vendor/krb5/1.21.1

1 files changed, 26 insertions, 25 deletions

diff --git a/doc/html/admin/auth_indicator.html b/doc/html/admin/auth_indicator.html
index 25f97cfe94b5..75d0ca84e200 100644
--- a/doc/html/admin/auth_indicator.html
+++ b/doc/html/admin/auth_indicator.html
@@ -1,33 +1,31 @@
+
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
-
 <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    
-    <title>Authentication indicators &mdash; MIT Kerberos Documentation</title>
-    
+    <title>Authentication indicators &#8212; MIT Kerberos Documentation</title>
     <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
     <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
     <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
-    
     <script type="text/javascript">
       var DOCUMENTATION_OPTIONS = {
         URL_ROOT:    '../',
-        VERSION:     '1.16',
+        VERSION:     '1.21.1',
         COLLAPSE_INDEX: false,
         FILE_SUFFIX: '.html',
-        HAS_SOURCE:  true
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
       };
     </script>
     <script type="text/javascript" src="../_static/jquery.js"></script>
     <script type="text/javascript" src="../_static/underscore.js"></script>
     <script type="text/javascript" src="../_static/doctools.js"></script>
     <link rel="author" title="About these documents" href="../about.html" />
+    <link rel="index" title="Index" href="../genindex.html" />
+    <link rel="search" title="Search" href="../search.html" />
     <link rel="copyright" title="Copyright" href="../copyright.html" />
-    <link rel="top" title="MIT Kerberos Documentation" href="../index.html" />
-    <link rel="up" title="For administrators" href="index.html" />
     <link rel="next" title="Administration programs" href="admin_commands/index.html" />
     <link rel="prev" title="HTTPS proxy configuration" href="https.html" /> 
   </head>
@@ -61,14 +59,14 @@
             
       <div class="documentwrapper">
         <div class="bodywrapper">
-          <div class="body">
+          <div class="body" role="main">
             
   <div class="section" id="authentication-indicators">
 <span id="auth-indicator"></span><h1>Authentication indicators<a class="headerlink" href="#authentication-indicators" title="Permalink to this headline">¶</a></h1>
 <p>As of release 1.14, the KDC can be configured to annotate tickets if
 the client authenticated using a stronger preauthentication mechanism
-such as <a class="reference internal" href="pkinit.html#pkinit"><em>PKINIT</em></a> or <a class="reference internal" href="otp.html#otp-preauth"><em>OTP</em></a>.  These
-annotations are called &#8220;authentication indicators.&#8221;  Service
+such as <a class="reference internal" href="pkinit.html#pkinit"><span class="std std-ref">PKINIT</span></a> or <a class="reference internal" href="otp.html#otp-preauth"><span class="std std-ref">OTP</span></a>.  These
+annotations are called “authentication indicators.”  Service
 principals can be configured to require particular authentication
 indicators in order to authenticate to that service.  An
 authentication indicator value can be any string chosen by the KDC
@@ -76,35 +74,35 @@ administrator; there are no pre-set values.</p>
 <p>To use authentication indicators with PKINIT or OTP, first configure
 the KDC to include an indicator when that preauthentication mechanism
 is used.  For PKINIT, use the <strong>pkinit_indicator</strong> variable in
-<a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><em>kdc.conf</em></a>.  For OTP, use the <strong>indicator</strong> variable in the
+<a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>.  For OTP, use the <strong>indicator</strong> variable in the
 token type definition, or specify the indicators in the <strong>otp</strong> user
-string as described in <a class="reference internal" href="otp.html#otp-preauth"><em>OTP Preauthentication</em></a>.</p>
+string as described in <a class="reference internal" href="otp.html#otp-preauth"><span class="std std-ref">OTP Preauthentication</span></a>.</p>
 <p>To require an indicator to be present in order to authenticate to a
 service principal, set the <strong>require_auth</strong> string attribute on the
 principal to the indicator value to be required.  If you wish to allow
 one of several indicators to be accepted, you can specify multiple
 indicator values separated by spaces.</p>
 <p>For example, a realm could be configured to set the authentication
-indicator value &#8220;strong&#8221; when PKINIT is used to authenticate, using a
-setting in the <a class="reference internal" href="conf_files/kdc_conf.html#kdc-realms"><em>[realms]</em></a> subsection:</p>
-<div class="highlight-python"><div class="highlight"><pre><span class="n">pkinit_indicator</span> <span class="o">=</span> <span class="n">strong</span>
+indicator value “strong” when PKINIT is used to authenticate, using a
+setting in the <a class="reference internal" href="conf_files/kdc_conf.html#kdc-realms"><span class="std std-ref">[realms]</span></a> subsection:</p>
+<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">pkinit_indicator</span> <span class="o">=</span> <span class="n">strong</span>
 </pre></div>
 </div>
-<p>A service principal could be configured to require the &#8220;strong&#8221;
+<p>A service principal could be configured to require the “strong”
 authentication indicator value:</p>
-<div class="highlight-python"><div class="highlight"><pre>$ kadmin setstr host/high.value.server require_auth strong
+<div class="highlight-default"><div class="highlight"><pre><span></span>$ kadmin setstr host/high.value.server require_auth strong
 Password for user/admin@KRBTEST.COM:
 </pre></div>
 </div>
 <p>A user who authenticates with PKINIT would be able to obtain a ticket
 for the service principal:</p>
-<div class="highlight-python"><div class="highlight"><pre>$ kinit -X X509_user_identity=FILE:/my/cert.pem,/my/key.pem user
+<div class="highlight-default"><div class="highlight"><pre><span></span>$ kinit -X X509_user_identity=FILE:/my/cert.pem,/my/key.pem user
 $ kvno host/high.value.server
 host/high.value.server@KRBTEST.COM: kvno = 1
 </pre></div>
 </div>
 <p>but a user who authenticates with a password would not:</p>
-<div class="highlight-python"><div class="highlight"><pre>$ kinit user
+<div class="highlight-default"><div class="highlight"><pre><span></span>$ kinit user
 Password for user@KRBTEST.COM:
 $ kvno host/high.value.server
 kvno: KDC policy rejects request while getting credentials for
@@ -112,7 +110,7 @@ kvno: KDC policy rejects request while getting credentials for
 </pre></div>
 </div>
 <p>GSSAPI server applications can inspect authentication indicators
-through the <a class="reference internal" href="../appdev/gssapi.html#gssapi-authind-attr"><em>auth-indicators</em></a> name
+through the <a class="reference internal" href="../appdev/gssapi.html#gssapi-authind-attr"><span class="std std-ref">auth-indicators</span></a> name
 attribute.</p>
 </div>
 
@@ -136,6 +134,7 @@ attribute.</p>
 <li class="toctree-l2"><a class="reference internal" href="conf_files/index.html">Configuration Files</a></li>
 <li class="toctree-l2"><a class="reference internal" href="realm_config.html">Realm configuration decisions</a></li>
 <li class="toctree-l2"><a class="reference internal" href="database.html">Database administration</a></li>
+<li class="toctree-l2"><a class="reference internal" href="dbtypes.html">Database types</a></li>
 <li class="toctree-l2"><a class="reference internal" href="lockout.html">Account lockout</a></li>
 <li class="toctree-l2"><a class="reference internal" href="conf_ldap.html">Configuring Kerberos with OpenLDAP back-end</a></li>
 <li class="toctree-l2"><a class="reference internal" href="appl_servers.html">Application servers</a></li>
@@ -143,10 +142,12 @@ attribute.</p>
 <li class="toctree-l2"><a class="reference internal" href="backup_host.html">Backups of secure hosts</a></li>
 <li class="toctree-l2"><a class="reference internal" href="pkinit.html">PKINIT configuration</a></li>
 <li class="toctree-l2"><a class="reference internal" href="otp.html">OTP Preauthentication</a></li>
+<li class="toctree-l2"><a class="reference internal" href="spake.html">SPAKE Preauthentication</a></li>
+<li class="toctree-l2"><a class="reference internal" href="dictionary.html">Addressing dictionary attack risks</a></li>
 <li class="toctree-l2"><a class="reference internal" href="princ_dns.html">Principal names and DNS</a></li>
 <li class="toctree-l2"><a class="reference internal" href="enctypes.html">Encryption types</a></li>
 <li class="toctree-l2"><a class="reference internal" href="https.html">HTTPS proxy configuration</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="">Authentication indicators</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">Authentication indicators</a></li>
 <li class="toctree-l2"><a class="reference internal" href="admin_commands/index.html">Administration  programs</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../mitK5defaults.html">MIT Kerberos defaults</a></li>
 <li class="toctree-l2"><a class="reference internal" href="env_variables.html">Environment variables</a></li>
@@ -182,8 +183,8 @@ attribute.</p>
 
     <div class="footer-wrapper">
         <div class="footer" >
-            <div class="right" ><i>Release: 1.16</i><br />
-                &copy; <a href="../copyright.html">Copyright</a> 1985-2017, MIT.
+            <div class="right" ><i>Release: 1.21.1</i><br />
+                &copy; <a href="../copyright.html">Copyright</a> 1985-2023, MIT.
             </div>
             <div class="left">