diff options
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/k5identity.man | 2 | ||||
| -rw-r--r-- | src/man/k5login.man | 2 | ||||
| -rw-r--r-- | src/man/k5srvutil.man | 2 | ||||
| -rw-r--r-- | src/man/kadm5.acl.man | 38 | ||||
| -rw-r--r-- | src/man/kadmin.man | 9 | ||||
| -rw-r--r-- | src/man/kadmind.man | 2 | ||||
| -rw-r--r-- | src/man/kdb5_ldap_util.man | 2 | ||||
| -rw-r--r-- | src/man/kdb5_util.man | 2 | ||||
| -rw-r--r-- | src/man/kdc.conf.man | 19 | ||||
| -rw-r--r-- | src/man/kdestroy.man | 2 | ||||
| -rw-r--r-- | src/man/kinit.man | 2 | ||||
| -rw-r--r-- | src/man/klist.man | 2 | ||||
| -rw-r--r-- | src/man/kpasswd.man | 2 | ||||
| -rw-r--r-- | src/man/kprop.man | 2 | ||||
| -rw-r--r-- | src/man/kpropd.man | 7 | ||||
| -rw-r--r-- | src/man/kproplog.man | 2 | ||||
| -rw-r--r-- | src/man/krb5-config.man | 2 | ||||
| -rw-r--r-- | src/man/krb5.conf.man | 63 | ||||
| -rw-r--r-- | src/man/krb5kdc.man | 2 | ||||
| -rw-r--r-- | src/man/ksu.man | 2 | ||||
| -rw-r--r-- | src/man/kswitch.man | 2 | ||||
| -rw-r--r-- | src/man/ktutil.man | 4 | ||||
| -rw-r--r-- | src/man/kvno.man | 2 | ||||
| -rw-r--r-- | src/man/sclient.man | 2 | ||||
| -rw-r--r-- | src/man/sserver.man | 2 |
25 files changed, 126 insertions, 52 deletions
diff --git a/src/man/k5identity.man b/src/man/k5identity.man index 48866b8e9521..ec4bda4dd7ff 100644 --- a/src/man/k5identity.man +++ b/src/man/k5identity.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "K5IDENTITY" "5" " " "1.15.1" "MIT Kerberos" +.TH "K5IDENTITY" "5" " " "1.16" "MIT Kerberos" .SH NAME k5identity \- Kerberos V5 client principal selection rules . diff --git a/src/man/k5login.man b/src/man/k5login.man index f6a1706be8b6..fea5c230dbed 100644 --- a/src/man/k5login.man +++ b/src/man/k5login.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "K5LOGIN" "5" " " "1.15.1" "MIT Kerberos" +.TH "K5LOGIN" "5" " " "1.16" "MIT Kerberos" .SH NAME k5login \- Kerberos V5 acl file for host access . diff --git a/src/man/k5srvutil.man b/src/man/k5srvutil.man index 066a99118f3b..1830476c05a7 100644 --- a/src/man/k5srvutil.man +++ b/src/man/k5srvutil.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "K5SRVUTIL" "1" " " "1.15.1" "MIT Kerberos" +.TH "K5SRVUTIL" "1" " " "1.16" "MIT Kerberos" .SH NAME k5srvutil \- host key table (keytab) manipulation utility . diff --git a/src/man/kadm5.acl.man b/src/man/kadm5.acl.man index 9043775f84c6..fe9b61170038 100644 --- a/src/man/kadm5.acl.man +++ b/src/man/kadm5.acl.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KADM5.ACL" "5" " " "1.15.1" "MIT Kerberos" +.TH "KADM5.ACL" "5" " " "1.16" "MIT Kerberos" .SH NAME kadm5.acl \- Kerberos ACL file . @@ -230,16 +230,17 @@ sms@ATHENA.MIT.EDU x * \-maxlife 9h \-postdateable # line 6 .UNINDENT .UNINDENT .sp -(line 1) Any principal in the \fBATHENA.MIT.EDU\fP realm with -an \fBadmin\fP instance has all administrative privileges. +(line 1) Any principal in the \fBATHENA.MIT.EDU\fP realm with an +\fBadmin\fP instance has all administrative privileges except extracting +keys. .sp -(lines 1\-3) The user \fBjoeadmin\fP has all permissions with his -\fBadmin\fP instance, \fBjoeadmin/admin@ATHENA.MIT.EDU\fP (matches line -1). He has no permissions at all with his null instance, -\fBjoeadmin@ATHENA.MIT.EDU\fP (matches line 2). His \fBroot\fP and other -non\-\fBadmin\fP, non\-null instances (e.g., \fBextra\fP or \fBdbadmin\fP) have -inquire permissions with any principal that has the instance \fBroot\fP -(matches line 3). +(lines 1\-3) The user \fBjoeadmin\fP has all permissions except +extracting keys with his \fBadmin\fP instance, +\fBjoeadmin/admin@ATHENA.MIT.EDU\fP (matches line 1). He has no +permissions at all with his null instance, \fBjoeadmin@ATHENA.MIT.EDU\fP +(matches line 2). His \fBroot\fP and other non\-\fBadmin\fP, non\-null +instances (e.g., \fBextra\fP or \fBdbadmin\fP) have inquire permissions +with any principal that has the instance \fBroot\fP (matches line 3). .sp (line 4) Any \fBroot\fP principal in \fBATHENA.MIT.EDU\fP can inquire or change the password of their null instance, but not any other @@ -253,9 +254,20 @@ permission can only be granted globally, not to specific target principals. .sp (line 6) Finally, the Service Management System principal -\fBsms@ATHENA.MIT.EDU\fP has all permissions, but any principal that it -creates or modifies will not be able to get postdateable tickets or -tickets with a life of longer than 9 hours. +\fBsms@ATHENA.MIT.EDU\fP has all permissions except extracting keys, but +any principal that it creates or modifies will not be able to get +postdateable tickets or tickets with a life of longer than 9 hours. +.SH MODULE BEHAVIOR +.sp +The ACL file can coexist with other authorization modules in release +1.16 and later, as configured in the \fIkadm5_auth\fP section of +\fIkrb5.conf(5)\fP\&. The ACL file will positively authorize +operations according to the rules above, but will never +authoritatively deny an operation, so other modules can authorize +operations in addition to those authorized by the ACL file. +.sp +To operate without an ACL file, set the \fIacl_file\fP variable in +\fIkdc.conf(5)\fP to the empty string with \fBacl_file = ""\fP\&. .SH SEE ALSO .sp \fIkdc.conf(5)\fP, \fIkadmind(8)\fP diff --git a/src/man/kadmin.man b/src/man/kadmin.man index 5105eca28e76..008d9bf5df98 100644 --- a/src/man/kadmin.man +++ b/src/man/kadmin.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KADMIN" "1" " " "1.15.1" "MIT Kerberos" +.TH "KADMIN" "1" " " "1.16" "MIT Kerberos" .SH NAME kadmin \- Kerberos V5 database administration program . @@ -705,6 +705,13 @@ accepted values. Enables One Time Passwords (OTP) preauthentication for a client \fIprincipal\fP\&. The \fIvalue\fP is a JSON string representing an array of objects, each having optional \fBtype\fP and \fBusername\fP fields. +.TP +.B \fBpkinit_cert_match\fP +Specifies a matching expression that defines the certificate +attributes required for the client certificate used by the +principal during PKINIT authentication. The matching expression +is in the same format as those used by the \fBpkinit_cert_match\fP +option in \fIkrb5.conf(5)\fP\&. (New in release 1.16.) .UNINDENT .sp This command requires the \fBmodify\fP privilege. diff --git a/src/man/kadmind.man b/src/man/kadmind.man index 65647f97c797..6d592a0e8faa 100644 --- a/src/man/kadmind.man +++ b/src/man/kadmind.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KADMIND" "8" " " "1.15.1" "MIT Kerberos" +.TH "KADMIND" "8" " " "1.16" "MIT Kerberos" .SH NAME kadmind \- KADM5 administration server . diff --git a/src/man/kdb5_ldap_util.man b/src/man/kdb5_ldap_util.man index 83591a70c12c..001c797ab20e 100644 --- a/src/man/kdb5_ldap_util.man +++ b/src/man/kdb5_ldap_util.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KDB5_LDAP_UTIL" "8" " " "1.15.1" "MIT Kerberos" +.TH "KDB5_LDAP_UTIL" "8" " " "1.16" "MIT Kerberos" .SH NAME kdb5_ldap_util \- Kerberos configuration utility . diff --git a/src/man/kdb5_util.man b/src/man/kdb5_util.man index cb637cbb0015..66bf6f856af0 100644 --- a/src/man/kdb5_util.man +++ b/src/man/kdb5_util.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KDB5_UTIL" "8" " " "1.15.1" "MIT Kerberos" +.TH "KDB5_UTIL" "8" " " "1.16" "MIT Kerberos" .SH NAME kdb5_util \- Kerberos database maintenance utility . diff --git a/src/man/kdc.conf.man b/src/man/kdc.conf.man index 10b333c38d29..440ce3b96dc8 100644 --- a/src/man/kdc.conf.man +++ b/src/man/kdc.conf.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KDC.CONF" "5" " " "1.15.1" "MIT Kerberos" +.TH "KDC.CONF" "5" " " "1.16" "MIT Kerberos" .SH NAME kdc.conf \- Kerberos V5 KDC configuration file . @@ -145,9 +145,10 @@ The following tags may be specified in a [realms] subsection: .B \fBacl_file\fP (String.) Location of the access control list file that \fIkadmind(8)\fP uses to determine which principals are allowed -which permissions on the Kerberos database. The default value is -\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. For more information on Kerberos ACL -file see \fIkadm5.acl(5)\fP\&. +which permissions on the Kerberos database. To operate without an +ACL file, set this relation to the empty string with \fBacl_file = +""\fP\&. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. For more +information on Kerberos ACL file see \fIkadm5.acl(5)\fP\&. .TP .B \fBdatabase_module\fP (String.) This relation indicates the name of the configuration @@ -259,6 +260,11 @@ per line, with no additional whitespace. If none is specified or if there is no policy assigned to the principal, no dictionary checks of passwords will be performed. .TP +.B \fBencrypted_challenge_indicator\fP +(String.) Specifies the authentication indicator value that the KDC +asserts into tickets obtained using FAST encrypted challenge +pre\-authentication. New in 1.16. +.TP .B \fBhost_based_services\fP (Whitespace\- or comma\-separated list.) Lists services which will get host\-based referral processing even if the server principal is @@ -886,9 +892,6 @@ Specifies an authentication indicator to include in the ticket if pkinit is used to authenticate. This option may be specified multiple times. (New in release 1.14.) .TP -.B \fBpkinit_kdc_ocsp\fP -Specifies the location of the KDC\(aqs OCSP. -.TP .B \fBpkinit_pool\fP Specifies the location of intermediate certificates which may be used by the KDC to complete the trust chain between a client\(aqs @@ -1031,7 +1034,7 @@ _ T{ aes T} T{ -The AES family: aes256\-cts\-hmac\-sha1\-96 and aes128\-cts\-hmac\-sha1\-96 +The AES family: aes256\-cts\-hmac\-sha1\-96, aes128\-cts\-hmac\-sha1\-96, aes256\-cts\-hmac\-sha384\-192, and aes128\-cts\-hmac\-sha256\-128 T} _ T{ diff --git a/src/man/kdestroy.man b/src/man/kdestroy.man index 47e1e369423e..08019948755b 100644 --- a/src/man/kdestroy.man +++ b/src/man/kdestroy.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KDESTROY" "1" " " "1.15.1" "MIT Kerberos" +.TH "KDESTROY" "1" " " "1.16" "MIT Kerberos" .SH NAME kdestroy \- destroy Kerberos tickets . diff --git a/src/man/kinit.man b/src/man/kinit.man index e257bd25ef91..24a6f968b826 100644 --- a/src/man/kinit.man +++ b/src/man/kinit.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KINIT" "1" " " "1.15.1" "MIT Kerberos" +.TH "KINIT" "1" " " "1.16" "MIT Kerberos" .SH NAME kinit \- obtain and cache Kerberos ticket-granting ticket . diff --git a/src/man/klist.man b/src/man/klist.man index 3080640dd97d..c73a88dedf67 100644 --- a/src/man/klist.man +++ b/src/man/klist.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KLIST" "1" " " "1.15.1" "MIT Kerberos" +.TH "KLIST" "1" " " "1.16" "MIT Kerberos" .SH NAME klist \- list cached Kerberos tickets . diff --git a/src/man/kpasswd.man b/src/man/kpasswd.man index b7bb0a32fc5a..89bdc96a93b7 100644 --- a/src/man/kpasswd.man +++ b/src/man/kpasswd.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KPASSWD" "1" " " "1.15.1" "MIT Kerberos" +.TH "KPASSWD" "1" " " "1.16" "MIT Kerberos" .SH NAME kpasswd \- change a user's Kerberos password . diff --git a/src/man/kprop.man b/src/man/kprop.man index 9d3e2033c38c..45ceaaf6d217 100644 --- a/src/man/kprop.man +++ b/src/man/kprop.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KPROP" "8" " " "1.15.1" "MIT Kerberos" +.TH "KPROP" "8" " " "1.16" "MIT Kerberos" .SH NAME kprop \- propagate a Kerberos V5 principal database to a slave server . diff --git a/src/man/kpropd.man b/src/man/kpropd.man index 9048f8fd5d92..a40e542dae9e 100644 --- a/src/man/kpropd.man +++ b/src/man/kpropd.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KPROPD" "8" " " "1.15.1" "MIT Kerberos" +.TH "KPROPD" "8" " " "1.16" "MIT Kerberos" .SH NAME kpropd \- Kerberos V5 slave KDC update server . @@ -40,6 +40,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] [\fB\-F\fP \fIprincipal_database\fP] [\fB\-p\fP \fIkdb5_util_prog\fP] [\fB\-P\fP \fIport\fP] +[\fB\-\-pid\-file\fP=\fIpid_file\fP] [\fB\-d\fP] [\fB\-t\fP] .SH DESCRIPTION @@ -131,6 +132,10 @@ is only useful in combination with the \fB\-S\fP option. .B \fB\-a\fP \fIacl_file\fP Allows the user to specify the path to the kpropd.acl file; by default the path used is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kpropd.acl\fP\&. +.TP +.B \fB\-\-pid\-file\fP=\fIpid_file\fP +In standalone mode, write the process ID of the daemon into +\fIpid_file\fP\&. .UNINDENT .SH ENVIRONMENT .sp diff --git a/src/man/kproplog.man b/src/man/kproplog.man index eaf6a21954bc..7bdf17da52db 100644 --- a/src/man/kproplog.man +++ b/src/man/kproplog.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KPROPLOG" "8" " " "1.15.1" "MIT Kerberos" +.TH "KPROPLOG" "8" " " "1.16" "MIT Kerberos" .SH NAME kproplog \- display the contents of the Kerberos principal update log . diff --git a/src/man/krb5-config.man b/src/man/krb5-config.man index c9d2724ac1bd..2899808d19be 100644 --- a/src/man/krb5-config.man +++ b/src/man/krb5-config.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KRB5-CONFIG" "1" " " "1.15.1" "MIT Kerberos" +.TH "KRB5-CONFIG" "1" " " "1.16" "MIT Kerberos" .SH NAME krb5-config \- tool for linking against MIT Kerberos libraries . diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man index 4e350bd72351..3d12254797d3 100644 --- a/src/man/krb5.conf.man +++ b/src/man/krb5.conf.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KRB5.CONF" "5" " " "1.15.1" "MIT Kerberos" +.TH "KRB5.CONF" "5" " " "1.16" "MIT Kerberos" .SH NAME krb5.conf \- Kerberos configuration file . @@ -112,9 +112,10 @@ includedir DIRNAME directory must exist and be readable. Including a directory includes all files within the directory whose names consist solely of alphanumeric characters, dashes, or underscores. Starting in release -1.15, files with names ending in ".conf" are also included. Included -profile files are syntactically independent of their parents, so each -included file must begin with a section header. +1.15, files with names ending in ".conf" are also included, unless the +name begins with ".". Included profile files are syntactically +independent of their parents, so each included file must begin with a +section header. .sp The krb5.conf file can specify that configuration should be obtained from a loadable module, rather than the file itself, using the @@ -257,7 +258,7 @@ the client should request when making a TGS\-REQ, in order of preference from highest to lowest. The list may be delimited with commas or whitespace. See \fIEncryption_types\fP in \fIkdc.conf(5)\fP for a list of the accepted values for this tag. -The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types +The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly removed from this list if the value of \fBallow_weak_crypto\fP is false. .sp @@ -271,7 +272,7 @@ Identifies the supported list of session key encryption types that the client should request when making an AS\-REQ, in order of preference from highest to lowest. The format is the same as for default_tgs_enctypes. The default value for this tag is -\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly +\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly removed from this list if the value of \fBallow_weak_crypto\fP is false. .sp @@ -353,7 +354,7 @@ For security reasons, .k5login files must be owned by the local user or by root. .TP .B \fBkcm_mach_service\fP -On OS X only, determines the name of the bootstrap service used to +On macOS only, determines the name of the bootstrap service used to contact the KCM daemon for the KCM credential cache type. If the value is \fB\-\fP, Mach RPC will not be used to contact the KCM daemon. The default value is \fBorg.h5l.kcm\fP\&. @@ -454,7 +455,7 @@ used across NATs. The default value is true. .B \fBpermitted_enctypes\fP Identifies all encryption types that are permitted for use in session key encryption. The default value for this tag is -\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly +\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly removed from this list if the value of \fBallow_weak_crypto\fP is false. .TP @@ -908,6 +909,10 @@ client principal .B \fBrealm\fP Uses the service realm to guess an appropriate cache from the collection +.TP +.B \fBhostname\fP +If the service principal is host\-based, uses the service hostname +to guess an appropriate cache from the collection .UNINDENT .SS pwqual interface .sp @@ -936,6 +941,24 @@ principal creation, modification, password changes and deletion. This interface can be used to write a plugin to synchronize MIT Kerberos with another database such as Active Directory. No plugins are built in for this interface. +.SS kadm5_auth interface +.sp +The kadm5_auth section (introduced in release 1.16) controls modules +for the kadmin authorization interface, which determines whether a +client principal is allowed to perform a kadmin operation. The +following built\-in modules exist for this interface: +.INDENT 0.0 +.TP +.B \fBacl\fP +This module reads the \fIkadm5.acl(5)\fP file, and authorizes +operations which are allowed according to the rules in the file. +.TP +.B \fBself\fP +This module authorizes self\-service operations including password +changes, creation of new random keys, fetching the client\(aqs +principal record or string attributes, and fetching the policy +record associated with the client principal. +.UNINDENT .SS clpreauth and kdcpreauth interfaces .sp The clpreauth and kdcpreauth interfaces allow plugin modules to @@ -1009,6 +1032,30 @@ the account\(aqs \fI\&.k5login(5)\fP file. This module authorizes a principal to a local account if the principal name maps to the local account name. .UNINDENT +.SS certauth interface +.sp +The certauth section (introduced in release 1.16) controls modules for +the certificate authorization interface, which determines whether a +certificate is allowed to preauthenticate a user via PKINIT. The +following built\-in modules exist for this interface: +.INDENT 0.0 +.TP +.B \fBpkinit_san\fP +This module authorizes the certificate if it contains a PKINIT +Subject Alternative Name for the requested client principal, or a +Microsoft UPN SAN matching the principal if \fBpkinit_allow_upn\fP +is set to true for the realm. +.TP +.B \fBpkinit_eku\fP +This module rejects the certificate if it does not contain an +Extended Key Usage attribute consistent with the +\fBpkinit_eku_checking\fP value for the realm. +.TP +.B \fBdbmatch\fP +This module authorizes or rejects the certificate according to +whether it matches the \fBpkinit_cert_match\fP string attribute on +the client principal, if that attribute is present. +.UNINDENT .SH PKINIT OPTIONS .sp \fBNOTE:\fP diff --git a/src/man/krb5kdc.man b/src/man/krb5kdc.man index 873014650b27..cf3de31b284e 100644 --- a/src/man/krb5kdc.man +++ b/src/man/krb5kdc.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KRB5KDC" "8" " " "1.15.1" "MIT Kerberos" +.TH "KRB5KDC" "8" " " "1.16" "MIT Kerberos" .SH NAME krb5kdc \- Kerberos V5 KDC . diff --git a/src/man/ksu.man b/src/man/ksu.man index 2a0328e8435c..d885b8f10d58 100644 --- a/src/man/ksu.man +++ b/src/man/ksu.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KSU" "1" " " "1.15.1" "MIT Kerberos" +.TH "KSU" "1" " " "1.16" "MIT Kerberos" .SH NAME ksu \- Kerberized super-user . diff --git a/src/man/kswitch.man b/src/man/kswitch.man index d8d925cbceac..0c38aff575aa 100644 --- a/src/man/kswitch.man +++ b/src/man/kswitch.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KSWITCH" "1" " " "1.15.1" "MIT Kerberos" +.TH "KSWITCH" "1" " " "1.16" "MIT Kerberos" .SH NAME kswitch \- switch primary ticket cache . diff --git a/src/man/ktutil.man b/src/man/ktutil.man index 6a119e7550ad..3498b65d6fd3 100644 --- a/src/man/ktutil.man +++ b/src/man/ktutil.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KTUTIL" "1" " " "1.15.1" "MIT Kerberos" +.TH "KTUTIL" "1" " " "1.16" "MIT Kerberos" .SH NAME ktutil \- Kerberos keytab file maintenance utility . @@ -113,7 +113,7 @@ Alias: \fBdelent\fP .INDENT 0.0 .INDENT 3.5 \fBadd_entry\fP {\fB\-key\fP|\fB\-password\fP} \fB\-p\fP \fIprincipal\fP -\fB\-k\fP \fIkvno\fP \fB\-e\fP \fIenctype\fP +\fB\-k\fP \fIkvno\fP \fB\-e\fP \fIenctype\fP [\fB\-s\fP \fIsalt\fP] .UNINDENT .UNINDENT .sp diff --git a/src/man/kvno.man b/src/man/kvno.man index 4d510ca51f21..a62a73378f42 100644 --- a/src/man/kvno.man +++ b/src/man/kvno.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KVNO" "1" " " "1.15.1" "MIT Kerberos" +.TH "KVNO" "1" " " "1.16" "MIT Kerberos" .SH NAME kvno \- print key version numbers of Kerberos principals . diff --git a/src/man/sclient.man b/src/man/sclient.man index 1d5c4c5e7048..c8228ad020c7 100644 --- a/src/man/sclient.man +++ b/src/man/sclient.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SCLIENT" "1" " " "1.15.1" "MIT Kerberos" +.TH "SCLIENT" "1" " " "1.16" "MIT Kerberos" .SH NAME sclient \- sample Kerberos version 5 client . diff --git a/src/man/sserver.man b/src/man/sserver.man index 514128018c36..f871e4e7638a 100644 --- a/src/man/sserver.man +++ b/src/man/sserver.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SSERVER" "8" " " "1.15.1" "MIT Kerberos" +.TH "SSERVER" "8" " " "1.16" "MIT Kerberos" .SH NAME sserver \- sample Kerberos version 5 server . |