/clients/ksu/main.c:920 +#: ../../src/clients/ksu/main.c:908 msgid "while generating part of the target ccache name" msgstr "" -#: ../../src/clients/ksu/main.c:926 +#: ../../src/clients/ksu/main.c:914 msgid "while allocating memory for the target ccache name" msgstr "" -#: ../../src/clients/ksu/main.c:946 +#: ../../src/clients/ksu/main.c:934 msgid "while creating new target ccache" msgstr "" -#: ../../src/clients/ksu/main.c:952 +#: ../../src/clients/ksu/main.c:940 msgid "while initializing target cache" msgstr "" -#: ../../src/clients/ksu/main.c:992 +#: ../../src/clients/ksu/main.c:980 #, c-format msgid "terminal name %s too long\n" msgstr "" -#: ../../src/clients/ksu/main.c:1017 +#: ../../src/clients/ksu/main.c:1005 msgid "while changing to target uid for destroying ccache" msgstr "" @@ -1382,8 +1383,8 @@ msgstr "" msgid "%s: Cannot initialize. Not enough memory\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:380 ../../src/kadmin/cli/kadmin.c:840 -#: ../../src/kadmin/cli/kadmin.c:1109 ../../src/kadmin/cli/kadmin.c:1630 +#: ../../src/kadmin/cli/kadmin.c:380 ../../src/kadmin/cli/kadmin.c:889 +#: ../../src/kadmin/cli/kadmin.c:1158 ../../src/kadmin/cli/kadmin.c:1679 #: ../../src/kadmin/cli/keytab.c:148 ../../src/kadmin/dbutil/kdb5_util.c:559 #, c-format msgid "while parsing keysalts %s" @@ -1415,7 +1416,7 @@ msgid "%s: out of memory\n" msgstr "" #: ../../src/kadmin/cli/kadmin.c:468 ../../src/kadmin/cli/kadmin.c:483 -#: ../../src/kprop/kpropd.c:677 +#: ../../src/kprop/kpropd.c:678 msgid "while canonicalizing principal name" msgstr "" @@ -1462,7 +1463,7 @@ msgstr "" msgid "Authenticating as principal %s with password.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:580 ../../src/kprop/kpropd.c:722 +#: ../../src/kadmin/cli/kadmin.c:580 ../../src/kprop/kpropd.c:723 #, c-format msgid "while initializing %s interface" msgstr "" @@ -1488,15 +1489,15 @@ msgstr "" msgid "usage: delete_principal [-force] principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:680 ../../src/kadmin/cli/kadmin.c:859 +#: ../../src/kadmin/cli/kadmin.c:680 ../../src/kadmin/cli/kadmin.c:908 msgid "while parsing principal name" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:686 ../../src/kadmin/cli/kadmin.c:865 -#: ../../src/kadmin/cli/kadmin.c:1218 ../../src/kadmin/cli/kadmin.c:1343 -#: ../../src/kadmin/cli/kadmin.c:1413 ../../src/kadmin/cli/kadmin.c:1853 -#: ../../src/kadmin/cli/kadmin.c:1897 ../../src/kadmin/cli/kadmin.c:1943 -#: ../../src/kadmin/cli/kadmin.c:1983 +#: ../../src/kadmin/cli/kadmin.c:686 ../../src/kadmin/cli/kadmin.c:914 +#: ../../src/kadmin/cli/kadmin.c:1267 ../../src/kadmin/cli/kadmin.c:1392 +#: ../../src/kadmin/cli/kadmin.c:1462 ../../src/kadmin/cli/kadmin.c:1902 +#: ../../src/kadmin/cli/kadmin.c:1946 ../../src/kadmin/cli/kadmin.c:1992 +#: ../../src/kadmin/cli/kadmin.c:2032 msgid "while canonicalizing principal" msgstr "" @@ -1573,101 +1574,131 @@ msgid "" "reusing.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:782 +#: ../../src/kadmin/cli/kadmin.c:785 +msgid "usage: add_alias alias_principal target_principal\n" +msgstr "" + +#: ../../src/kadmin/cli/kadmin.c:790 +msgid "while parsing alias principal name" +msgstr "" + +#: ../../src/kadmin/cli/kadmin.c:795 +msgid "while parsing target principal name" +msgstr "" + +#: ../../src/kadmin/cli/kadmin.c:801 +msgid "while canonicalizing alias principal" +msgstr "" + +#: ../../src/kadmin/cli/kadmin.c:807 +msgid "while canonicalizing target principal" +msgstr "" + +#: ../../src/kadmin/cli/kadmin.c:813 +#, c-format +msgid "while aliasing principal \"%s\" to \"%s\"" +msgstr "" + +#: ../../src/kadmin/cli/kadmin.c:817 +#, c-format +msgid "Principal \"%s\" aliased to \"%s\".\n" +msgstr "" + +#: ../../src/kadmin/cli/kadmin.c:831 msgid "" "usage: change_password [-randkey] [-keepold] [-e keysaltlist] [-pw password] " "principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:808 +#: ../../src/kadmin/cli/kadmin.c:857 msgid "change_password: missing db argument" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:814 +#: ../../src/kadmin/cli/kadmin.c:863 msgid "change_password: Not enough memory\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:822 +#: ../../src/kadmin/cli/kadmin.c:871 msgid "change_password: missing password arg" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:833 +#: ../../src/kadmin/cli/kadmin.c:882 msgid "change_password: missing keysaltlist arg" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:844 +#: ../../src/kadmin/cli/kadmin.c:893 #, c-format msgid "unrecognized option %s" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:851 +#: ../../src/kadmin/cli/kadmin.c:900 msgid "missing principal name" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:853 +#: ../../src/kadmin/cli/kadmin.c:902 msgid "too many arguments" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:877 ../../src/kadmin/cli/kadmin.c:914 +#: ../../src/kadmin/cli/kadmin.c:926 ../../src/kadmin/cli/kadmin.c:963 #, c-format msgid "while changing password for \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:880 ../../src/kadmin/cli/kadmin.c:917 +#: ../../src/kadmin/cli/kadmin.c:929 ../../src/kadmin/cli/kadmin.c:966 #, c-format msgid "Password for \"%s\" changed.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:886 ../../src/kadmin/cli/kadmin.c:1294 +#: ../../src/kadmin/cli/kadmin.c:935 ../../src/kadmin/cli/kadmin.c:1343 #, c-format msgid "while randomizing key for \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:889 +#: ../../src/kadmin/cli/kadmin.c:938 #, c-format msgid "Key for \"%s\" randomized.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:894 ../../src/kadmin/cli/kadmin.c:1254 +#: ../../src/kadmin/cli/kadmin.c:943 ../../src/kadmin/cli/kadmin.c:1303 #, c-format msgid "Enter password for principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:896 ../../src/kadmin/cli/kadmin.c:1256 +#: ../../src/kadmin/cli/kadmin.c:945 ../../src/kadmin/cli/kadmin.c:1305 #, c-format msgid "Re-enter password for principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:901 ../../src/kadmin/cli/kadmin.c:1260 +#: ../../src/kadmin/cli/kadmin.c:950 ../../src/kadmin/cli/kadmin.c:1309 #, c-format msgid "while reading password for \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:955 +#: ../../src/kadmin/cli/kadmin.c:1004 msgid "Not enough memory\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:985 ../../src/kadmin/dbutil/kdb5_util.c:591 +#: ../../src/kadmin/cli/kadmin.c:1034 ../../src/kadmin/dbutil/kdb5_util.c:591 msgid "while getting time" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1126 ../../src/kadmin/cli/kadmin.c:1337 -#: ../../src/kadmin/cli/kadmin.c:1408 ../../src/kadmin/cli/kadmin.c:1847 -#: ../../src/kadmin/cli/kadmin.c:1891 ../../src/kadmin/cli/kadmin.c:1937 -#: ../../src/kadmin/cli/kadmin.c:1977 +#: ../../src/kadmin/cli/kadmin.c:1175 ../../src/kadmin/cli/kadmin.c:1386 +#: ../../src/kadmin/cli/kadmin.c:1457 ../../src/kadmin/cli/kadmin.c:1896 +#: ../../src/kadmin/cli/kadmin.c:1940 ../../src/kadmin/cli/kadmin.c:1986 +#: ../../src/kadmin/cli/kadmin.c:2026 msgid "while parsing principal" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1135 +#: ../../src/kadmin/cli/kadmin.c:1184 msgid "usage: add_principal [options] principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1136 ../../src/kadmin/cli/kadmin.c:1160 -#: ../../src/kadmin/cli/kadmin.c:1653 +#: ../../src/kadmin/cli/kadmin.c:1185 ../../src/kadmin/cli/kadmin.c:1209 +#: ../../src/kadmin/cli/kadmin.c:1702 msgid "\toptions are:\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1137 +#: ../../src/kadmin/cli/kadmin.c:1186 msgid "" "\t\t[-randkey|-nokey] [-x db_princ_args]* [-expire expdate] [-pwexpire " "pwexpdate] [-maxlife maxtixlife]\n" @@ -1677,11 +1708,11 @@ msgid "" "\t\t[{+|-}attribute]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1142 ../../src/kadmin/cli/kadmin.c:1165 +#: ../../src/kadmin/cli/kadmin.c:1191 ../../src/kadmin/cli/kadmin.c:1214 msgid "\tattributes are:\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1143 ../../src/kadmin/cli/kadmin.c:1166 +#: ../../src/kadmin/cli/kadmin.c:1192 ../../src/kadmin/cli/kadmin.c:1215 msgid "" "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n" "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n" @@ -1694,11 +1725,11 @@ msgid "" "\t\t\tLook at each database documentation for supported arguments\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1159 +#: ../../src/kadmin/cli/kadmin.c:1208 msgid "usage: modify_principal [options] principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1161 +#: ../../src/kadmin/cli/kadmin.c:1210 msgid "" "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife " "maxtixlife]\n" @@ -1706,170 +1737,170 @@ msgid "" "\t\t[-maxrenewlife maxrenewlife] [-unlock] [{+|-}attribute]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1225 ../../src/kadmin/cli/kadmin.c:1366 +#: ../../src/kadmin/cli/kadmin.c:1274 ../../src/kadmin/cli/kadmin.c:1415 #, c-format msgid "WARNING: policy \"%s\" does not exist\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1232 +#: ../../src/kadmin/cli/kadmin.c:1281 #, c-format msgid "No policy specified for %s; assigning \"default\"\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1238 +#: ../../src/kadmin/cli/kadmin.c:1287 #, c-format msgid "No policy specified for %s; defaulting to no policy\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1280 +#: ../../src/kadmin/cli/kadmin.c:1329 #, c-format msgid "Admin server does not support -nokey while creating \"%s\"\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1302 +#: ../../src/kadmin/cli/kadmin.c:1351 #, c-format msgid "while clearing DISALLOW_ALL_TIX for \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1349 +#: ../../src/kadmin/cli/kadmin.c:1398 #, c-format msgid "while getting \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1375 +#: ../../src/kadmin/cli/kadmin.c:1424 #, c-format msgid "while modifying \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1379 +#: ../../src/kadmin/cli/kadmin.c:1428 #, c-format msgid "Principal \"%s\" modified.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1400 +#: ../../src/kadmin/cli/kadmin.c:1449 msgid "usage: get_principal [-terse] principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1419 +#: ../../src/kadmin/cli/kadmin.c:1468 #, c-format msgid "while retrieving \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1424 ../../src/kadmin/cli/kadmin.c:1429 +#: ../../src/kadmin/cli/kadmin.c:1473 ../../src/kadmin/cli/kadmin.c:1478 msgid "while unparsing principal" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1433 +#: ../../src/kadmin/cli/kadmin.c:1482 #, c-format msgid "Principal: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1434 +#: ../../src/kadmin/cli/kadmin.c:1483 #, c-format msgid "Expiration date: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1435 ../../src/kadmin/cli/kadmin.c:1437 -#: ../../src/kadmin/cli/kadmin.c:1440 ../../src/kadmin/cli/kadmin.c:1448 +#: ../../src/kadmin/cli/kadmin.c:1484 ../../src/kadmin/cli/kadmin.c:1486 +#: ../../src/kadmin/cli/kadmin.c:1489 ../../src/kadmin/cli/kadmin.c:1497 msgid "[never]" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1436 +#: ../../src/kadmin/cli/kadmin.c:1485 #, c-format msgid "Last password change: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1438 +#: ../../src/kadmin/cli/kadmin.c:1487 #, c-format msgid "Password expiration date: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1441 +#: ../../src/kadmin/cli/kadmin.c:1490 #, c-format msgid "Maximum ticket life: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1442 +#: ../../src/kadmin/cli/kadmin.c:1491 #, c-format msgid "Maximum renewable life: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1444 +#: ../../src/kadmin/cli/kadmin.c:1493 #, c-format msgid "Last modified: %s (%s)\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1446 +#: ../../src/kadmin/cli/kadmin.c:1495 #, c-format msgid "Last successful authentication: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1452 +#: ../../src/kadmin/cli/kadmin.c:1501 #, c-format msgid "Failed password attempts: %d\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1454 +#: ../../src/kadmin/cli/kadmin.c:1503 #, c-format msgid "Number of keys: %d\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1462 +#: ../../src/kadmin/cli/kadmin.c:1511 #, c-format msgid "" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1474 +#: ../../src/kadmin/cli/kadmin.c:1523 #, c-format msgid "" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1480 +#: ../../src/kadmin/cli/kadmin.c:1529 #, c-format msgid "MKey: vno %d\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1482 +#: ../../src/kadmin/cli/kadmin.c:1531 #, c-format msgid "Attributes:" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1485 +#: ../../src/kadmin/cli/kadmin.c:1534 msgid "while printing flags" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1494 +#: ../../src/kadmin/cli/kadmin.c:1543 msgid "[none]" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1496 +#: ../../src/kadmin/cli/kadmin.c:1545 msgid " [does not exist]" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1497 +#: ../../src/kadmin/cli/kadmin.c:1546 #, c-format msgid "Policy: %s%s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1533 +#: ../../src/kadmin/cli/kadmin.c:1582 msgid "usage: get_principals [expression]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1538 ../../src/kadmin/cli/kadmin.c:1789 +#: ../../src/kadmin/cli/kadmin.c:1587 ../../src/kadmin/cli/kadmin.c:1838 msgid "while retrieving list." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1643 +#: ../../src/kadmin/cli/kadmin.c:1692 #, c-format msgid "%s: parser lost count!\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1652 +#: ../../src/kadmin/cli/kadmin.c:1701 #, c-format msgid "usage; %s [options] policy\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1654 +#: ../../src/kadmin/cli/kadmin.c:1703 msgid "" "\t\t[-maxlife time] [-minlife time] [-minlength length]\n" "\t\t[-minclasses number] [-history number]\n" @@ -1877,172 +1908,172 @@ msgid "" "\t\t[-allowedkeysalts keysalts]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1658 +#: ../../src/kadmin/cli/kadmin.c:1707 msgid "\t\t[-lockoutduration time]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1677 +#: ../../src/kadmin/cli/kadmin.c:1726 #, c-format msgid "while creating policy \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1698 +#: ../../src/kadmin/cli/kadmin.c:1747 #, c-format msgid "while modifying policy \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1710 +#: ../../src/kadmin/cli/kadmin.c:1759 msgid "usage: delete_policy [-force] policy\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1714 +#: ../../src/kadmin/cli/kadmin.c:1763 #, c-format msgid "Are you sure you want to delete the policy \"%s\"? (yes/no): " msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1718 +#: ../../src/kadmin/cli/kadmin.c:1767 #, c-format msgid "Policy \"%s\" not deleted.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1724 +#: ../../src/kadmin/cli/kadmin.c:1773 #, c-format msgid "while deleting policy \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1736 +#: ../../src/kadmin/cli/kadmin.c:1785 msgid "usage: get_policy [-terse] policy\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1741 +#: ../../src/kadmin/cli/kadmin.c:1790 #, c-format msgid "while retrieving policy \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1746 +#: ../../src/kadmin/cli/kadmin.c:1795 #, c-format msgid "Policy: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1747 +#: ../../src/kadmin/cli/kadmin.c:1796 #, c-format msgid "Maximum password life: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1748 +#: ../../src/kadmin/cli/kadmin.c:1797 #, c-format msgid "Minimum password life: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1749 +#: ../../src/kadmin/cli/kadmin.c:1798 #, c-format msgid "Minimum password length: %ld\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1750 +#: ../../src/kadmin/cli/kadmin.c:1799 #, c-format msgid "Minimum number of password character classes: %ld\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1752 +#: ../../src/kadmin/cli/kadmin.c:1801 #, c-format msgid "Number of old keys kept: %ld\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1753 +#: ../../src/kadmin/cli/kadmin.c:1802 #, c-format msgid "Maximum password failures before lockout: %lu\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1755 +#: ../../src/kadmin/cli/kadmin.c:1804 #, c-format msgid "Password failure count reset interval: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1757 +#: ../../src/kadmin/cli/kadmin.c:1806 #, c-format msgid "Password lockout duration: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1760 +#: ../../src/kadmin/cli/kadmin.c:1809 #, c-format msgid "Allowed key/salt types: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1784 +#: ../../src/kadmin/cli/kadmin.c:1833 msgid "usage: get_policies [expression]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1806 +#: ../../src/kadmin/cli/kadmin.c:1855 msgid "usage: get_privs\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1811 +#: ../../src/kadmin/cli/kadmin.c:1860 msgid "while retrieving privileges" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1814 +#: ../../src/kadmin/cli/kadmin.c:1863 #, c-format msgid "current privileges:" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1840 +#: ../../src/kadmin/cli/kadmin.c:1889 msgid "usage: purgekeys [-all|-keepkvno oldest_kvno_to_keep] principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1860 +#: ../../src/kadmin/cli/kadmin.c:1909 #, c-format msgid "while purging keys for principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1865 +#: ../../src/kadmin/cli/kadmin.c:1914 #, c-format msgid "All keys for principal \"%s\" removed.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1867 +#: ../../src/kadmin/cli/kadmin.c:1916 #, c-format msgid "Old keys for principal \"%s\" purged.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1884 +#: ../../src/kadmin/cli/kadmin.c:1933 msgid "usage: get_strings principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1904 +#: ../../src/kadmin/cli/kadmin.c:1953 #, c-format msgid "while getting attributes for principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1909 +#: ../../src/kadmin/cli/kadmin.c:1958 #, c-format msgid "(No string attributes.)\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1928 +#: ../../src/kadmin/cli/kadmin.c:1977 msgid "usage: set_string principal key value\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1950 +#: ../../src/kadmin/cli/kadmin.c:1999 #, c-format msgid "while setting attribute on principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1954 +#: ../../src/kadmin/cli/kadmin.c:2003 #, c-format msgid "Attribute set for principal \"%s\".\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1969 +#: ../../src/kadmin/cli/kadmin.c:2018 msgid "usage: del_string principal key\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1990 +#: ../../src/kadmin/cli/kadmin.c:2039 #, c-format msgid "while deleting attribute from principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1994 +#: ../../src/kadmin/cli/kadmin.c:2043 #, c-format msgid "Attribute removed from principal \"%s\".\n" msgstr "" @@ -2152,280 +2183,284 @@ msgstr "" msgid "creating invocation" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:165 +#: ../../src/kadmin/dbutil/dump.c:151 msgid "while allocating temporary filename dump" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:176 +#: ../../src/kadmin/dbutil/dump.c:162 msgid "while renaming dump file into place" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:196 +#: ../../src/kadmin/dbutil/dump.c:182 msgid "while allocating dump_ok filename" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:202 +#: ../../src/kadmin/dbutil/dump.c:188 #, c-format msgid "while creating 'ok' file, '%s'" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:207 +#: ../../src/kadmin/dbutil/dump.c:193 #, c-format msgid "while locking 'ok' file, '%s'" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:260 ../../src/kadmin/dbutil/dump.c:289 +#: ../../src/kadmin/dbutil/dump.c:238 #, c-format msgid "%s: regular expression error: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:272 +#: ../../src/kadmin/dbutil/dump.c:250 #, c-format msgid "%s: regular expression match error: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:373 +#: ../../src/kadmin/dbutil/dump.c:328 #, c-format msgid "%s: tagged data list inconsistency for %s (counted %d, stored %d)\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:495 +#: ../../src/kadmin/dbutil/dump.c:450 #, c-format msgid "while converting %s to new master key" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:516 +#: ../../src/kadmin/dbutil/dump.c:471 #, c-format msgid "%s(%d): %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:559 +#: ../../src/kadmin/dbutil/dump.c:514 #, c-format msgid "%s(%d): ignoring trash at end of line: " msgstr "" -#: ../../src/kadmin/dbutil/dump.c:622 +#: ../../src/kadmin/dbutil/dump.c:577 msgid "cannot read tagged data type and length" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:626 +#: ../../src/kadmin/dbutil/dump.c:581 msgid "data type or length overflowed" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:633 +#: ../../src/kadmin/dbutil/dump.c:588 msgid "cannot read tagged data contents" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:666 +#: ../../src/kadmin/dbutil/dump.c:621 msgid "cannot match size tokens" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:672 +#: ../../src/kadmin/dbutil/dump.c:627 msgid "cannot allocate principal (too large)" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:681 +#: ../../src/kadmin/dbutil/dump.c:636 msgid "cannot allocate tl_data (too large)" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:690 +#: ../../src/kadmin/dbutil/dump.c:645 msgid "invalid key_data size" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:707 +#: ../../src/kadmin/dbutil/dump.c:655 +msgid "invalid principal extra data size" +msgstr "" + +#: ../../src/kadmin/dbutil/dump.c:667 msgid "cannot read name string" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:712 +#: ../../src/kadmin/dbutil/dump.c:672 #, c-format msgid "while parsing name %s" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:720 +#: ../../src/kadmin/dbutil/dump.c:680 msgid "cannot read principal attributes" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:773 +#: ../../src/kadmin/dbutil/dump.c:733 msgid "cannot read key size and version" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:777 +#: ../../src/kadmin/dbutil/dump.c:737 msgid "unsupported key_data_ver version" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:781 +#: ../../src/kadmin/dbutil/dump.c:741 msgid "invalid kvno" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:792 +#: ../../src/kadmin/dbutil/dump.c:752 msgid "cannot read key type and length" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:798 +#: ../../src/kadmin/dbutil/dump.c:758 msgid "cannot read key data" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:808 +#: ../../src/kadmin/dbutil/dump.c:768 msgid "cannot read extra data" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:817 +#: ../../src/kadmin/dbutil/dump.c:777 #, c-format msgid "while storing %s" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:856 ../../src/kadmin/dbutil/dump.c:895 -#: ../../src/kadmin/dbutil/dump.c:941 ../../src/kadmin/dbutil/dump.c:960 +#: ../../src/kadmin/dbutil/dump.c:816 ../../src/kadmin/dbutil/dump.c:855 +#: ../../src/kadmin/dbutil/dump.c:901 ../../src/kadmin/dbutil/dump.c:920 #, c-format msgid "cannot parse policy (%d read)\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:864 ../../src/kadmin/dbutil/dump.c:903 -#: ../../src/kadmin/dbutil/dump.c:981 +#: ../../src/kadmin/dbutil/dump.c:824 ../../src/kadmin/dbutil/dump.c:863 +#: ../../src/kadmin/dbutil/dump.c:941 msgid "while creating policy" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:868 +#: ../../src/kadmin/dbutil/dump.c:828 #, c-format msgid "created policy %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1018 +#: ../../src/kadmin/dbutil/dump.c:978 #, c-format msgid "unknown record type \"%s\"\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1129 +#: ../../src/kadmin/dbutil/dump.c:1089 #, c-format msgid "%s: Unknown iprop dump version %d\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1207 ../../src/kadmin/dbutil/dump.c:1443 +#: ../../src/kadmin/dbutil/dump.c:1167 ../../src/kadmin/dbutil/dump.c:1403 #, c-format msgid "OV dump format not supported\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1229 ../../src/kadmin/dbutil/dump.c:1455 +#: ../../src/kadmin/dbutil/dump.c:1189 ../../src/kadmin/dbutil/dump.c:1415 #, c-format msgid "Iprop not enabled\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1266 +#: ../../src/kadmin/dbutil/dump.c:1226 msgid "Conditional dump is an undocumented option for use only for iprop dumps" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1279 +#: ../../src/kadmin/dbutil/dump.c:1239 msgid "Database not currently opened!" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1293 ../../src/kadmin/dbutil/kdb5_stash.c:114 +#: ../../src/kadmin/dbutil/dump.c:1253 ../../src/kadmin/dbutil/kdb5_stash.c:114 #: ../../src/kadmin/dbutil/kdb5_util.c:447 msgid "while reading master key" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1299 +#: ../../src/kadmin/dbutil/dump.c:1259 msgid "while verifying master key" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1318 ../../src/kadmin/dbutil/dump.c:1328 +#: ../../src/kadmin/dbutil/dump.c:1278 ../../src/kadmin/dbutil/dump.c:1288 msgid "while reading new master key" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1322 +#: ../../src/kadmin/dbutil/dump.c:1282 #, c-format msgid "Please enter new master key....\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1346 +#: ../../src/kadmin/dbutil/dump.c:1306 #, c-format msgid "while opening %s for writing" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1361 +#: ../../src/kadmin/dbutil/dump.c:1321 msgid "while reading update log header" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1376 ../../src/kadmin/dbutil/dump.c:1384 +#: ../../src/kadmin/dbutil/dump.c:1336 ../../src/kadmin/dbutil/dump.c:1344 #, c-format msgid "performing %s dump" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1414 +#: ../../src/kadmin/dbutil/dump.c:1374 #, c-format msgid "%s: error processing line %d of %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1464 +#: ../../src/kadmin/dbutil/dump.c:1424 msgid "while parsing options" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1479 +#: ../../src/kadmin/dbutil/dump.c:1439 #, c-format msgid "while opening %s" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1484 ../../src/kadmin/dbutil/dump.c:1580 +#: ../../src/kadmin/dbutil/dump.c:1444 ../../src/kadmin/dbutil/dump.c:1540 msgid "standard input" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1489 +#: ../../src/kadmin/dbutil/dump.c:1449 #, c-format msgid "%s: can't read dump header in %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1497 ../../src/kadmin/dbutil/dump.c:1511 +#: ../../src/kadmin/dbutil/dump.c:1457 ../../src/kadmin/dbutil/dump.c:1471 #, c-format msgid "%s: dump header bad in %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1520 +#: ../../src/kadmin/dbutil/dump.c:1480 #, c-format msgid "Could not open iprop ulog\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1525 +#: ../../src/kadmin/dbutil/dump.c:1485 #, c-format msgid "%s: dump version %s can only be loaded with the -update flag\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1534 ../../src/kadmin/dbutil/dump.c:1539 +#: ../../src/kadmin/dbutil/dump.c:1494 ../../src/kadmin/dbutil/dump.c:1499 msgid "computing parameters for database" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1545 +#: ../../src/kadmin/dbutil/dump.c:1505 msgid "while creating database" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1554 +#: ../../src/kadmin/dbutil/dump.c:1514 msgid "while opening database" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1564 +#: ../../src/kadmin/dbutil/dump.c:1524 msgid "while permanently locking database" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1582 +#: ../../src/kadmin/dbutil/dump.c:1542 #, c-format msgid "%s: %s restore failed\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1587 +#: ../../src/kadmin/dbutil/dump.c:1547 msgid "while unlocking database" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1597 ../../src/kadmin/dbutil/dump.c:1616 +#: ../../src/kadmin/dbutil/dump.c:1557 ../../src/kadmin/dbutil/dump.c:1576 msgid "while reinitializing update log" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1607 +#: ../../src/kadmin/dbutil/dump.c:1567 msgid "while making newly loaded database live" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1623 +#: ../../src/kadmin/dbutil/dump.c:1583 msgid "while writing update log header" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1637 +#: ../../src/kadmin/dbutil/dump.c:1597 #, c-format msgid "while deleting bad database %s" msgstr "" @@ -2471,14 +2506,14 @@ msgid "You will be prompted for the database Master Password.\n" msgstr "" #: ../../src/kadmin/dbutil/kdb5_create.c:202 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:255 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:240 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:476 #, c-format msgid "It is important that you NOT FORGET this password.\n" msgstr "" #: ../../src/kadmin/dbutil/kdb5_create.c:208 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:261 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:246 msgid "while creating new master key" msgstr "" @@ -2488,13 +2523,13 @@ msgid "while reading master key from keyboard" msgstr "" #: ../../src/kadmin/dbutil/kdb5_create.c:226 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:280 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:265 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:578 msgid "while calculating master key salt" msgstr "" #: ../../src/kadmin/dbutil/kdb5_create.c:234 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:289 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:274 #: ../../src/kadmin/dbutil/kdb5_util.c:433 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:590 msgid "while transforming master key from password" @@ -2523,14 +2558,14 @@ msgid "while adding entries to the database" msgstr "" #: ../../src/kadmin/dbutil/kdb5_create.c:321 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:333 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:318 #: ../../src/kadmin/dbutil/kdb5_stash.c:131 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:627 msgid "while storing key" msgstr "" #: ../../src/kadmin/dbutil/kdb5_create.c:322 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:334 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:319 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:628 #, c-format msgid "Warning: couldn't stash master key.\n" @@ -2542,7 +2577,7 @@ msgid "Deleting KDC database stored in '%s', are you sure?\n" msgstr "" #: ../../src/kadmin/dbutil/kdb5_destroy.c:69 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1111 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1064 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:360 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1434 #, c-format @@ -2564,292 +2599,292 @@ msgstr "" msgid "** Database '%s' destroyed.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:223 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:208 #, c-format msgid "%s is an invalid enctype" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:245 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:421 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:564 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:941 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1102 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:230 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:406 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:551 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:896 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1055 #, c-format msgid "while getting master key principal %s" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:251 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:236 #, c-format msgid "Creating new master key for master key principal '%s'\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:254 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:239 #, c-format msgid "You will be prompted for a new database Master Password.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:270 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:255 msgid "while reading new master key from keyboard" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:299 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:284 msgid "adding new master key to master principal" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:305 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:390 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:806 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1305 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:290 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:375 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:774 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1258 msgid "while getting current time" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:312 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:522 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1312 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:297 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:507 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1265 msgid "while updating the master key principal modification time" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:319 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:530 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1322 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:304 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:517 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1275 msgid "while adding master key entry to the database" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:371 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:356 msgid "0 is an invalid KVNO value" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:382 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:367 #, c-format msgid "%d is an invalid KVNO value" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:398 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:383 #, c-format msgid "could not parse date-time string '%s'" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:430 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:415 msgid "while looking up active version of master key" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:469 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:454 msgid "while adding new master key" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:507 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:492 msgid "there must be one master key currently active" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:515 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1291 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:500 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1244 msgid "while updating actkvno data for master principal entry" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:556 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:903 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1072 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:543 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:868 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1025 msgid "master keylist not initialized" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:572 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:949 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1199 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:559 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:904 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1152 msgid "while looking up active kvno list" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:580 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:957 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:567 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:912 msgid "while looking up active master key" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:592 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:579 msgid "while getting enctype description" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:609 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:596 #, c-format msgid "KVNO: %d, Enctype: %s, Active on: %s *\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:614 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:601 #, c-format msgid "KVNO: %d, Enctype: %s, Active on: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:618 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:605 #, c-format msgid "KVNO: %d, Enctype: %s, No activate time set\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:623 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:610 msgid "asprintf could not allocate enough memory to hold output" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:756 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:734 msgid "getting string representation of principal name" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:780 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:748 #, c-format msgid "determining master key used for principal '%s'" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:786 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:754 #, c-format msgid "would skip: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:788 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:756 #, c-format msgid "skipping: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:794 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:762 #, c-format msgid "would update: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:798 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:766 #, c-format msgid "updating: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:802 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:770 #, c-format msgid "error re-encrypting key for principal '%s'" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:813 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:781 #, c-format msgid "while updating principal '%s' modification time" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:820 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:788 #, c-format msgid "while updating principal '%s' key data in the database" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:852 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:820 #, c-format msgid "" "\n" "(type 'yes' to confirm)? " msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:914 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:879 #, c-format msgid "converting glob pattern '%s' to regular expression" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:932 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:887 #, c-format msgid "error compiling converted regexp '%s'" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:965 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:920 #, c-format msgid "Re-encrypt all keys not using master key vno %u?" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:967 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:922 #, c-format msgid "OK, doing nothing.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:973 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:928 #, c-format msgid "Principals whose keys WOULD BE re-encrypted to master key vno %u:\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:976 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:931 #, c-format msgid "" "Principals whose keys are being re-encrypted to master key vno %u if " "necessary:\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:992 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:947 msgid "trying to process principal database" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:996 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:951 #, c-format msgid "%u principals processed: %u would be updated, %u already current\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1000 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:955 #, c-format msgid "%u principals processed: %u updated, %u already current\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1109 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1062 #, c-format msgid "" "Will purge all unused master keys stored in the '%s' principal, are you " "sure?\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1120 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1073 #, c-format msgid "OK, purging unused master keys from '%s'...\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1128 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1081 #, c-format msgid "There is only one master key which can not be purged.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1137 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1090 msgid "while allocating args.kvnos" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1153 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1106 msgid "while finding master keys in use" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1162 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1115 #, c-format msgid "Would purge the following master key(s) from %s:\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1165 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1118 #, c-format msgid "Purging the following master key(s) from %s:\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1177 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1130 msgid "master key stash file needs updating, command aborting" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1183 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1136 #, c-format msgid "KVNO: %d\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1188 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1141 #, c-format msgid "All keys in use, nothing purged.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1193 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1146 #, c-format msgid "%d key(s) would be purged.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1206 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1159 msgid "while looking up mkey aux data list" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1214 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1167 msgid "while allocating key_data" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1299 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1252 msgid "while updating mkey_aux data for master principal entry" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1326 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1279 #, c-format msgid "%d key(s) purged.\n" msgstr "" @@ -2986,22 +3021,22 @@ msgstr "" msgid "while setting changetime" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:606 +#: ../../src/kadmin/dbutil/kdb5_util.c:609 #, c-format msgid "while saving principal %s" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:610 +#: ../../src/kadmin/dbutil/kdb5_util.c:613 #, c-format msgid "%s changed\n" msgstr "" -#: ../../src/kadmin/dbutil/tabdump.c:573 +#: ../../src/kadmin/dbutil/tabdump.c:611 #, c-format msgid "opening %s for writing" msgstr "" -#: ../../src/kadmin/dbutil/tabdump.c:655 +#: ../../src/kadmin/dbutil/tabdump.c:693 msgid "performing tabular dump" msgstr "" @@ -3209,13 +3244,13 @@ msgid "Request: %s, spawned resync process %d, client=%s, service=%s, addr=%s" msgstr "" #: ../../src/kadmin/server/ipropd_svc.c:490 -#: ../../src/kadmin/server/kadm_rpc_svc.c:299 +#: ../../src/kadmin/server/kadm_rpc_svc.c:306 #, c-format msgid "check_rpcsec_auth: failed inquire_context, stat=%u" msgstr "" #: ../../src/kadmin/server/ipropd_svc.c:520 -#: ../../src/kadmin/server/kadm_rpc_svc.c:328 +#: ../../src/kadmin/server/kadm_rpc_svc.c:335 #, c-format msgid "bad service principal %.*s%s" msgstr "" @@ -3245,7 +3280,7 @@ msgstr "" msgid "RPC svc_freeargs failed (%s)" msgstr "" -#: ../../src/kadmin/server/kadm_rpc_svc.c:349 +#: ../../src/kadmin/server/kadm_rpc_svc.c:356 #, c-format msgid "gss_to_krb5_name: failed display_name status %d" msgstr "" @@ -3282,171 +3317,171 @@ msgstr "" msgid "%s, aborting" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:278 +#: ../../src/kadmin/server/ovsec_kadmd.c:273 #, c-format msgid "" "WARNING! Forged/garbled request: %s, claimed client = %.*s%s, server = " "%.*s%s, addr = %s" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:284 +#: ../../src/kadmin/server/ovsec_kadmd.c:279 #, c-format msgid "" "WARNING! Forged/garbled request: %d, claimed client = %.*s%s, server = " "%.*s%s, addr = %s" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:298 +#: ../../src/kadmin/server/ovsec_kadmd.c:293 #, c-format msgid "Miscellaneous RPC error: %s, %s" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:314 +#: ../../src/kadmin/server/ovsec_kadmd.c:309 #, c-format msgid "%s Cannot decode status %d" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:332 +#: ../../src/kadmin/server/ovsec_kadmd.c:327 #, c-format msgid "Authentication attempt failed: %s, GSS-API error strings are:" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:337 +#: ../../src/kadmin/server/ovsec_kadmd.c:332 msgid " GSS-API error strings complete." msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:375 +#: ../../src/kadmin/server/ovsec_kadmd.c:371 #, c-format msgid "%s: cannot initialize. Not enough memory\n" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:443 +#: ../../src/kadmin/server/ovsec_kadmd.c:439 #, c-format msgid "%s: %s while initializing context, aborting\n" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:454 -#: ../../src/kadmin/server/ovsec_kadmd.c:523 +#: ../../src/kadmin/server/ovsec_kadmd.c:450 +#: ../../src/kadmin/server/ovsec_kadmd.c:519 msgid "initializing" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:458 +#: ../../src/kadmin/server/ovsec_kadmd.c:454 msgid "getting config parameters" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:460 +#: ../../src/kadmin/server/ovsec_kadmd.c:456 msgid "Missing required realm configuration" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:462 +#: ../../src/kadmin/server/ovsec_kadmd.c:458 msgid "Missing required ACL file configuration" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:464 +#: ../../src/kadmin/server/ovsec_kadmd.c:460 msgid "-proponly can only be used when iprop_enable is true" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:470 +#: ../../src/kadmin/server/ovsec_kadmd.c:466 msgid "initializing network" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:475 +#: ../../src/kadmin/server/ovsec_kadmd.c:471 msgid "Cannot build GSSAPI auth names" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:479 +#: ../../src/kadmin/server/ovsec_kadmd.c:475 msgid "Cannot set up KDB keytab" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:482 +#: ../../src/kadmin/server/ovsec_kadmd.c:478 msgid "Cannot set GSSAPI authentication names" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:499 +#: ../../src/kadmin/server/ovsec_kadmd.c:495 msgid "Cannot initialize GSSAPI service name" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:504 +#: ../../src/kadmin/server/ovsec_kadmd.c:500 msgid "initializing ACL file" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:512 +#: ../../src/kadmin/server/ovsec_kadmd.c:508 msgid "spawning daemon process" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:516 +#: ../../src/kadmin/server/ovsec_kadmd.c:512 msgid "creating PID file" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:530 +#: ../../src/kadmin/server/ovsec_kadmd.c:526 msgid "mapping update log" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:534 +#: ../../src/kadmin/server/ovsec_kadmd.c:530 #, c-format msgid "%s: create IPROP svc (PROG=%d, VERS=%d)\n" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:542 +#: ../../src/kadmin/server/ovsec_kadmd.c:538 msgid "starting" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:544 ../../src/kdc/main.c:1033 +#: ../../src/kadmin/server/ovsec_kadmd.c:540 ../../src/kdc/main.c:1027 #, c-format msgid "%s: starting...\n" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:547 +#: ../../src/kadmin/server/ovsec_kadmd.c:543 msgid "finished, exiting" msgstr "" -#: ../../src/kadmin/server/schpw.c:273 +#: ../../src/kadmin/server/schpw.c:240 #, c-format msgid "setpw request from %s by %.*s%s for %.*s%s: %s" msgstr "" -#: ../../src/kadmin/server/schpw.c:278 +#: ../../src/kadmin/server/schpw.c:245 #, c-format msgid "chpw request from %s for %.*s%s: %s" msgstr "" -#: ../../src/kadmin/server/schpw.c:446 +#: ../../src/kadmin/server/schpw.c:414 #, c-format msgid "chpw: Couldn't open admin keytab %s" msgstr "" -#: ../../src/kadmin/server/server_stubs.c:396 +#: ../../src/kadmin/server/server_stubs.c:422 #, c-format msgid "" "Unauthorized request: %s, %.*s%s, client=%.*s%s, service=%.*s%s, addr=%s" msgstr "" -#: ../../src/kadmin/server/server_stubs.c:417 -#: ../../src/kadmin/server/server_stubs.c:695 -#: ../../src/kadmin/server/server_stubs.c:1570 +#: ../../src/kadmin/server/server_stubs.c:443 +#: ../../src/kadmin/server/server_stubs.c:736 +#: ../../src/kadmin/server/server_stubs.c:1643 msgid "success" msgstr "" -#: ../../src/kadmin/server/server_stubs.c:427 +#: ../../src/kadmin/server/server_stubs.c:453 #, c-format msgid "Request: %s, %.*s%s, %s, client=%.*s%s, service=%.*s%s, addr=%s" msgstr "" -#: ../../src/kadmin/server/server_stubs.c:675 +#: ../../src/kadmin/server/server_stubs.c:716 #, c-format msgid "" "Unauthorized request: kadm5_rename_principal, %.*s%s to %.*s%s, " "client=%.*s%s, service=%.*s%s, addr=%s" msgstr "" -#: ../../src/kadmin/server/server_stubs.c:690 +#: ../../src/kadmin/server/server_stubs.c:731 #, c-format msgid "" "Request: kadm5_rename_principal, %.*s%s to %.*s%s, %s, client=%.*s%s, " "service=%.*s%s, addr=%s" msgstr "" -#: ../../src/kadmin/server/server_stubs.c:1566 +#: ../../src/kadmin/server/server_stubs.c:1639 #, c-format msgid "" "Request: kadm5_init, %.*s%s, %s, client=%.*s%s, service=%.*s%s, addr=%s, " @@ -3511,51 +3546,51 @@ msgstr "" msgid "while loading authdata module %s" msgstr "" -#: ../../src/kdc/kdc_log.c:83 +#: ../../src/kdc/kdc_log.c:79 #, c-format msgid "AS_REQ (%s) %s: ISSUE: authtime %u, %s, %s for %s" msgstr "" -#: ../../src/kdc/kdc_log.c:91 +#: ../../src/kdc/kdc_log.c:87 #, c-format msgid "AS_REQ (%s) %s: %s: %s for %s%s%s" msgstr "" -#: ../../src/kdc/kdc_log.c:154 +#: ../../src/kdc/kdc_log.c:146 #, c-format msgid "TGS_REQ (%s) %s: %s: authtime %u, %s%s %s for %s%s%s" msgstr "" -#: ../../src/kdc/kdc_log.c:163 +#: ../../src/kdc/kdc_log.c:155 #, c-format msgid "... PROTOCOL-TRANSITION s4u-client=%s" msgstr "" -#: ../../src/kdc/kdc_log.c:167 +#: ../../src/kdc/kdc_log.c:159 #, c-format msgid "... CONSTRAINED-DELEGATION s4u-client=%s" msgstr "" -#: ../../src/kdc/kdc_log.c:171 +#: ../../src/kdc/kdc_log.c:163 #, c-format msgid "TGS_REQ %s: %s: authtime %u, %s for %s, 2nd tkt client %s" msgstr "" -#: ../../src/kdc/kdc_log.c:204 +#: ../../src/kdc/kdc_log.c:196 #, c-format msgid "bad realm transit path from '%s' to '%s' via '%.*s%s'" msgstr "" -#: ../../src/kdc/kdc_log.c:210 +#: ../../src/kdc/kdc_log.c:202 #, c-format msgid "unexpected error checking transit from '%s' to '%s' via '%.*s%s': %s" msgstr "" -#: ../../src/kdc/kdc_log.c:228 +#: ../../src/kdc/kdc_log.c:220 msgid "TGS_REQ: issuing alternate TGT" msgstr "" -#: ../../src/kdc/kdc_log.c:231 +#: ../../src/kdc/kdc_log.c:223 #, c-format msgid "TGS_REQ: issuing TGT %s" msgstr "" @@ -3583,21 +3618,21 @@ msgstr "" msgid "Incorrect password in encrypted challenge" msgstr "" -#: ../../src/kdc/kdc_util.c:179 +#: ../../src/kdc/kdc_util.c:181 msgid "TGS_REQ: SESSION KEY or MUTUAL" msgstr "" -#: ../../src/kdc/kdc_util.c:378 +#: ../../src/kdc/kdc_util.c:384 #, c-format msgid "TGS_REQ: UNKNOWN SERVER: server='%s'" msgstr "" -#: ../../src/kdc/kdc_util.c:541 +#: ../../src/kdc/kdc_util.c:547 #, c-format msgid "Invalid pac_privsvr_enctype value %s" msgstr "" -#: ../../src/kdc/kdc_util.c:882 +#: ../../src/kdc/kdc_util.c:888 #, c-format msgid "Required auth indicators not present in ticket: %s" msgstr "" @@ -3612,71 +3647,71 @@ msgstr "" msgid "while getting context for realm %s" msgstr "" -#: ../../src/kdc/main.c:347 +#: ../../src/kdc/main.c:350 #, c-format msgid "while setting default realm to %s" msgstr "" -#: ../../src/kdc/main.c:355 +#: ../../src/kdc/main.c:358 #, c-format msgid "while initializing database for realm %s" msgstr "" -#: ../../src/kdc/main.c:364 +#: ../../src/kdc/main.c:367 #, c-format msgid "while setting up master key name %s for realm %s" msgstr "" -#: ../../src/kdc/main.c:377 +#: ../../src/kdc/main.c:380 #, c-format msgid "while fetching master key %s for realm %s" msgstr "" -#: ../../src/kdc/main.c:386 +#: ../../src/kdc/main.c:389 #, c-format msgid "Stash file %s uses DEPRECATED enctype %s!\n" msgstr "" -#: ../../src/kdc/main.c:393 +#: ../../src/kdc/main.c:396 #, c-format msgid "while fetching master keys list for realm %s" msgstr "" -#: ../../src/kdc/main.c:402 +#: ../../src/kdc/main.c:405 #, c-format msgid "while resolving kdb keytab for realm %s" msgstr "" -#: ../../src/kdc/main.c:411 +#: ../../src/kdc/main.c:414 #, c-format msgid "while building TGS name for realm %s" msgstr "" -#: ../../src/kdc/main.c:501 +#: ../../src/kdc/main.c:504 #, c-format msgid "creating %d worker processes" msgstr "" -#: ../../src/kdc/main.c:511 +#: ../../src/kdc/main.c:514 msgid "Unable to reinitialize main loop" msgstr "" -#: ../../src/kdc/main.c:516 +#: ../../src/kdc/main.c:519 #, c-format msgid "Unable to initialize signal handlers in pid %d" msgstr "" -#: ../../src/kdc/main.c:546 +#: ../../src/kdc/main.c:549 #, c-format msgid "worker %ld exited with status %d" msgstr "" -#: ../../src/kdc/main.c:570 +#: ../../src/kdc/main.c:573 #, c-format msgid "signal %d received in supervisor" msgstr "" -#: ../../src/kdc/main.c:582 +#: ../../src/kdc/main.c:585 #, c-format msgid "" "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n" @@ -3690,86 +3725,86 @@ msgid "" "arguments\n" msgstr "" -#: ../../src/kdc/main.c:655 ../../src/kdc/main.c:662 ../../src/kdc/main.c:777 +#: ../../src/kdc/main.c:658 ../../src/kdc/main.c:770 #, c-format msgid " KDC cannot initialize. Not enough memory\n" msgstr "" -#: ../../src/kdc/main.c:681 ../../src/kdc/main.c:724 ../../src/kdc/main.c:735 +#: ../../src/kdc/main.c:677 ../../src/kdc/main.c:719 ../../src/kdc/main.c:730 #, c-format msgid "%s: KDC cannot initialize. Not enough memory\n" msgstr "" -#: ../../src/kdc/main.c:701 ../../src/kdc/main.c:814 +#: ../../src/kdc/main.c:696 ../../src/kdc/main.c:807 #, c-format msgid "%s: cannot initialize realm %s - see log file for details\n" msgstr "" -#: ../../src/kdc/main.c:712 +#: ../../src/kdc/main.c:707 #, c-format msgid "%s: cannot initialize realm %s. Not enough memory\n" msgstr "" -#: ../../src/kdc/main.c:763 +#: ../../src/kdc/main.c:758 #, c-format msgid "invalid enctype %s" msgstr "" -#: ../../src/kdc/main.c:802 +#: ../../src/kdc/main.c:795 msgid "while attempting to retrieve default realm" msgstr "" -#: ../../src/kdc/main.c:804 +#: ../../src/kdc/main.c:797 #, c-format msgid "%s: %s, attempting to retrieve default realm\n" msgstr "" -#: ../../src/kdc/main.c:910 +#: ../../src/kdc/main.c:905 #, c-format msgid "%s: cannot get memory for realm list\n" msgstr "" -#: ../../src/kdc/main.c:943 +#: ../../src/kdc/main.c:938 msgid "while initializing lookaside cache" msgstr "" -#: ../../src/kdc/main.c:951 +#: ../../src/kdc/main.c:946 msgid "while creating main loop" msgstr "" -#: ../../src/kdc/main.c:960 +#: ../../src/kdc/main.c:955 msgid "while loading KDC policy plugin" msgstr "" -#: ../../src/kdc/main.c:985 +#: ../../src/kdc/main.c:979 msgid "while initializing signal handlers" msgstr "" -#: ../../src/kdc/main.c:993 +#: ../../src/kdc/main.c:987 msgid "while initializing network" msgstr "" -#: ../../src/kdc/main.c:1003 +#: ../../src/kdc/main.c:997 msgid "while detaching from tty" msgstr "" -#: ../../src/kdc/main.c:1009 +#: ../../src/kdc/main.c:1003 msgid "while creating PID file" msgstr "" -#: ../../src/kdc/main.c:1017 +#: ../../src/kdc/main.c:1011 msgid "creating worker processes" msgstr "" -#: ../../src/kdc/main.c:1027 +#: ../../src/kdc/main.c:1021 msgid "while loading audit plugin module(s)" msgstr "" -#: ../../src/kdc/main.c:1031 +#: ../../src/kdc/main.c:1025 msgid "commencing operation" msgstr "" -#: ../../src/kdc/main.c:1038 +#: ../../src/kdc/main.c:1032 msgid "shutting down" msgstr "" @@ -3815,118 +3850,118 @@ msgstr "" msgid "while connecting to server" msgstr "" -#: ../../src/kprop/kprop.c:269 ../../src/kprop/kpropd.c:1196 +#: ../../src/kprop/kprop.c:269 ../../src/kprop/kpropd.c:1198 msgid "while getting local socket address" msgstr "" -#: ../../src/kprop/kprop.c:274 +#: ../../src/kprop/kprop.c:276 ../../src/kprop/kpropd.c:1206 msgid "while converting local address" msgstr "" -#: ../../src/kprop/kprop.c:296 +#: ../../src/kprop/kprop.c:298 msgid "in krb5_auth_con_setaddrs" msgstr "" -#: ../../src/kprop/kprop.c:304 +#: ../../src/kprop/kprop.c:306 msgid "while authenticating to server" msgstr "" -#: ../../src/kprop/kprop.c:308 ../../src/kprop/kprop.c:506 -#: ../../src/kprop/kpropd.c:1519 +#: ../../src/kprop/kprop.c:310 ../../src/kprop/kprop.c:508 +#: ../../src/kprop/kpropd.c:1526 #, c-format msgid "Generic remote error: %s\n" msgstr "" -#: ../../src/kprop/kprop.c:314 ../../src/kprop/kprop.c:512 +#: ../../src/kprop/kprop.c:316 ../../src/kprop/kprop.c:514 msgid "signalled from server" msgstr "" -#: ../../src/kprop/kprop.c:316 ../../src/kprop/kprop.c:514 +#: ../../src/kprop/kprop.c:318 ../../src/kprop/kprop.c:516 #, c-format msgid "Error text from server: %s\n" msgstr "" -#: ../../src/kprop/kprop.c:344 +#: ../../src/kprop/kprop.c:346 #, c-format msgid "allocating database file name '%s'" msgstr "" -#: ../../src/kprop/kprop.c:350 +#: ../../src/kprop/kprop.c:352 #, c-format msgid "while trying to open %s" msgstr "" -#: ../../src/kprop/kprop.c:357 +#: ../../src/kprop/kprop.c:359 msgid "database locked" msgstr "" -#: ../../src/kprop/kprop.c:360 ../../src/kprop/kpropd.c:552 +#: ../../src/kprop/kprop.c:362 ../../src/kprop/kpropd.c:553 #, c-format msgid "while trying to lock '%s'" msgstr "" -#: ../../src/kprop/kprop.c:364 ../../src/kprop/kprop.c:372 +#: ../../src/kprop/kprop.c:366 ../../src/kprop/kprop.c:374 #, c-format msgid "while trying to stat %s" msgstr "" -#: ../../src/kprop/kprop.c:368 +#: ../../src/kprop/kprop.c:370 msgid "while trying to malloc data_ok_fn" msgstr "" -#: ../../src/kprop/kprop.c:377 +#: ../../src/kprop/kprop.c:379 #, c-format msgid "'%s' more recent than '%s'." msgstr "" -#: ../../src/kprop/kprop.c:393 +#: ../../src/kprop/kprop.c:395 #, c-format msgid "while unlocking database '%s'" msgstr "" -#: ../../src/kprop/kprop.c:425 ../../src/kprop/kprop.c:426 +#: ../../src/kprop/kprop.c:427 ../../src/kprop/kprop.c:428 msgid "while encoding database size" msgstr "" -#: ../../src/kprop/kprop.c:434 +#: ../../src/kprop/kprop.c:436 msgid "while sending database size" msgstr "" -#: ../../src/kprop/kprop.c:444 +#: ../../src/kprop/kprop.c:446 msgid "while allocating i_vector" msgstr "" -#: ../../src/kprop/kprop.c:467 +#: ../../src/kprop/kprop.c:469 #, c-format msgid "while sending database block starting at %" msgstr "" -#: ../../src/kprop/kprop.c:477 +#: ../../src/kprop/kprop.c:479 msgid "Premature EOF found for database file!" msgstr "" -#: ../../src/kprop/kprop.c:490 +#: ../../src/kprop/kprop.c:492 msgid "while reading response from server" msgstr "" -#: ../../src/kprop/kprop.c:501 +#: ../../src/kprop/kprop.c:503 msgid "while decoding error response from server" msgstr "" -#: ../../src/kprop/kprop.c:531 +#: ../../src/kprop/kprop.c:533 msgid "malformed sent database size message" msgstr "" -#: ../../src/kprop/kprop.c:535 +#: ../../src/kprop/kprop.c:537 #, c-format msgid "Kpropd sent database size %, expecting %" msgstr "" -#: ../../src/kprop/kprop.c:581 +#: ../../src/kprop/kprop.c:583 msgid "while allocating filename for update_last_prop_file" msgstr "" -#: ../../src/kprop/kprop.c:586 +#: ../../src/kprop/kprop.c:588 #, c-format msgid "while creating 'last_prop' file, '%s'" msgstr "" @@ -3941,474 +3976,474 @@ msgid "" "\t[-a acl_file] [-A admin_server] [--pid-file=pid_file]\n" msgstr "" -#: ../../src/kprop/kpropd.c:231 +#: ../../src/kprop/kpropd.c:232 #, c-format msgid "Killing fullprop child (%d)\n" msgstr "" -#: ../../src/kprop/kpropd.c:260 +#: ../../src/kprop/kpropd.c:261 msgid "while checking if stdin is a socket" msgstr "" -#: ../../src/kprop/kpropd.c:278 +#: ../../src/kprop/kpropd.c:279 #, c-format msgid "ready\n" msgstr "" -#: ../../src/kprop/kpropd.c:284 +#: ../../src/kprop/kpropd.c:285 #, c-format msgid "Could not write pid file %s: %s" msgstr "" -#: ../../src/kprop/kpropd.c:296 +#: ../../src/kprop/kpropd.c:297 #, c-format msgid "Could not open /dev/null: %s" msgstr "" -#: ../../src/kprop/kpropd.c:303 +#: ../../src/kprop/kpropd.c:304 #, c-format msgid "Could not dup the inetd socket: %s" msgstr "" -#: ../../src/kprop/kpropd.c:338 ../../src/kprop/kpropd.c:351 +#: ../../src/kprop/kpropd.c:339 ../../src/kprop/kpropd.c:352 msgid "do_iprop failed.\n" msgstr "" -#: ../../src/kprop/kpropd.c:390 +#: ../../src/kprop/kpropd.c:391 #, c-format msgid "getaddrinfo: %s\n" msgstr "" -#: ../../src/kprop/kpropd.c:396 +#: ../../src/kprop/kpropd.c:397 msgid "while obtaining socket" msgstr "" -#: ../../src/kprop/kpropd.c:402 +#: ../../src/kprop/kpropd.c:403 msgid "while setting SO_REUSEADDR option" msgstr "" -#: ../../src/kprop/kpropd.c:410 +#: ../../src/kprop/kpropd.c:411 msgid "while unsetting IPV6_V6ONLY option" msgstr "" -#: ../../src/kprop/kpropd.c:415 +#: ../../src/kprop/kpropd.c:416 msgid "while binding listener socket" msgstr "" -#: ../../src/kprop/kpropd.c:426 +#: ../../src/kprop/kpropd.c:427 #, c-format msgid "waiting for a kprop connection\n" msgstr "" -#: ../../src/kprop/kpropd.c:432 +#: ../../src/kprop/kpropd.c:433 msgid "while accepting connection" msgstr "" -#: ../../src/kprop/kpropd.c:438 +#: ../../src/kprop/kpropd.c:439 msgid "while forking" msgstr "" -#: ../../src/kprop/kpropd.c:453 +#: ../../src/kprop/kpropd.c:454 #, c-format msgid "waitpid() failed to wait for doit() (%d %s)\n" msgstr "" -#: ../../src/kprop/kpropd.c:457 +#: ../../src/kprop/kpropd.c:458 msgid "while waiting to receive database" msgstr "" -#: ../../src/kprop/kpropd.c:461 +#: ../../src/kprop/kpropd.c:462 #, c-format msgid "Database load process for full propagation completed.\n" msgstr "" -#: ../../src/kprop/kpropd.c:499 +#: ../../src/kprop/kpropd.c:500 #, c-format msgid "" "%s: Standard input does not appear to be a network socket.\n" "\t(Not run from inetd, and missing the -S option?)\n" msgstr "" -#: ../../src/kprop/kpropd.c:512 +#: ../../src/kprop/kpropd.c:513 msgid "while attempting setsockopt (SO_KEEPALIVE)" msgstr "" -#: ../../src/kprop/kpropd.c:517 +#: ../../src/kprop/kpropd.c:518 #, c-format msgid "Connection from %s" msgstr "" -#: ../../src/kprop/kpropd.c:537 +#: ../../src/kprop/kpropd.c:538 #, c-format msgid "Rejected connection from unauthorized principal %s\n" msgstr "" -#: ../../src/kprop/kpropd.c:541 +#: ../../src/kprop/kpropd.c:542 #, c-format msgid "Rejected connection from unauthorized principal %s" msgstr "" -#: ../../src/kprop/kpropd.c:558 +#: ../../src/kprop/kpropd.c:559 #, c-format msgid "while opening database file, '%s'" msgstr "" -#: ../../src/kprop/kpropd.c:564 +#: ../../src/kprop/kpropd.c:565 #, c-format msgid "while renaming %s to %s" msgstr "" -#: ../../src/kprop/kpropd.c:570 +#: ../../src/kprop/kpropd.c:571 #, c-format msgid "while downgrading lock on '%s'" msgstr "" -#: ../../src/kprop/kpropd.c:577 +#: ../../src/kprop/kpropd.c:578 #, c-format msgid "while unlocking '%s'" msgstr "" -#: ../../src/kprop/kpropd.c:589 +#: ../../src/kprop/kpropd.c:590 msgid "while sending # of received bytes" msgstr "" -#: ../../src/kprop/kpropd.c:595 +#: ../../src/kprop/kpropd.c:596 msgid "while trying to close database file" msgstr "" -#: ../../src/kprop/kpropd.c:650 +#: ../../src/kprop/kpropd.c:651 #, c-format msgid "Incremental propagation enabled\n" msgstr "" -#: ../../src/kprop/kpropd.c:659 +#: ../../src/kprop/kpropd.c:660 #, c-format msgid "%s: unable to get kiprop host based service name for realm %s\n" msgstr "" -#: ../../src/kprop/kpropd.c:669 +#: ../../src/kprop/kpropd.c:670 msgid "while trying to construct host service principal" msgstr "" -#: ../../src/kprop/kpropd.c:686 +#: ../../src/kprop/kpropd.c:687 #, c-format msgid "Initializing kadm5 as client %s\n" msgstr "" -#: ../../src/kprop/kpropd.c:700 +#: ../../src/kprop/kpropd.c:701 #, c-format msgid "kadm5 initialization failed!\n" msgstr "" -#: ../../src/kprop/kpropd.c:709 +#: ../../src/kprop/kpropd.c:710 msgid "while attempting to connect to primary KDC ... retrying" msgstr "" -#: ../../src/kprop/kpropd.c:713 +#: ../../src/kprop/kpropd.c:714 #, c-format msgid "Sleeping %d seconds to re-initialize kadm5 (RPC ERROR)\n" msgstr "" -#: ../../src/kprop/kpropd.c:729 +#: ../../src/kprop/kpropd.c:730 #, c-format msgid "while initializing %s interface, retrying" msgstr "" -#: ../../src/kprop/kpropd.c:733 +#: ../../src/kprop/kpropd.c:734 #, c-format msgid "Sleeping %d seconds to re-initialize kadm5 (krb5kdc not running?)\n" msgstr "" -#: ../../src/kprop/kpropd.c:743 +#: ../../src/kprop/kpropd.c:744 #, c-format msgid "kadm5 initialization succeeded\n" msgstr "" -#: ../../src/kprop/kpropd.c:765 +#: ../../src/kprop/kpropd.c:766 msgid "reading update log header" msgstr "" -#: ../../src/kprop/kpropd.c:776 +#: ../../src/kprop/kpropd.c:777 #, c-format msgid "Calling iprop_get_updates_1 (sno=%u sec=%u usec=%u)\n" msgstr "" -#: ../../src/kprop/kpropd.c:786 +#: ../../src/kprop/kpropd.c:787 msgid "iprop_get_updates call failed" msgstr "" -#: ../../src/kprop/kpropd.c:792 +#: ../../src/kprop/kpropd.c:793 #, c-format msgid "Reinitializing iprop because get updates failed\n" msgstr "" -#: ../../src/kprop/kpropd.c:813 +#: ../../src/kprop/kpropd.c:814 #, c-format msgid "Still waiting for full resync\n" msgstr "" -#: ../../src/kprop/kpropd.c:818 +#: ../../src/kprop/kpropd.c:819 #, c-format msgid "Full resync needed\n" msgstr "" -#: ../../src/kprop/kpropd.c:819 +#: ../../src/kprop/kpropd.c:820 msgid "kpropd: Full resync needed." msgstr "" -#: ../../src/kprop/kpropd.c:824 +#: ../../src/kprop/kpropd.c:825 msgid "iprop_full_resync call failed" msgstr "" -#: ../../src/kprop/kpropd.c:835 +#: ../../src/kprop/kpropd.c:836 #, c-format msgid "Full resync request granted\n" msgstr "" -#: ../../src/kprop/kpropd.c:836 +#: ../../src/kprop/kpropd.c:837 msgid "Full resync request granted." msgstr "" -#: ../../src/kprop/kpropd.c:845 +#: ../../src/kprop/kpropd.c:846 #, c-format msgid "Exponential backoff\n" msgstr "" -#: ../../src/kprop/kpropd.c:851 +#: ../../src/kprop/kpropd.c:852 #, c-format msgid "Full resync permission denied\n" msgstr "" -#: ../../src/kprop/kpropd.c:852 +#: ../../src/kprop/kpropd.c:853 msgid "Full resync, permission denied." msgstr "" -#: ../../src/kprop/kpropd.c:857 +#: ../../src/kprop/kpropd.c:858 #, c-format msgid "Full resync error from primary\n" msgstr "" -#: ../../src/kprop/kpropd.c:858 +#: ../../src/kprop/kpropd.c:859 msgid " Full resync, error returned from primary KDC." msgstr "" -#: ../../src/kprop/kpropd.c:866 +#: ../../src/kprop/kpropd.c:867 #, c-format msgid "Full resync invalid result from primary\n" msgstr "" -#: ../../src/kprop/kpropd.c:868 +#: ../../src/kprop/kpropd.c:869 msgid "Full resync, invalid return from primary KDC." msgstr "" -#: ../../src/kprop/kpropd.c:884 +#: ../../src/kprop/kpropd.c:885 #, c-format msgid "Got incremental updates (sno=%u sec=%u usec=%u)\n" msgstr "" -#: ../../src/kprop/kpropd.c:896 +#: ../../src/kprop/kpropd.c:897 #, c-format msgid "ulog_replay failed (%s), updates not registered\n" msgstr "" -#: ../../src/kprop/kpropd.c:899 +#: ../../src/kprop/kpropd.c:900 #, c-format msgid "ulog_replay failed (%s), updates not registered." msgstr "" -#: ../../src/kprop/kpropd.c:908 +#: ../../src/kprop/kpropd.c:909 #, c-format msgid "Incremental updates: %d updates / %lu us" msgstr "" -#: ../../src/kprop/kpropd.c:911 +#: ../../src/kprop/kpropd.c:912 #, c-format msgid "Incremental updates: %d updates / %lu us\n" msgstr "" -#: ../../src/kprop/kpropd.c:919 +#: ../../src/kprop/kpropd.c:920 #, c-format msgid "get_updates permission denied\n" msgstr "" -#: ../../src/kprop/kpropd.c:920 +#: ../../src/kprop/kpropd.c:921 msgid "get_updates, permission denied." msgstr "" -#: ../../src/kprop/kpropd.c:925 +#: ../../src/kprop/kpropd.c:926 #, c-format msgid "get_updates error from primary\n" msgstr "" -#: ../../src/kprop/kpropd.c:927 +#: ../../src/kprop/kpropd.c:928 msgid "get_updates, error returned from primary KDC." msgstr "" -#: ../../src/kprop/kpropd.c:935 +#: ../../src/kprop/kpropd.c:936 #, c-format msgid "get_updates primary busy; backoff\n" msgstr "" -#: ../../src/kprop/kpropd.c:944 +#: ../../src/kprop/kpropd.c:945 #, c-format msgid "KDC is synchronized with primary.\n" msgstr "" -#: ../../src/kprop/kpropd.c:953 +#: ../../src/kprop/kpropd.c:954 #, c-format msgid "get_updates invalid result from primary\n" msgstr "" -#: ../../src/kprop/kpropd.c:956 +#: ../../src/kprop/kpropd.c:957 msgid "get_updates, invalid return from primary KDC." msgstr "" -#: ../../src/kprop/kpropd.c:971 +#: ../../src/kprop/kpropd.c:972 #, c-format msgid "Busy signal received from primary, backoff for %d secs\n" msgstr "" -#: ../../src/kprop/kpropd.c:978 +#: ../../src/kprop/kpropd.c:979 #, c-format msgid "Waiting for %d seconds before checking for updates again\n" msgstr "" -#: ../../src/kprop/kpropd.c:989 +#: ../../src/kprop/kpropd.c:990 #, c-format msgid "ERROR returned by primary, bailing\n" msgstr "" -#: ../../src/kprop/kpropd.c:990 +#: ../../src/kprop/kpropd.c:991 msgid "ERROR returned by primary KDC, bailing.\n" msgstr "" -#: ../../src/kprop/kpropd.c:1109 +#: ../../src/kprop/kpropd.c:1110 msgid "copying db args" msgstr "" -#: ../../src/kprop/kpropd.c:1134 +#: ../../src/kprop/kpropd.c:1135 msgid "Unable to get default realm" msgstr "" -#: ../../src/kprop/kpropd.c:1141 +#: ../../src/kprop/kpropd.c:1142 msgid "Unable to set default realm" msgstr "" -#: ../../src/kprop/kpropd.c:1151 +#: ../../src/kprop/kpropd.c:1152 msgid "while trying to construct my service name" msgstr "" -#: ../../src/kprop/kpropd.c:1158 +#: ../../src/kprop/kpropd.c:1159 msgid "while allocating filename for temp file" msgstr "" -#: ../../src/kprop/kpropd.c:1166 +#: ../../src/kprop/kpropd.c:1167 msgid "while initializing" msgstr "" -#: ../../src/kprop/kpropd.c:1174 +#: ../../src/kprop/kpropd.c:1175 msgid "Unable to map log!\n" msgstr "" -#: ../../src/kprop/kpropd.c:1216 +#: ../../src/kprop/kpropd.c:1223 #, c-format msgid "Error in krb5_auth_con_ini: %s" msgstr "" -#: ../../src/kprop/kpropd.c:1224 +#: ../../src/kprop/kpropd.c:1231 #, c-format msgid "Error in krb5_auth_con_setflags: %s" msgstr "" -#: ../../src/kprop/kpropd.c:1237 +#: ../../src/kprop/kpropd.c:1244 #, c-format msgid "Error in krb5_auth_con_setaddrs: %s" msgstr "" -#: ../../src/kprop/kpropd.c:1245 +#: ../../src/kprop/kpropd.c:1252 #, c-format msgid "Error in krb5_kt_resolve: %s" msgstr "" -#: ../../src/kprop/kpropd.c:1254 +#: ../../src/kprop/kpropd.c:1261 #, c-format msgid "Error in krb5_recvauth: %s" msgstr "" -#: ../../src/kprop/kpropd.c:1261 +#: ../../src/kprop/kpropd.c:1268 #, c-format msgid "Error in krb5_copy_prinicpal: %s" msgstr "" -#: ../../src/kprop/kpropd.c:1278 +#: ../../src/kprop/kpropd.c:1285 msgid "while unparsing ticket etype" msgstr "" -#: ../../src/kprop/kpropd.c:1282 +#: ../../src/kprop/kpropd.c:1289 #, c-format msgid "authenticated client: %s (etype == %s)\n" msgstr "" -#: ../../src/kprop/kpropd.c:1365 +#: ../../src/kprop/kpropd.c:1372 msgid "while reading size of database from client" msgstr "" -#: ../../src/kprop/kpropd.c:1375 +#: ../../src/kprop/kpropd.c:1382 msgid "while decoding database size from client" msgstr "" -#: ../../src/kprop/kpropd.c:1383 +#: ../../src/kprop/kpropd.c:1390 msgid "malformed database size message from client" msgstr "" -#: ../../src/kprop/kpropd.c:1395 +#: ../../src/kprop/kpropd.c:1402 msgid "while initializing i_vector" msgstr "" -#: ../../src/kprop/kpropd.c:1400 +#: ../../src/kprop/kpropd.c:1407 #, c-format msgid "Full propagation transfer started.\n" msgstr "" -#: ../../src/kprop/kpropd.c:1454 +#: ../../src/kprop/kpropd.c:1461 #, c-format msgid "Full propagation transfer finished.\n" msgstr "" -#: ../../src/kprop/kpropd.c:1514 +#: ../../src/kprop/kpropd.c:1521 msgid "while decoding error packet from client" msgstr "" -#: ../../src/kprop/kpropd.c:1523 +#: ../../src/kprop/kpropd.c:1530 msgid "signaled from server" msgstr "" -#: ../../src/kprop/kpropd.c:1525 +#: ../../src/kprop/kpropd.c:1532 #, c-format msgid "Error text from client: %s\n" msgstr "" -#: ../../src/kprop/kpropd.c:1574 +#: ../../src/kprop/kpropd.c:1581 #, c-format msgid "while trying to fork %s" msgstr "" -#: ../../src/kprop/kpropd.c:1578 +#: ../../src/kprop/kpropd.c:1585 #, c-format msgid "while trying to exec %s" msgstr "" -#: ../../src/kprop/kpropd.c:1585 +#: ../../src/kprop/kpropd.c:1592 #, c-format msgid "while waiting for %s" msgstr "" -#: ../../src/kprop/kpropd.c:1591 +#: ../../src/kprop/kpropd.c:1598 #, c-format msgid "%s load terminated" msgstr "" -#: ../../src/kprop/kpropd.c:1597 +#: ../../src/kprop/kpropd.c:1604 #, c-format msgid "%s returned a bad exit status (%d)" msgstr "" @@ -4742,222 +4777,237 @@ msgstr "" msgid "\tLast time stamp : %s\n" msgstr "" -#: ../../src/lib/apputils/net-server.c:231 +#: ../../src/lib/apputils/net-server.c:236 msgid "Got signal to request exit" msgstr "" -#: ../../src/lib/apputils/net-server.c:245 +#: ../../src/lib/apputils/net-server.c:250 msgid "Got signal to reset" msgstr "" -#: ../../src/lib/apputils/net-server.c:311 +#: ../../src/lib/apputils/net-server.c:316 #, c-format msgid "Invalid port %d" msgstr "" -#: ../../src/lib/apputils/net-server.c:324 +#: ../../src/lib/apputils/net-server.c:329 #, c-format msgid "Removing address %s since wildcard address is being added" msgstr "" -#: ../../src/lib/apputils/net-server.c:331 +#: ../../src/lib/apputils/net-server.c:336 msgid "Address already added to server" msgstr "" -#: ../../src/lib/apputils/net-server.c:495 +#: ../../src/lib/apputils/net-server.c:517 #, c-format msgid "closing down fd %d" msgstr "" -#: ../../src/lib/apputils/net-server.c:509 +#: ../../src/lib/apputils/net-server.c:531 #, c-format msgid "descriptor %d closed but still in svc_fdset" msgstr "" -#: ../../src/lib/apputils/net-server.c:535 +#: ../../src/lib/apputils/net-server.c:558 msgid "cannot create io event" msgstr "" -#: ../../src/lib/apputils/net-server.c:540 +#: ../../src/lib/apputils/net-server.c:563 msgid "cannot save event" msgstr "" -#: ../../src/lib/apputils/net-server.c:560 +#: ../../src/lib/apputils/net-server.c:583 #, c-format msgid "file descriptor number %d too high" msgstr "" -#: ../../src/lib/apputils/net-server.c:567 +#: ../../src/lib/apputils/net-server.c:590 msgid "cannot allocate storage for connection info" msgstr "" -#: ../../src/lib/apputils/net-server.c:602 +#: ../../src/lib/apputils/net-server.c:629 #, c-format msgid "Cannot create TCP server socket on %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:611 +#: ../../src/lib/apputils/net-server.c:638 #, c-format msgid "TCP socket fd number %d (for %s) too high" msgstr "" -#: ../../src/lib/apputils/net-server.c:618 +#: ../../src/lib/apputils/net-server.c:645 #, c-format msgid "Cannot enable SO_REUSEADDR on fd %d" msgstr "" -#: ../../src/lib/apputils/net-server.c:623 +#: ../../src/lib/apputils/net-server.c:650 #, c-format msgid "setsockopt(%d,IPV6_V6ONLY,1) failed" msgstr "" -#: ../../src/lib/apputils/net-server.c:626 +#: ../../src/lib/apputils/net-server.c:653 #, c-format msgid "setsockopt(%d,IPV6_V6ONLY,1) worked" msgstr "" -#: ../../src/lib/apputils/net-server.c:629 +#: ../../src/lib/apputils/net-server.c:656 msgid "no IPV6_V6ONLY socket option support" msgstr "" -#: ../../src/lib/apputils/net-server.c:635 +#: ../../src/lib/apputils/net-server.c:663 #, c-format msgid "Cannot bind server socket on %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:705 +#: ../../src/lib/apputils/net-server.c:814 #, c-format msgid "Setting up %s socket for address %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:718 +#: ../../src/lib/apputils/net-server.c:838 #, c-format msgid "Cannot listen on %s server socket on %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:727 +#: ../../src/lib/apputils/net-server.c:848 #, c-format msgid "cannot set listening %s socket on %s non-blocking" msgstr "" -#: ../../src/lib/apputils/net-server.c:735 +#: ../../src/lib/apputils/net-server.c:856 #, c-format msgid "cannot set SO_LINGER on %s socket on %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:742 +#: ../../src/lib/apputils/net-server.c:863 #, c-format msgid "Setting pktinfo on socket %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:747 +#: ../../src/lib/apputils/net-server.c:868 #, c-format msgid "Cannot request packet info for UDP socket address %s port %d" msgstr "" -#: ../../src/lib/apputils/net-server.c:749 +#: ../../src/lib/apputils/net-server.c:870 msgid "" "System does not support pktinfo yet binding to a wildcard address. Packets " "are not guaranteed to return on the received address." msgstr "" -#: ../../src/lib/apputils/net-server.c:761 +#: ../../src/lib/apputils/net-server.c:882 msgid "Error attempting to add verto event" msgstr "" -#: ../../src/lib/apputils/net-server.c:770 +#: ../../src/lib/apputils/net-server.c:891 #, c-format msgid "Cannot create RPC service: %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:780 +#: ../../src/lib/apputils/net-server.c:901 #, c-format msgid "Cannot register RPC service: %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:824 +#: ../../src/lib/apputils/net-server.c:949 msgid "No addresses added to the net server" msgstr "" -#: ../../src/lib/apputils/net-server.c:846 +#: ../../src/lib/apputils/net-server.c:975 +#, c-format +msgid "UNIX domain socket path too long: %s" +msgstr "" + +#: ../../src/lib/apputils/net-server.c:985 +#, c-format +msgid "Failed setting up a UNIX socket (for %s)" +msgstr "" + +#: ../../src/lib/apputils/net-server.c:996 #, c-format msgid "Failed getting address info (for %s): %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:876 +#: ../../src/lib/apputils/net-server.c:1027 #, c-format msgid "Failed setting up a %s socket (for %s)" msgstr "" -#: ../../src/lib/apputils/net-server.c:917 +#: ../../src/lib/apputils/net-server.c:1068 msgid "setting up network..." msgstr "" -#: ../../src/lib/apputils/net-server.c:920 +#: ../../src/lib/apputils/net-server.c:1071 msgid "Error setting up network" msgstr "" -#: ../../src/lib/apputils/net-server.c:923 +#: ../../src/lib/apputils/net-server.c:1074 #, c-format msgid "set up %d sockets" msgstr "" -#: ../../src/lib/apputils/net-server.c:926 +#: ../../src/lib/apputils/net-server.c:1077 msgid "no sockets set up?" msgstr "" -#: ../../src/lib/apputils/net-server.c:989 -#: ../../src/lib/apputils/net-server.c:1043 +#: ../../src/lib/apputils/net-server.c:1103 +#: ../../src/lib/apputils/net-server.c:1144 msgid "while dispatching (udp)" msgstr "" -#: ../../src/lib/apputils/net-server.c:1018 +#: ../../src/lib/apputils/net-server.c:1118 #, c-format -msgid "while sending reply to %s/%s from %s" +msgid "while sending reply to %s from %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:1023 +#: ../../src/lib/apputils/net-server.c:1123 #, c-format msgid "short reply write %d vs %d\n" msgstr "" -#: ../../src/lib/apputils/net-server.c:1068 +#: ../../src/lib/apputils/net-server.c:1165 msgid "while receiving from network" msgstr "" -#: ../../src/lib/apputils/net-server.c:1111 +#: ../../src/lib/apputils/net-server.c:1198 msgid "too many connections" msgstr "" -#: ../../src/lib/apputils/net-server.c:1129 +#: ../../src/lib/apputils/net-server.c:1217 #, c-format msgid "dropping %s fd %d from %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:1199 +#: ../../src/lib/apputils/net-server.c:1268 +#, c-format +msgid "Failed to get address for %d" +msgstr "" + +#: ../../src/lib/apputils/net-server.c:1287 #, c-format msgid "allocating buffer for new TCP session from %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:1231 +#: ../../src/lib/apputils/net-server.c:1315 msgid "while dispatching (tcp)" msgstr "" -#: ../../src/lib/apputils/net-server.c:1263 +#: ../../src/lib/apputils/net-server.c:1347 msgid "error allocating tcp dispatch private!" msgstr "" -#: ../../src/lib/apputils/net-server.c:1310 +#: ../../src/lib/apputils/net-server.c:1394 #, c-format msgid "TCP client %s wants %lu bytes, cap is %lu" msgstr "" -#: ../../src/lib/apputils/net-server.c:1318 +#: ../../src/lib/apputils/net-server.c:1402 #, c-format msgid "error constructing KRB_ERR_FIELD_TOOLONG error! %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:1357 +#: ../../src/lib/apputils/net-server.c:1441 #, c-format msgid "getsockname failed: %s" msgstr "" @@ -5095,6 +5145,10 @@ msgstr "" msgid "No key table entry found matching %s" msgstr "" +#: ../../src/lib/gssapi/krb5/iakerb.c:605 +msgid "The IAKERB proxy could not determine its realm" +msgstr "" + #: ../../src/lib/gssapi/mechglue/g_dsp_status.c:147 msgid "The routine completed successfully" msgstr "" @@ -5349,16 +5403,16 @@ msgid "" "'kdb_function_table' not found" msgstr "" -#: ../../src/lib/kdb/kdb5.c:604 +#: ../../src/lib/kdb/kdb5.c:627 msgid "Cannot initialize database library" msgstr "" -#: ../../src/lib/kdb/kdb5.c:1770 +#: ../../src/lib/kdb/kdb5.c:1812 #, c-format msgid "Illegal version number for KRB5_TL_MKEY_AUX %d\n" msgstr "" -#: ../../src/lib/kdb/kdb5.c:1942 +#: ../../src/lib/kdb/kdb5.c:1984 #, c-format msgid "Illegal version number for KRB5_TL_ACTKVNO %d\n" msgstr "" @@ -5399,6 +5453,20 @@ msgstr "" msgid "could not sync ulog header to disk" msgstr "" +#: ../../src/lib/kdb/kdb_log.c:119 +msgid "could not sync the whole ulog to disk" +msgstr "" + +#: ../../src/lib/kdb/kdb_log.c:216 +#, c-format +msgid "ulog overflow caused by principal %.*s" +msgstr "" + +#: ../../src/lib/kdb/kdb_log.c:238 +#, c-format +msgid "ulog block size has been resized from %lu to %lu" +msgstr "" + #: ../../src/lib/krb5/ccache/cc_dir.c:122 #, c-format msgid "Subsidiary cache path %s has no parent directory" @@ -5681,35 +5749,35 @@ msgstr "" msgid "Encrypted timestamp is disabled" msgstr "" -#: ../../src/lib/krb5/krb/preauth_otp.c:514 +#: ../../src/lib/krb5/krb/preauth_otp.c:515 msgid "Please choose from the following:\n" msgstr "" -#: ../../src/lib/krb5/krb/preauth_otp.c:516 +#: ../../src/lib/krb5/krb/preauth_otp.c:517 msgid "Vendor:" msgstr "" -#: ../../src/lib/krb5/krb/preauth_otp.c:526 +#: ../../src/lib/krb5/krb/preauth_otp.c:527 msgid "Enter #" msgstr "" -#: ../../src/lib/krb5/krb/preauth_otp.c:562 +#: ../../src/lib/krb5/krb/preauth_otp.c:563 msgid "OTP Challenge:" msgstr "" -#: ../../src/lib/krb5/krb/preauth_otp.c:591 +#: ../../src/lib/krb5/krb/preauth_otp.c:592 msgid "OTP Token PIN" msgstr "" -#: ../../src/lib/krb5/krb/preauth_otp.c:705 +#: ../../src/lib/krb5/krb/preauth_otp.c:706 msgid "OTP value doesn't match any token formats" msgstr "" -#: ../../src/lib/krb5/krb/preauth_otp.c:772 +#: ../../src/lib/krb5/krb/preauth_otp.c:773 msgid "Enter OTP Token Value" msgstr "" -#: ../../src/lib/krb5/krb/preauth_otp.c:918 +#: ../../src/lib/krb5/krb/preauth_otp.c:919 msgid "No supported tokens" msgstr "" @@ -5837,12 +5905,12 @@ msgstr "" msgid "variable missing }" msgstr "" -#: ../../src/lib/krb5/os/locate_kdc.c:855 +#: ../../src/lib/krb5/os/locate_kdc.c:874 #, c-format msgid "Cannot find KDC for realm \"%.*s\"" msgstr "" -#: ../../src/lib/krb5/os/sendto_kdc.c:527 +#: ../../src/lib/krb5/os/sendto_kdc.c:528 #, c-format msgid "Cannot contact any KDC for realm '%.*s'" msgstr "" @@ -6186,20 +6254,20 @@ msgstr "" msgid "while reading ldap configuration" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:68 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:65 msgid "Unable to read Kerberos container" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:73 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:70 msgid "Unable to read Realm" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:214 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:211 #: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:71 msgid "Error processing LDAP DB params" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:220 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:217 #: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:77 msgid "Error reading LDAP server params" msgstr "" @@ -6267,110 +6335,125 @@ msgstr "" msgid "Minimum connections required per server is 2" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:160 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:229 msgid "Default realm not set" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:264 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:311 msgid "DN information missing" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:476 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:496 msgid "dn information missing" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:137 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:125 +#, c-format +msgid "" +"Operation cannot continue; more than one entry with principal name \"%s\" " +"found" +msgstr "" + +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:238 msgid "Principal does not belong to realm" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:305 -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:314 -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:322 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:331 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:340 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:348 #, c-format msgid "%s option not supported" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:329 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:355 #, c-format msgid "unknown option: %s" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:336 -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:343 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:362 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:369 #, c-format msgid "%s option value missing" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:676 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:701 msgid "DN is out of the realm subtree" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:708 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:733 msgid "ldap object is already kerberized" msgstr "" #: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:803 -msgid "Principal does not belong to the default realm" +msgid "target principal not found" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:869 -#, c-format +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:821 msgid "" -"operation can not continue, more than one entry with principal name \"%s\" " -"found" +"cannot add alias to entry with multiple krbPrincipalName values and no " +"krbCanonicalName attribute" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:928 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:848 +#, c-format +msgid "Alias modification failed: %s" +msgstr "" + +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:909 +msgid "Principal does not belong to the default realm" +msgstr "" + +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1002 #, c-format msgid "'%s' not found" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:992 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1063 #, c-format msgid "" "link information can not be set/updated as the kerberos principal belongs to " "an ldap object" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1007 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1078 #, c-format msgid "Failed getting object references" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1014 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1085 #, c-format msgid "kerberos principal is already linked to a ldap object" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1340 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1411 msgid "ticket policy object value: " msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1388 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1459 #, c-format msgid "Principal delete failed (trying to replace entry): %s" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1398 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1469 #, c-format msgid "Principal add failed: %s" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1436 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1508 #, c-format msgid "User modification failed: %s" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1510 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1582 #: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:296 msgid "Error reading ticket policy" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1640 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1715 msgid "unable to decode stored principal key data" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1698 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1773 msgid "unable to decode stored principal pw history" msgstr "" @@ -6383,34 +6466,34 @@ msgstr "" msgid "Realm Delete FAILED: %s" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:388 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:389 msgid "subtree value: " msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:405 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:406 msgid "container reference value: " msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:488 -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:551 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:489 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:552 msgid "Kerberos Container information is missing" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:500 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:501 msgid "Invalid Kerberos container DN" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:516 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:517 #, c-format msgid "Kerberos Container create FAILED: %s" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:559 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:560 #, c-format msgid "Kerberos Container delete FAILED: %s" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:635 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:637 msgid "realm object value: " msgstr "" @@ -6463,235 +6546,235 @@ msgstr "" msgid "%s (path: %s): %s" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:164 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:165 #, c-format msgid "Unsupported argument \"%s\" for LMDB" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:294 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:295 msgid "LMDB environment open failure" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:319 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:320 msgid "LMDB read failure" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:394 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:395 msgid "LMDB write failure" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:418 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:419 msgid "LMDB delete failure" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:521 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:522 #, c-format msgid "LMDB file %s does not exist" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:566 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:567 msgid "LMDB open failure" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:593 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:594 #, c-format msgid "LMDB file %s already exists" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:658 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:659 msgid "LMDB create error" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:676 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:677 #, c-format msgid "Could not unlink %s" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:760 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:761 #, c-format msgid "Unsupported argument \"%s\" for lmdb" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:806 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:807 msgid "LMDB lockout write failure" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:882 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:883 msgid "LMDB principal iteration failure" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:985 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:986 msgid "LMDB policy iteration failure" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1016 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1017 msgid "LMDB transaction commit failure" msgstr "" -#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1115 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1116 msgid "LMDB lockout update failure" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_clnt.c:967 +#: ../../src/plugins/preauth/pkinit/pkinit_clnt.c:959 msgid "No pkinit_anchors supplied" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1105 -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3435 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1104 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3434 #, c-format msgid "%s: %s" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1135 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1134 #, c-format msgid "%s (depth %d): %s" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1377 -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4107 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1376 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4108 msgid "Pass phrase for" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1493 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1492 msgid "PKINIT cannot initialize any key exchange groups" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1677 -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1687 -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1893 -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1903 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1676 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1686 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1892 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1902 msgid "Failed to DER encode PKCS7" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1782 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1781 msgid "Failed to verify own certificate" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1877 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1876 msgid "Failed to add digest attribute" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1991 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1990 msgid "Failed to decode CMS message" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2009 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2008 msgid "Invalid pkinit packet: octet string expected" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2027 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2026 msgid "wrong oid\n" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2179 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2178 msgid "Failed to verify received certificate" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2210 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2209 msgid "Failed to verify CMS message" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2683 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2681 msgid "Failed to fetch SSKDF" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2690 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2688 msgid "Failed to instantiate SSKDF" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2703 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2701 msgid "Failed to derive key using SSKDF" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2765 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2763 msgid "Failed to compute digest" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2985 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2983 msgid "Cannot compose PKINIT KDC public key" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3247 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3245 #, c-format msgid "OpenSSL has no supported key exchange groups for pkinit_dh_min_bits=%d" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3412 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3411 msgid "Cannot load PKCS11 module" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3418 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3417 msgid "Cannot find C_GetFunctionList in PKCS11 module" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3425 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3424 msgid "Cannot retrieve function list in PKCS11 module" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3704 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3705 msgid "C_FindObjectsInit" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3710 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3711 msgid "C_FindObjects" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3713 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3714 msgid "Found no private keys in PKCS11 token" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3792 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3793 msgid "Failed to DER encode DigestInfo" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3843 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3844 msgid "Failed to convert PKCS11 ECDSA signature" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3923 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3924 #, c-format msgid "PKCS11 certificate has unsupported key type %lu" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4227 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4230 #, c-format msgid "Cannot read certificate file '%s'" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4235 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4238 #, c-format msgid "Cannot read key file '%s'" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4469 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4467 msgid "Failed to decode X509 certificate from PKCS11 token" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5048 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5046 #, c-format msgid "Cannot open file '%s'" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5055 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5053 #, c-format msgid "Cannot read file '%s'" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5589 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5579 #, c-format msgid "PKCS11 error (%s): %s" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:415 +#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:414 #, c-format msgid "Unsupported type while processing '%s'\n" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:451 +#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:450 msgid "Internal error parsing X509_user_identity\n" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:552 +#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:551 msgid "No user identity options specified" msgstr "" @@ -6710,34 +6793,34 @@ msgstr "" msgid "PKINIT: no freshness token received from %s" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:512 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:513 msgid "Pkinit request not signed, but client not anonymous." msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:546 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:548 msgid "Anonymous pkinit without DH public value not supported." msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:828 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:808 msgid "Unsupported PKINIT RSA request" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:983 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:963 #, c-format msgid "No pkinit_identity supplied for realm %s" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:994 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:974 #, c-format msgid "No pkinit_anchors supplied for realm %s" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1014 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:994 #, c-format msgid "OCSP is not supported: (realm: %s)" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1410 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1390 msgid "No realms configured correctly for pkinit support" msgstr "" @@ -7285,6 +7368,10 @@ msgstr "" msgid "Operation requires initial ticket" msgstr "" +#: ../lib/kadm5/kadm_err.c:86 +msgid "Alias target must be within the same realm" +msgstr "" + #: ../lib/kdb/adb_err.c:23 msgid "No Error" msgstr "" @@ -8567,6 +8654,10 @@ msgstr "" msgid "Too much string mapping data" msgstr "" +#: ../lib/krb5/error_tables/kdb5_err.c:69 +msgid "Operation unsupported on alias principal name" +msgstr "" + #: ../lib/krb5/error_tables/asn1_err.c:23 msgid "ASN.1 failed call to system time library" msgstr "" diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in index f63e44a4d7..b9cd70dac4 100644 --- a/src/util/support/Makefile.in +++ b/src/util/support/Makefile.in @@ -172,7 +172,7 @@ SRCS=\ $(srcdir)/getopt.c \ $(srcdir)/getopt_long.c \ $(srcdir)/secure_getenv.c \ - $(srcdir)/regex.c + $(srcdir)/regex.cpp SHLIB_EXPDEPS = # Add -lm if dumping thread stats, for sqrt. diff --git a/src/util/support/deps b/src/util/support/deps index 4b0f71bb89..0d4c7adb58 100644 --- a/src/util/support/deps +++ b/src/util/support/deps @@ -114,3 +114,6 @@ getopt_long.so getopt_long.po $(OUTPRE)getopt_long.$(OBJEXT): \ secure_getenv.so secure_getenv.po $(OUTPRE)secure_getenv.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-platform.h \ $(top_srcdir)/include/k5-thread.h secure_getenv.c +regex.so regex.po $(OUTPRE)regex.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-regex.h \ + $(top_srcdir)/include/k5-thread.h regex.cpp