krb5: Import MIT 1.21.3 - src - FreeBSD source tree

diff options


context:
space:
mode:

author	Cy Schubert <cy@FreeBSD.org>	2025-03-19 22:12:25 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2025-03-19 22:12:25 +0000
commit	8f7d3ef26dec89a92ec0665de84a5936310a5574 (patch)
tree	9a465418bd4056bf0d369751320a414eaed29fa4 /doc/html/basic
parent	1a79b20663ca26acc2998b90ea2ff2aefd8af5b1 (diff)

Diffstat (limited to 'doc/html/basic')

-rw-r--r--

doc/html/basic/ccache_def.html

136

-rw-r--r--

doc/html/basic/date_format.html

232

-rw-r--r--

doc/html/basic/index.html

-rw-r--r--

doc/html/basic/keytab_def.html

-rw-r--r--

doc/html/basic/rcache_def.html

-rw-r--r--

doc/html/basic/stash_file_def.html

6 files changed, 299 insertions, 339 deletions

diff --git a/doc/html/basic/ccache_def.html b/doc/html/basic/ccache_def.html
index c26b3f54a539..9728a8b550db 100644
--- a/doc/html/basic/ccache_def.html
+++ b/doc/html/basic/ccache_def.html

@@ -1,35 +1,26 @@

-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<!DOCTYPE html>

-<html xmlns="http://www.w3.org/1999/xhtml">

+<html>

<head>

- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

+ <meta charset="utf-8" />

+ <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />

<title>Credential cache — MIT Kerberos Documentation</title>

- <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />

- <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />

- <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />

- <script type="text/javascript">

- var DOCUMENTATION_OPTIONS = {

- URL_ROOT: '../',

- VERSION: '1.21.2',

- COLLAPSE_INDEX: false,

- FILE_SUFFIX: '.html',

- HAS_SOURCE: true,

- SOURCELINK_SUFFIX: '.txt'

- };

- </script>

- <script type="text/javascript" src="../_static/jquery.js"></script>

- <script type="text/javascript" src="../_static/underscore.js"></script>

- <script type="text/javascript" src="../_static/doctools.js"></script>

+ <link rel="stylesheet" type="text/css" href="../_static/pygments.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/agogo.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/kerb.css" />

+ <script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script>

+ <script src="../_static/jquery.js"></script>

+ <script src="../_static/underscore.js"></script>

+ <script src="../_static/doctools.js"></script>

- </head>

- <body>

+ </head><body>

@@ -61,7 +52,7 @@

- <div class="section" id="credential-cache">

+ <section id="credential-cache">

<span id="ccache-definition"></span><h1>Credential cache<a class="headerlink" href="#credential-cache" title="Permalink to this headline">¶</a></h1>

<p>A credential cache (or “ccache”) holds Kerberos credentials while they

remain valid and, generally, while the user’s session lasts, so that

@@ -82,7 +73,7 @@ principal name (which, in some ccache types, need not be the same as

the default), lifetime information, and flags, along with the

credential itself. There are also other entries, indicated by special

names, that store additional information.</p>

-<div class="section" id="ccache-types">

+<section id="ccache-types">

<h2>ccache types<a class="headerlink" href="#ccache-types" title="Permalink to this headline">¶</a></h2>

<p>The credential cache interface, like the <a class="reference internal" href="keytab_def.html#keytab-definition"><span class="std std-ref">keytab</span></a> and

<a class="reference internal" href="rcache_def.html#rcache-definition"><span class="std std-ref">replay cache</span></a> interfaces, uses <cite>TYPE:value</cite> strings to

@@ -93,11 +84,10 @@ Kerberos library. Not all are supported on every platform. In most

cases, it should be correct to use the default type built into the

library.</p>

-<li><p class="first"><strong>API</strong> is only implemented on Windows. It communicates with a

+<li><p><strong>API</strong> is only implemented on Windows. It communicates with a

server process that holds the credentials in memory for the user,

-rather than writing them to disk.</p>

-</li>

-<li><p class="first"><strong>DIR</strong> points to the storage location of the collection of the

+rather than writing them to disk.</p></li>

+<li><p><strong>DIR</strong> points to the storage location of the collection of the

credential caches in <em>FILE:</em> format. It is most useful when dealing

with multiple Kerberos realms and KDCs. For release 1.10 the

directory must already exist. In post-1.10 releases the

@@ -106,20 +96,19 @@ process must have permissions to create the directory if it does

not exist. See <a class="reference internal" href="#col-ccache"><span class="std std-ref">Collections of caches</span></a> for details. New in release 1.10.

The following residual forms are supported:</p>

-<li>DIR:dirname</li>

-<li>DIR::dirpath/filename - a single cache within the directory</li>

+<li><p>DIR:dirname</p></li>

+<li><p>DIR::dirpath/filename - a single cache within the directory</p></li>

</ul>

<p>Switching to a ccache of the latter type causes it to become the

primary for the directory.</p>

</li>

-<li><p class="first"><strong>FILE</strong> caches are the simplest and most portable. A simple flat

+<li><p><strong>FILE</strong> caches are the simplest and most portable. A simple flat

file format is used to store one credential after another. This is

-the default ccache type if no type is specified in a ccache name.</p>

-</li>

-<li><p class="first"><strong>KCM</strong> caches work by contacting a daemon process called <code class="docutils literal"><span class="pre">kcm</span></code>

-to perform cache operations. If the cache name is just <code class="docutils literal"><span class="pre">KCM:</span></code>,

+the default ccache type if no type is specified in a ccache name.</p></li>

+<li><p><strong>KCM</strong> caches work by contacting a daemon process called <code class="docutils literal notranslate"><span class="pre">kcm</span></code>

+to perform cache operations. If the cache name is just <code class="docutils literal notranslate"><span class="pre">KCM:</span></code>,

the default cache as determined by the KCM daemon will be used.

-Newly created caches must generally be named <code class="docutils literal"><span class="pre">KCM:uid:name</span></code>,

+Newly created caches must generally be named <code class="docutils literal notranslate"><span class="pre">KCM:uid:name</span></code>,

where <em>uid</em> is the effective user ID of the running process.</p>

<p>KCM client support is new in release 1.13. A KCM daemon has not

yet been implemented in MIT krb5, but the client will interoperate

@@ -128,41 +117,39 @@ provides a KCM daemon as part of the operating system, and the

<strong>KCM</strong> cache type is used as the default cache on that platform in

a default build.</p>

</li>

-<li><p class="first"><strong>KEYRING</strong> is Linux-specific, and uses the kernel keyring support

+<li><p><strong>KEYRING</strong> is Linux-specific, and uses the kernel keyring support

to store credential data in unswappable kernel memory where only

the current user should be able to access it. The following

residual forms are supported:</p>

-<li>KEYRING:name</li>

-<li>KEYRING:process:name - process keyring</li>

-<li>KEYRING:thread:name - thread keyring</li>

+<li><p>KEYRING:name</p></li>

+<li><p>KEYRING:process:name - process keyring</p></li>

+<li><p>KEYRING:thread:name - thread keyring</p></li>

</ul>

<p>Starting with release 1.12 the <em>KEYRING</em> type supports collections.

The following new residual forms were added:</p>

-<li>KEYRING:session:name - session keyring</li>

-<li>KEYRING:user:name - user keyring</li>

-<li>KEYRING:persistent:uidnumber - persistent per-UID collection.

+<li><p>KEYRING:session:name - session keyring</p></li>

+<li><p>KEYRING:user:name - user keyring</p></li>

+<li><p>KEYRING:persistent:uidnumber - persistent per-UID collection.

Unlike the user keyring, this collection survives after the user

logs out, until the cache credentials expire. This type of

ccache requires support from the kernel; otherwise, it will fall

-back to the user keyring.</li>

+back to the user keyring.</p></li>

</ul>

<p>See <a class="reference internal" href="#col-ccache"><span class="std std-ref">Collections of caches</span></a> for details.</p>

</li>

-<li><p class="first"><strong>MEMORY</strong> caches are for storage of credentials that don’t need to

+<li><p><strong>MEMORY</strong> caches are for storage of credentials that don’t need to

be made available outside of the current process. For example, a

memory ccache is used by <a class="reference internal" href="../admin/admin_commands/kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a> to store the

administrative ticket used to contact the admin server. Memory

ccaches are faster than file ccaches and are automatically

-destroyed when the process exits.</p>

-</li>

-<li><p class="first"><strong>MSLSA</strong> is a Windows-specific cache type that accesses the

-Windows credential store.</p>

-</li>

+destroyed when the process exits.</p></li>

+<li><p><strong>MSLSA</strong> is a Windows-specific cache type that accesses the

+Windows credential store.</p></li>

</ol>

-</div>

-<div class="section" id="collections-of-caches">

+</section>

+<section id="collections-of-caches">

<span id="col-ccache"></span><h2>Collections of caches<a class="headerlink" href="#collections-of-caches" title="Permalink to this headline">¶</a></h2>

<p>Some credential cache types can support collections of multiple

caches. One of the caches in the collection is designated as the

@@ -176,43 +163,45 @@ the target service realm.</p>

from the <strong>DIR</strong> and <strong>API</strong> ccache types. Starting in release 1.12,

collections are also supported by the <strong>KEYRING</strong> ccache type.

Collections are supported by the <strong>KCM</strong> ccache type in release 1.13.</p>

-<div class="section" id="tool-alterations-to-use-cache-collection">

+<section id="tool-alterations-to-use-cache-collection">

<h3>Tool alterations to use cache collection<a class="headerlink" href="#tool-alterations-to-use-cache-collection" title="Permalink to this headline">¶</a></h3>

-<li><a class="reference internal" href="../user/user_commands/kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a> <em>-A</em> will destroy all caches in the collection.</li>

-<li>If the default cache type supports switching, <a class="reference internal" href="../user/user_commands/kinit.html#kinit-1"><span class="std std-ref">kinit</span></a>

+<li><p><a class="reference internal" href="../user/user_commands/kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a> <em>-A</em> will destroy all caches in the collection.</p></li>

+<li><p>If the default cache type supports switching, <a class="reference internal" href="../user/user_commands/kinit.html#kinit-1"><span class="std std-ref">kinit</span></a>

<em>princname</em> will search the collection for a matching cache and

store credentials there, or will store credentials in a new unique

cache of the default type if no existing cache for the principal

-exists. Either way, kinit will switch to the selected cache.</li>

-<li><a class="reference internal" href="../user/user_commands/klist.html#klist-1"><span class="std std-ref">klist</span></a> <em>-l</em> will list the caches in the collection.</li>

-<li><a class="reference internal" href="../user/user_commands/klist.html#klist-1"><span class="std std-ref">klist</span></a> <em>-A</em> will show the content of all caches in the

-collection.</li>

-<li><a class="reference internal" href="../user/user_commands/kswitch.html#kswitch-1"><span class="std std-ref">kswitch</span></a> <em>-p princname</em> will search the collection for a

-matching cache and switch to it.</li>

-<li><a class="reference internal" href="../user/user_commands/kswitch.html#kswitch-1"><span class="std std-ref">kswitch</span></a> <em>-c cachename</em> will switch to a specified cache.</li>

+exists. Either way, kinit will switch to the selected cache.</p></li>

+<li><p><a class="reference internal" href="../user/user_commands/klist.html#klist-1"><span class="std std-ref">klist</span></a> <em>-l</em> will list the caches in the collection.</p></li>

+<li><p><a class="reference internal" href="../user/user_commands/klist.html#klist-1"><span class="std std-ref">klist</span></a> <em>-A</em> will show the content of all caches in the

+collection.</p></li>

+<li><p><a class="reference internal" href="../user/user_commands/kswitch.html#kswitch-1"><span class="std std-ref">kswitch</span></a> <em>-p princname</em> will search the collection for a

+matching cache and switch to it.</p></li>

+<li><p><a class="reference internal" href="../user/user_commands/kswitch.html#kswitch-1"><span class="std std-ref">kswitch</span></a> <em>-c cachename</em> will switch to a specified cache.</p></li>

</ul>

-</div>

-<div class="section" id="default-ccache-name">

+</section>

+<section id="default-ccache-name">

<h2>Default ccache name<a class="headerlink" href="#default-ccache-name" title="Permalink to this headline">¶</a></h2>

<p>The default credential cache name is determined by the following, in

descending order of priority:</p>

-<li>The <strong>KRB5CCNAME</strong> environment variable. For example,

-<code class="docutils literal"><span class="pre">KRB5CCNAME=DIR:/mydir/</span></code>.</li>

-<li>The <strong>default_ccache_name</strong> profile variable in <a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>.</li>

-<li>The hardcoded default, <a class="reference internal" href="../mitK5defaults.html#paths"><span class="std std-ref">DEFCCNAME</span></a>.</li>

+<li><p>The <strong>KRB5CCNAME</strong> environment variable. For example,

+<code class="docutils literal notranslate"><span class="pre">KRB5CCNAME=DIR:/mydir/</span></code>.</p></li>

+<li><p>The <strong>default_ccache_name</strong> profile variable in <a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>.</p></li>

+<li><p>The hardcoded default, <a class="reference internal" href="../mitK5defaults.html#paths"><span class="std std-ref">DEFCCNAME</span></a>.</p></li>

</ol>

-</div>

+</section>

+ <div class="clearer"></div>

</div>

<ul>

<li><a class="reference internal" href="#">Credential cache</a><ul>

@@ -258,6 +247,7 @@ descending order of priority:</p>

</form>

</div>

</div>

@@ -265,8 +255,8 @@ descending order of priority:</p>

- <div class="right" ><i>Release: 1.21.2</i><br />

+ <div class="right" ><i>Release: 1.21.3</i><br />

+ © <a href="../copyright.html">Copyright</a> 1985-2024, MIT.

</div>

diff --git a/doc/html/basic/date_format.html b/doc/html/basic/date_format.html
index 5c53c359914b..a32cb472515b 100644
--- a/doc/html/basic/date_format.html
+++ b/doc/html/basic/date_format.html

@@ -1,35 +1,26 @@

-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<!DOCTYPE html>

-<html xmlns="http://www.w3.org/1999/xhtml">

+<html>

<head>

- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

+ <meta charset="utf-8" />

+ <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />

<title>Supported date and time formats — MIT Kerberos Documentation</title>

- <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />

- <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />

- <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />

- <script type="text/javascript">

- var DOCUMENTATION_OPTIONS = {

- URL_ROOT: '../',

- VERSION: '1.21.2',

- COLLAPSE_INDEX: false,

- FILE_SUFFIX: '.html',

- HAS_SOURCE: true,

- SOURCELINK_SUFFIX: '.txt'

- };

- </script>

- <script type="text/javascript" src="../_static/jquery.js"></script>

- <script type="text/javascript" src="../_static/underscore.js"></script>

- <script type="text/javascript" src="../_static/doctools.js"></script>

+ <link rel="stylesheet" type="text/css" href="../_static/pygments.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/agogo.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/kerb.css" />

+ <script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script>

+ <script src="../_static/jquery.js"></script>

+ <script src="../_static/underscore.js"></script>

+ <script src="../_static/doctools.js"></script>

- </head>

- <body>

+ </head><body>

@@ -61,35 +52,35 @@

- <div class="section" id="supported-date-and-time-formats">

+ <section id="supported-date-and-time-formats">

<span id="datetime"></span><h1>Supported date and time formats<a class="headerlink" href="#supported-date-and-time-formats" title="Permalink to this headline">¶</a></h1>

-<div class="section" id="time-duration">

+<section id="time-duration">

<span id="duration"></span><h2>Time duration<a class="headerlink" href="#time-duration" title="Permalink to this headline">¶</a></h2>

<p>This format is used to express a time duration in the Kerberos

configuration files and user commands. The allowed formats are:</p>

-<div><table border="1" class="docutils">

+<div><table class="docutils align-default">

-<col width="40%" />

-<col width="25%" />

-<col width="35%" />

+<col style="width: 40%" />

+<col style="width: 25%" />

+<col style="width: 35%" />

</colgroup>

-<tbody valign="top">

-<tr class="row-odd"><td>Format</td>

-<td>Example</td>

-<td>Value</td>

+<tbody>

+<tr class="row-odd"><td><p>Format</p></td>

+<td><p>Example</p></td>

+<td><p>Value</p></td>

</tr>

-<tr class="row-even"><td>h:m[:s]</td>

-<td>36:00</td>

-<td>36 hours</td>

+<tr class="row-even"><td><p>h:m[:s]</p></td>

+<td><p>36:00</p></td>

+<td><p>36 hours</p></td>

</tr>

-<tr class="row-odd"><td>NdNhNmNs</td>

-<td>8h30s</td>

-<td>8 hours 30 seconds</td>

+<tr class="row-odd"><td><p>NdNhNmNs</p></td>

+<td><p>8h30s</p></td>

+<td><p>8 hours 30 seconds</p></td>

</tr>

-<tr class="row-even"><td>N (number of seconds)</td>

-<td>3600</td>

-<td>1 hour</td>

+<tr class="row-even"><td><p>N (number of seconds)</p></td>

+<td><p>3600</p></td>

+<td><p>1 hour</p></td>

</tr>

</tbody>

</table>

@@ -97,11 +88,11 @@ configuration files and user commands. The allowed formats are:</p>

<p>Here <em>N</em> denotes a number, <em>d</em> - days, <em>h</em> - hours, <em>m</em> - minutes,

<em>s</em> - seconds.</p>

-<p class="first admonition-title">Note</p>

-<p class="last">The time interval should not exceed 2147483647 seconds.</p>

+<p class="admonition-title">Note</p>

+<p>The time interval should not exceed 2147483647 seconds.</p>

</div>

<p>Examples:</p>

-<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">Request</span> <span class="n">a</span> <span class="n">ticket</span> <span class="n">valid</span> <span class="k">for</span> <span class="n">one</span> <span class="n">hour</span><span class="p">,</span> <span class="n">five</span> <span class="n">hours</span><span class="p">,</span> <span class="mi">30</span> <span class="n">minutes</span>

+<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">Request</span> <span class="n">a</span> <span class="n">ticket</span> <span class="n">valid</span> <span class="k">for</span> <span class="n">one</span> <span class="n">hour</span><span class="p">,</span> <span class="n">five</span> <span class="n">hours</span><span class="p">,</span> <span class="mi">30</span> <span class="n">minutes</span>

<span class="ow">and</span> <span class="mi">10</span> <span class="n">days</span> <span class="n">respectively</span><span class="p">:</span>

<span class="n">kinit</span> <span class="o">-</span><span class="n">l</span> <span class="mi">3600</span>

@@ -110,62 +101,62 @@ configuration files and user commands. The allowed formats are:</p>

<span class="n">kinit</span> <span class="o">-</span><span class="n">l</span> <span class="s2">"10d 0h 0m 0s"</span>

</pre></div>

</div>

-</div>

-<div class="section" id="getdate-time">

+</section>

+<section id="getdate-time">

<span id="getdate"></span><h2>getdate time<a class="headerlink" href="#getdate-time" title="Permalink to this headline">¶</a></h2>

<p>Some of the kadmin and kdb5_util commands take a date-time in a

human-readable format. Some of the acceptable date-time

strings are:</p>

-<div><table border="1" class="docutils">

+<div><table class="docutils align-default">

-<col width="24%" />

-<col width="39%" />

-<col width="37%" />

+<col style="width: 24%" />

+<col style="width: 39%" />

+<col style="width: 37%" />

</colgroup>

-<thead valign="bottom">

-<tr class="row-odd"><th class="head"> </th>

-<th class="head">Format</th>

-<th class="head">Example</th>

+<thead>

+<tr class="row-odd"><th class="head"></th>

+<th class="head"><p>Format</p></th>

+<th class="head"><p>Example</p></th>

</tr>

</thead>

-<tbody valign="top">

-<tr class="row-even"><td rowspan="3">Date</td>

-<td>mm/dd/yy</td>

-<td>07/27/12</td>

+<tbody>

+<tr class="row-even"><td rowspan="3"><p>Date</p></td>

+<td><p>mm/dd/yy</p></td>

+<td><p>07/27/12</p></td>

</tr>

-<tr class="row-odd"><td>month dd, yyyy</td>

-<td>Jul 27, 2012</td>

+<tr class="row-odd"><td><p>month dd, yyyy</p></td>

+<td><p>Jul 27, 2012</p></td>

</tr>

-<tr class="row-even"><td>yyyy-mm-dd</td>

-<td>2012-07-27</td>

+<tr class="row-even"><td><p>yyyy-mm-dd</p></td>

+<td><p>2012-07-27</p></td>

</tr>

-<tr class="row-odd"><td rowspan="2">Absolute

-time</td>

-<td>HH:mm[:ss]pp</td>

-<td>08:30 PM</td>

+<tr class="row-odd"><td rowspan="2"><p>Absolute

+time</p></td>

+<td><p>HH:mm[:ss]pp</p></td>

+<td><p>08:30 PM</p></td>

</tr>

-<tr class="row-even"><td>hh:mm[:ss]</td>

-<td>20:30</td>

+<tr class="row-even"><td><p>hh:mm[:ss]</p></td>

+<td><p>20:30</p></td>

</tr>

-<tr class="row-odd"><td>Relative

-time</td>

-<td>N tt</td>

-<td>30 sec</td>

+<tr class="row-odd"><td><p>Relative

+time</p></td>

+<td><p>N tt</p></td>

+<td><p>30 sec</p></td>

</tr>

-<tr class="row-even"><td rowspan="2">Time zone</td>

-<td>Z</td>

-<td>EST</td>

+<tr class="row-even"><td rowspan="2"><p>Time zone</p></td>

+<td><p>Z</p></td>

+<td><p>EST</p></td>

</tr>

-<tr class="row-odd"><td>z</td>

-<td>-0400</td>

+<tr class="row-odd"><td><p>z</p></td>

+<td><p>-0400</p></td>

</tr>

</tbody>

</table>

</div></blockquote>

<p>(See <a class="reference internal" href="#abbreviation"><span class="std std-ref">Abbreviations used in this document</span></a>.)</p>

<p>Examples:</p>

-<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">Create</span> <span class="n">a</span> <span class="n">principal</span> <span class="n">that</span> <span class="n">expires</span> <span class="n">on</span> <span class="n">the</span> <span class="n">date</span> <span class="n">indicated</span><span class="p">:</span>

+<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">Create</span> <span class="n">a</span> <span class="n">principal</span> <span class="n">that</span> <span class="n">expires</span> <span class="n">on</span> <span class="n">the</span> <span class="n">date</span> <span class="n">indicated</span><span class="p">:</span>

<span class="n">addprinc</span> <span class="n">test1</span> <span class="o">-</span><span class="n">expire</span> <span class="s2">"3/27/12 10:00:07 EST"</span>

<span class="n">addprinc</span> <span class="n">test2</span> <span class="o">-</span><span class="n">expire</span> <span class="s2">"January 23, 2015 10:05pm"</span>

<span class="n">addprinc</span> <span class="n">test3</span> <span class="o">-</span><span class="n">expire</span> <span class="s2">"22:00 GMT"</span>

@@ -173,60 +164,60 @@ time</td>

<span class="n">addprinc</span> <span class="n">test4</span> <span class="o">-</span><span class="n">expire</span> <span class="s2">"30 minutes"</span>

</pre></div>

</div>

-</div>

-<div class="section" id="absolute-time">

+</section>

+<section id="absolute-time">

<span id="abstime"></span><h2>Absolute time<a class="headerlink" href="#absolute-time" title="Permalink to this headline">¶</a></h2>

<p>This rarely used date-time format can be noted in one of the

following ways:</p>

-<div><table border="1" class="docutils">

+<div><table class="docutils align-default">

-<col width="40%" />

-<col width="37%" />

-<col width="23%" />

+<col style="width: 40%" />

+<col style="width: 37%" />

+<col style="width: 23%" />

</colgroup>

-<thead valign="bottom">

-<tr class="row-odd"><th class="head">Format</th>

-<th class="head">Example</th>

-<th class="head">Value</th>

+<thead>

+<tr class="row-odd"><th class="head"><p>Format</p></th>

+<th class="head"><p>Example</p></th>

+<th class="head"><p>Value</p></th>

</tr>

</thead>

-<tbody valign="top">

-<tr class="row-even"><td>yyyymmddhhmmss</td>

-<td>20141231235900</td>

-<td rowspan="5">One minute

-before 2015</td>

+<tbody>

+<tr class="row-even"><td><p>yyyymmddhhmmss</p></td>

+<td><p>20141231235900</p></td>

+<td rowspan="5"><p>One minute

+before 2015</p></td>

</tr>

-<tr class="row-odd"><td>yyyy.mm.dd.hh.mm.ss</td>

-<td>2014.12.31.23.59.00</td>

+<tr class="row-odd"><td><p>yyyy.mm.dd.hh.mm.ss</p></td>

+<td><p>2014.12.31.23.59.00</p></td>

</tr>

-<tr class="row-even"><td>yymmddhhmmss</td>

-<td>141231235900</td>

+<tr class="row-even"><td><p>yymmddhhmmss</p></td>

+<td><p>141231235900</p></td>

</tr>

-<tr class="row-odd"><td>yy.mm.dd.hh.mm.ss</td>

-<td>14.12.31.23.59.00</td>

+<tr class="row-odd"><td><p>yy.mm.dd.hh.mm.ss</p></td>

+<td><p>14.12.31.23.59.00</p></td>

</tr>

-<tr class="row-even"><td>dd-month-yyyy:hh:mm:ss</td>

-<td>31-Dec-2014:23:59:00</td>

+<tr class="row-even"><td><p>dd-month-yyyy:hh:mm:ss</p></td>

+<td><p>31-Dec-2014:23:59:00</p></td>

</tr>

-<tr class="row-odd"><td>hh:mm:ss</td>

-<td>20:00:00</td>

-<td rowspan="2">8 o’clock in

-the evening</td>

+<tr class="row-odd"><td><p>hh:mm:ss</p></td>

+<td><p>20:00:00</p></td>

+<td rowspan="2"><p>8 o’clock in

+the evening</p></td>

</tr>

-<tr class="row-even"><td>hhmmss</td>

-<td>200000</td>

+<tr class="row-even"><td><p>hhmmss</p></td>

+<td><p>200000</p></td>

</tr>

</tbody>

</table>

</div></blockquote>

<p>(See <a class="reference internal" href="#abbreviation"><span class="std std-ref">Abbreviations used in this document</span></a>.)</p>

<p>Example:</p>

-<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">Set</span> <span class="n">the</span> <span class="n">default</span> <span class="n">expiration</span> <span class="n">date</span> <span class="n">to</span> <span class="n">July</span> <span class="mi">27</span><span class="p">,</span> <span class="mi">2012</span> <span class="n">at</span> <span class="mi">20</span><span class="p">:</span><span class="mi">30</span>

+<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">Set</span> <span class="n">the</span> <span class="n">default</span> <span class="n">expiration</span> <span class="n">date</span> <span class="n">to</span> <span class="n">July</span> <span class="mi">27</span><span class="p">,</span> <span class="mi">2012</span> <span class="n">at</span> <span class="mi">20</span><span class="p">:</span><span class="mi">30</span>

<span class="n">default_principal_expiration</span> <span class="o">=</span> <span class="mi">20120727203000</span>

</pre></div>

</div>

-<div class="section" id="abbreviations-used-in-this-document">

+<section id="abbreviations-used-in-this-document">

<span id="abbreviation"></span><h3>Abbreviations used in this document<a class="headerlink" href="#abbreviations-used-in-this-document" title="Permalink to this headline">¶</a></h3>

<div class="line"><em>month</em> : locale’s month name or its abbreviation;</div>

@@ -244,23 +235,25 @@ the evening</td>

<div class="line"><em>z</em> : numeric time zone;</div>

</div>

-<p class="first admonition-title">Note</p>

-<ul class="last simple">

-<li>If the date specification contains spaces, you may need to

-enclose it in double quotes;</li>

-<li>All keywords are case-insensitive.</li>

+<p class="admonition-title">Note</p>

+<ul class="simple">

+<li><p>If the date specification contains spaces, you may need to

+enclose it in double quotes;</p></li>

+<li><p>All keywords are case-insensitive.</p></li>

</ul>

</div>

-</div>

+</section>

+ <div class="clearer"></div>

</div>

<ul>

<li><a class="reference internal" href="#">Supported date and time formats</a><ul>

@@ -306,6 +299,7 @@ enclose it in double quotes;</li>

</form>

</div>

</div>

@@ -313,8 +307,8 @@ enclose it in double quotes;</li>

- <div class="right" ><i>Release: 1.21.2</i><br />

+ <div class="right" ><i>Release: 1.21.3</i><br />

+ © <a href="../copyright.html">Copyright</a> 1985-2024, MIT.

</div>

diff --git a/doc/html/basic/index.html b/doc/html/basic/index.html
index 8239c11d0b18..0a84a1d76a04 100644
--- a/doc/html/basic/index.html
+++ b/doc/html/basic/index.html

@@ -1,35 +1,26 @@

-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<!DOCTYPE html>

-<html xmlns="http://www.w3.org/1999/xhtml">

+<html>

<head>

- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

+ <meta charset="utf-8" />

+ <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />

<title>Kerberos V5 concepts — MIT Kerberos Documentation</title>

- <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />

- <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />

- <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />

- <script type="text/javascript">

- var DOCUMENTATION_OPTIONS = {

- URL_ROOT: '../',

- VERSION: '1.21.2',

- COLLAPSE_INDEX: false,

- FILE_SUFFIX: '.html',

- HAS_SOURCE: true,

- SOURCELINK_SUFFIX: '.txt'

- };

- </script>

- <script type="text/javascript" src="../_static/jquery.js"></script>

- <script type="text/javascript" src="../_static/underscore.js"></script>

- <script type="text/javascript" src="../_static/doctools.js"></script>

+ <link rel="stylesheet" type="text/css" href="../_static/pygments.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/agogo.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/kerb.css" />

+ <script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script>

+ <script src="../_static/jquery.js"></script>

+ <script src="../_static/underscore.js"></script>

+ <script src="../_static/doctools.js"></script>

- </head>

- <body>

+ </head><body>

@@ -61,7 +52,7 @@

- <div class="section" id="kerberos-v5-concepts">

+ <section id="kerberos-v5-concepts">

<span id="basic-concepts"></span><h1>Kerberos V5 concepts<a class="headerlink" href="#kerberos-v5-concepts" title="Permalink to this headline">¶</a></h1>

<ul>

@@ -72,14 +63,16 @@

<li class="toctree-l1"><a class="reference internal" href="date_format.html">Supported date and time formats</a></li>

</ul>

</div>

-</div>

+</section>

+ <div class="clearer"></div>

</div>

<ul>

<li><a class="reference internal" href="#">Kerberos V5 concepts</a></li>

@@ -117,6 +110,7 @@

</form>

</div>

</div>

@@ -124,8 +118,8 @@

- <div class="right" ><i>Release: 1.21.2</i><br />

+ <div class="right" ><i>Release: 1.21.3</i><br />

+ © <a href="../copyright.html">Copyright</a> 1985-2024, MIT.

</div>

diff --git a/doc/html/basic/keytab_def.html b/doc/html/basic/keytab_def.html
index 5cb1e5dff780..e92a57ff4c04 100644
--- a/doc/html/basic/keytab_def.html
+++ b/doc/html/basic/keytab_def.html

@@ -1,35 +1,26 @@

-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<!DOCTYPE html>

-<html xmlns="http://www.w3.org/1999/xhtml">

+<html>

<head>

- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

+ <meta charset="utf-8" />

+ <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />

<title>keytab — MIT Kerberos Documentation</title>

- <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />

- <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />

- <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />

- <script type="text/javascript">

- var DOCUMENTATION_OPTIONS = {

- URL_ROOT: '../',

- VERSION: '1.21.2',

- COLLAPSE_INDEX: false,

- FILE_SUFFIX: '.html',

- HAS_SOURCE: true,

- SOURCELINK_SUFFIX: '.txt'

- };

- </script>

- <script type="text/javascript" src="../_static/jquery.js"></script>

- <script type="text/javascript" src="../_static/underscore.js"></script>

- <script type="text/javascript" src="../_static/doctools.js"></script>

+ <link rel="stylesheet" type="text/css" href="../_static/pygments.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/agogo.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/kerb.css" />

+ <script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script>

+ <script src="../_static/jquery.js"></script>

+ <script src="../_static/underscore.js"></script>

+ <script src="../_static/doctools.js"></script>

- </head>

- <body>

+ </head><body>

@@ -61,7 +52,7 @@

- <div class="section" id="keytab">

+ <section id="keytab">

<span id="keytab-definition"></span><h1>keytab<a class="headerlink" href="#keytab" title="Permalink to this headline">¶</a></h1>

<p>A keytab (short for “key table”) stores long-term keys for one or more

principals. Keytabs are normally represented by files in a standard

@@ -69,31 +60,31 @@ format, although in rare cases they can be represented in other ways.

Keytabs are used most often to allow server applications to accept

authentications from clients, but can also be used to obtain initial

credentials for client applications.</p>

-<p>Keytabs are named using the format <em>type</em><code class="docutils literal"><span class="pre">:</span></code><em>value</em>. Usually

-<em>type</em> is <code class="docutils literal"><span class="pre">FILE</span></code> and <em>value</em> is the absolute pathname of the file.

-The other possible value for <em>type</em> is <code class="docutils literal"><span class="pre">MEMORY</span></code>, which indicates a

+<p>Keytabs are named using the format <em>type</em><code class="docutils literal notranslate"><span class="pre">:</span></code><em>value</em>. Usually

+<em>type</em> is <code class="docutils literal notranslate"><span class="pre">FILE</span></code> and <em>value</em> is the absolute pathname of the file.

+The other possible value for <em>type</em> is <code class="docutils literal notranslate"><span class="pre">MEMORY</span></code>, which indicates a

temporary keytab stored in the memory of the current process.</p>

<p>A keytab contains one or more entries, where each entry consists of a

timestamp (indicating when the entry was written to the keytab), a

principal name, a key version number, an encryption type, and the

encryption key itself.</p>

<p>A keytab can be displayed using the <a class="reference internal" href="../user/user_commands/klist.html#klist-1"><span class="std std-ref">klist</span></a> command with the

-<code class="docutils literal"><span class="pre">-k</span></code> option. Keytabs can be created or appended to by extracting

+<code class="docutils literal notranslate"><span class="pre">-k</span></code> option. Keytabs can be created or appended to by extracting

keys from the KDC database using the <a class="reference internal" href="../admin/admin_commands/kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a> <a class="reference internal" href="../admin/admin_commands/kadmin_local.html#ktadd"><span class="std std-ref">ktadd</span></a>

command. Keytabs can be manipulated using the <a class="reference internal" href="../admin/admin_commands/ktutil.html#ktutil-1"><span class="std std-ref">ktutil</span></a> and

<a class="reference internal" href="../admin/admin_commands/k5srvutil.html#k5srvutil-1"><span class="std std-ref">k5srvutil</span></a> commands.</p>

-<div class="section" id="default-keytab">

+<section id="default-keytab">

<h2>Default keytab<a class="headerlink" href="#default-keytab" title="Permalink to this headline">¶</a></h2>

<p>The default keytab is used by server applications if the application

does not request a specific keytab. The name of the default keytab is

determined by the following, in decreasing order of preference:</p>

-<li>The <strong>KRB5_KTNAME</strong> environment variable.</li>

-<li>The <strong>default_keytab_name</strong> profile variable in <a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>.</li>

-<li>The hardcoded default, <a class="reference internal" href="../mitK5defaults.html#paths"><span class="std std-ref">DEFKTNAME</span></a>.</li>

+<li><p>The <strong>KRB5_KTNAME</strong> environment variable.</p></li>

+<li><p>The <strong>default_keytab_name</strong> profile variable in <a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>.</p></li>

+<li><p>The hardcoded default, <a class="reference internal" href="../mitK5defaults.html#paths"><span class="std std-ref">DEFKTNAME</span></a>.</p></li>

</ol>

-</div>

-<div class="section" id="default-client-keytab">

+</section>

+<section id="default-client-keytab">

<h2>Default client keytab<a class="headerlink" href="#default-client-keytab" title="Permalink to this headline">¶</a></h2>

<p>The default client keytab is used, if it is present and readable, to

automatically obtain initial credentials for GSSAPI client

@@ -102,20 +93,22 @@ keytab is used by default when obtaining initial credentials. The

name of the default client keytab is determined by the following, in

decreasing order of preference:</p>

-<li>The <strong>KRB5_CLIENT_KTNAME</strong> environment variable.</li>

-<li>The <strong>default_client_keytab_name</strong> profile variable in

-<a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>.</li>

-<li>The hardcoded default, <a class="reference internal" href="../mitK5defaults.html#paths"><span class="std std-ref">DEFCKTNAME</span></a>.</li>

+<li><p>The <strong>KRB5_CLIENT_KTNAME</strong> environment variable.</p></li>

+<li><p>The <strong>default_client_keytab_name</strong> profile variable in

+<a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>.</p></li>

+<li><p>The hardcoded default, <a class="reference internal" href="../mitK5defaults.html#paths"><span class="std std-ref">DEFCKTNAME</span></a>.</p></li>

</ol>

-</div>

+</section>

+ <div class="clearer"></div>

</div>

<ul>

<li><a class="reference internal" href="#">keytab</a><ul>

@@ -157,6 +150,7 @@ decreasing order of preference:</p>

</form>

</div>

</div>

@@ -164,8 +158,8 @@ decreasing order of preference:</p>

- <div class="right" ><i>Release: 1.21.2</i><br />

+ <div class="right" ><i>Release: 1.21.3</i><br />

</div>

diff --git a/doc/html/basic/rcache_def.html b/doc/html/basic/rcache_def.html
index d3c61819c90c..3e8d53a4723c 100644
--- a/doc/html/basic/rcache_def.html
+++ b/doc/html/basic/rcache_def.html

@@ -1,35 +1,26 @@

-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<!DOCTYPE html>

-<html xmlns="http://www.w3.org/1999/xhtml">

+<html>

<head>

- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

+ <meta charset="utf-8" />

+ <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />

<title>replay cache — MIT Kerberos Documentation</title>

- <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />

- <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />

- <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />

- <script type="text/javascript">

- var DOCUMENTATION_OPTIONS = {

- URL_ROOT: '../',

- VERSION: '1.21.2',

- COLLAPSE_INDEX: false,

- FILE_SUFFIX: '.html',

- HAS_SOURCE: true,

- SOURCELINK_SUFFIX: '.txt'

- };

- </script>

- <script type="text/javascript" src="../_static/jquery.js"></script>

- <script type="text/javascript" src="../_static/underscore.js"></script>

- <script type="text/javascript" src="../_static/doctools.js"></script>

+ <link rel="stylesheet" type="text/css" href="../_static/pygments.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/agogo.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/kerb.css" />

+ <script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script>

+ <script src="../_static/jquery.js"></script>

+ <script src="../_static/underscore.js"></script>

+ <script src="../_static/doctools.js"></script>

- </head>

- <body>

+ </head><body>

@@ -61,7 +52,7 @@

- <div class="section" id="replay-cache">

+ <section id="replay-cache">

<span id="rcache-definition"></span><h1>replay cache<a class="headerlink" href="#replay-cache" title="Permalink to this headline">¶</a></h1>

<p>A replay cache (or “rcache”) keeps track of all authenticators

recently presented to a service. If a duplicate authentication

@@ -71,7 +62,7 @@ the application program.</p>

<a class="reference internal" href="keytab_def.html#keytab-definition"><span class="std std-ref">keytab</span></a> interfaces, uses <cite>type:residual</cite> strings to

indicate the type of replay cache and any associated cache naming

data to use.</p>

-<div class="section" id="background-information">

+<section id="background-information">

<h2>Background information<a class="headerlink" href="#background-information" title="Permalink to this headline">¶</a></h2>

<p>Some Kerberos or GSSAPI services use a simple authentication mechanism

where a message is sent containing an authenticator, which establishes

@@ -110,60 +101,62 @@ indicate a successful authentication before the client sends

additional messages), or if the simple act of presenting the

authenticator triggers some interesting action in the service being

attacked.</p>

-</div>

-<div class="section" id="replay-cache-types">

+</section>

+<section id="replay-cache-types">

<h2>Replay cache types<a class="headerlink" href="#replay-cache-types" title="Permalink to this headline">¶</a></h2>

<p>Unlike the credential cache and keytab interfaces, replay cache types

are in lowercase. The following types are defined:</p>

-<li><strong>none</strong> disables the replay cache. The residual value is ignored.</li>

-<li><strong>file2</strong> (new in release 1.18) uses a hash-based format to store

+<li><p><strong>none</strong> disables the replay cache. The residual value is ignored.</p></li>

+<li><p><strong>file2</strong> (new in release 1.18) uses a hash-based format to store

replay records. The file may grow to accommodate hash collisions.

-The residual value is the filename.</li>

-<li><strong>dfl</strong> is the default type if no environment variable or

+The residual value is the filename.</p></li>

+<li><p><strong>dfl</strong> is the default type if no environment variable or

configuration specifies a different type. It stores replay data in

a file2 replay cache with a filename based on the effective uid.

-The residual value is ignored.</li>

+The residual value is ignored.</p></li>

</ol>

<p>For the dfl type, the location of the replay cache file is determined

as follows:</p>

-<li>The directory is taken from the <strong>KRB5RCACHEDIR</strong> environment

+<li><p>The directory is taken from the <strong>KRB5RCACHEDIR</strong> environment

variable, or the <strong>TMPDIR</strong> environment variable, or a temporary

-directory determined at configuration time such as <code class="docutils literal"><span class="pre">/var/tmp</span></code>, in

-descending order of preference.</li>

-<li>The filename is <code class="docutils literal"><span class="pre">krb5_EUID.rcache2</span></code> where EUID is the effective

-uid of the process.</li>

-<li>The file is opened without following symbolic links, and ownership

-of the file is verified to match the effective uid.</li>

+directory determined at configuration time such as <code class="docutils literal notranslate"><span class="pre">/var/tmp</span></code>, in

+descending order of preference.</p></li>

+<li><p>The filename is <code class="docutils literal notranslate"><span class="pre">krb5_EUID.rcache2</span></code> where EUID is the effective

+uid of the process.</p></li>

+<li><p>The file is opened without following symbolic links, and ownership

+of the file is verified to match the effective uid.</p></li>

</ol>

<p>On Windows, the directory for the dfl type is the local appdata

directory, unless overridden by the <strong>KRB5RCACHEDIR</strong> environment

-variable. The filename on Windows is <code class="docutils literal"><span class="pre">krb5.rcache2</span></code>, and the file

+variable. The filename on Windows is <code class="docutils literal notranslate"><span class="pre">krb5.rcache2</span></code>, and the file

is opened normally.</p>

-</div>

-<div class="section" id="default-replay-cache-name">

+</section>

+<section id="default-replay-cache-name">

<h2>Default replay cache name<a class="headerlink" href="#default-replay-cache-name" title="Permalink to this headline">¶</a></h2>

<p>The default replay cache name is determined by the following, in

descending order of priority:</p>

-<li>The <strong>KRB5RCACHENAME</strong> environment variable (new in release 1.18).</li>

-<li>The <strong>KRB5RCACHETYPE</strong> environment variable. If this variable is

-set, the residual value is empty.</li>

-<li>The <strong>default_rcache_name</strong> profile variable in <a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>

-(new in release 1.18).</li>

-<li>If none of the above are set, the default replay cache name is

-<code class="docutils literal"><span class="pre">dfl:</span></code>.</li>

+<li><p>The <strong>KRB5RCACHENAME</strong> environment variable (new in release 1.18).</p></li>

+<li><p>The <strong>KRB5RCACHETYPE</strong> environment variable. If this variable is

+set, the residual value is empty.</p></li>

+<li><p>The <strong>default_rcache_name</strong> profile variable in <a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>

+(new in release 1.18).</p></li>

+<li><p>If none of the above are set, the default replay cache name is

+<code class="docutils literal notranslate"><span class="pre">dfl:</span></code>.</p></li>

</ol>

-</div>

+</section>

+ <div class="clearer"></div>

</div>

<ul>

<li><a class="reference internal" href="#">replay cache</a><ul>

@@ -206,6 +199,7 @@ set, the residual value is empty.</li>

</form>

</div>

</div>

@@ -213,8 +207,8 @@ set, the residual value is empty.</li>

- <div class="right" ><i>Release: 1.21.2</i><br />

+ <div class="right" ><i>Release: 1.21.3</i><br />

</div>

diff --git a/doc/html/basic/stash_file_def.html b/doc/html/basic/stash_file_def.html
index aa91e9c5aa08..b993668fd15a 100644
--- a/doc/html/basic/stash_file_def.html
+++ b/doc/html/basic/stash_file_def.html

@@ -1,35 +1,26 @@

-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<!DOCTYPE html>

-<html xmlns="http://www.w3.org/1999/xhtml">

+<html>

<head>

- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

+ <meta charset="utf-8" />

+ <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />

<title>stash file — MIT Kerberos Documentation</title>

- <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />

- <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />

- <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />

- <script type="text/javascript">

- var DOCUMENTATION_OPTIONS = {

- URL_ROOT: '../',

- VERSION: '1.21.2',

- COLLAPSE_INDEX: false,

- FILE_SUFFIX: '.html',

- HAS_SOURCE: true,

- SOURCELINK_SUFFIX: '.txt'

- };

- </script>

- <script type="text/javascript" src="../_static/jquery.js"></script>

- <script type="text/javascript" src="../_static/underscore.js"></script>

- <script type="text/javascript" src="../_static/doctools.js"></script>

+ <link rel="stylesheet" type="text/css" href="../_static/pygments.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/agogo.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/kerb.css" />

+ <script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script>

+ <script src="../_static/jquery.js"></script>

+ <script src="../_static/underscore.js"></script>

+ <script src="../_static/doctools.js"></script>

- </head>

- <body>

+ </head><body>

@@ -61,7 +52,7 @@

- <div class="section" id="stash-file">

+ <section id="stash-file">

<span id="stash-definition"></span><h1>stash file<a class="headerlink" href="#stash-file" title="Permalink to this headline">¶</a></h1>

<p>The stash file is a local copy of the master key that resides in

encrypted form on the KDC’s local disk. The stash file is used to

@@ -76,18 +67,20 @@ The file should not be part of any backup of the machine, unless

access to the backup data is secured as tightly as access to the

master password itself.</p>

-<p class="first admonition-title">Note</p>

-<p class="last">If you choose not to install a stash file, the KDC will prompt you for the master key each time it starts up.

+<p class="admonition-title">Note</p>

+<p>If you choose not to install a stash file, the KDC will prompt you for the master key each time it starts up.

This means that the KDC will not be able to start automatically, such as after a system reboot.</p>

</div>

-</div>

+</section>

+ <div class="clearer"></div>

</div>

<ul>

<li><a class="reference internal" href="#">stash file</a></li>

@@ -125,6 +118,7 @@ This means that the KDC will not be able to start automatically, such as after a

</form>

</div>

</div>

@@ -132,8 +126,8 @@ This means that the KDC will not be able to start automatically, such as after a

- <div class="right" ><i>Release: 1.21.2</i><br />

+ <div class="right" ><i>Release: 1.21.3</i><br />

</div>