From: Ben Kaduk Date: Tue, 11 Dec 2012 22:19:44 +0000 (-0500) Subject: Regenerate checked-in man pages X-Git-Tag: krb5-1.12-alpha1~424 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=26481ee22377a46badbbf4bbdd8ae04265057205;p=thirdparty%2Fkrb5.git Regenerate checked-in man pages Pick up changes to kadmin.rst and krb5_conf.rst adding cross-references for account lockout and detailing parameter expansion for keytab and credentials cache names in krb5.conf ticket: 7494 (new) tags: pullup target_version: 1.11 --- diff --git a/src/man/kadmin.man b/src/man/kadmin.man index e3278e7395..06753dd8d2 100644 --- a/src/man/kadmin.man +++ b/src/man/kadmin.man @@ -628,23 +628,34 @@ numbers, punctuation, and whitespace/unprintable characters. .B \fB\-history\fP \fInumber\fP Sets the number of past keys kept for a principal. This option is not supported with the LDAP KDC database module. +.UNINDENT +.INDENT 0.0 .TP .B \fB\-maxfailure\fP \fImaxnumber\fP -Sets the maximum number of authentication failures before the -principal is locked. Authentication failures are only tracked for -principals which require preauthentication. +Sets the number of authentication failures before the principal is +locked. Authentication failures are only tracked for principals +which require preauthentication. The counter of failed attempts +resets to 0 after a successful attempt to authenticate. A +\fImaxnumber\fP value of 0 (the default) disables lockout. +.UNINDENT +.INDENT 0.0 .TP .B \fB\-failurecountinterval\fP \fIfailuretime\fP (\fIgetdate\fP string) Sets the allowable time between authentication failures. If an authentication failure happens after \fIfailuretime\fP has elapsed since the previous failure, -the number of authentication failures is reset to 1. +the number of authentication failures is reset to 1. A +\fIfailuretime\fP value of 0 (the default) means forever. +.UNINDENT +.INDENT 0.0 .TP .B \fB\-lockoutduration\fP \fIlockouttime\fP (\fIgetdate\fP string) Sets the duration for which the principal is locked from authenticating if too many authentication failures occur without the specified failure count interval elapsing. -A duration of 0 means forever. +A duration of 0 (the default) means the principal remains locked +out until it is administratively unlocked with \fBmodprinc +\-unlock\fP. .TP .B \fB\-allowedkeysalts\fP Specifies the key/salt tuples supported for long\-term keys when diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man index 5c58fee090..a5bb7c3c68 100644 --- a/src/man/krb5.conf.man +++ b/src/man/krb5.conf.man @@ -1146,8 +1146,9 @@ The default is false. .UNINDENT .SH PARAMETER EXPANSION .sp -Several variables, such as \fBdefault_keytab_name\fP, allow parameters -to be expanded. Valid parameters are: +Starting with release 1.11, several variables, such as +\fBdefault_keytab_name\fP, allow parameters to be expanded. +Valid parameters are: .INDENT 0.0 .INDENT 3.5 .TS