diff options
38 files changed, 4521 insertions, 4298 deletions
@@ -40,7 +40,7 @@ nationals of those countries. Documentation components of this software distribution are licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. -(http://creativecommons.org/licenses/by-sa/3.0/) +(https://creativecommons.org/licenses/by-sa/3.0/) Individual source code files are copyright MIT, Cygnus Support, Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems, @@ -137,8 +137,9 @@ Portions of "src/lib/crypto" have the following copyright: The implementation of the AES encryption algorithm in "src/lib/crypto/builtin/aes" has the following copyright: - Copyright (C) 2001, Dr Brian Gladman "brg@gladman.uk.net", Worcester, UK. - All rights reserved. + Copyright (C) 2001, Dr Brian Gladman "brg@gladman.uk.net", + Worcester, UK. + All rights reserved. LICENSE TERMS @@ -148,9 +149,9 @@ The implementation of the AES encryption algorithm in 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; - 2. distributions in binary form include the above copyright notice, - this list of conditions and the following disclaimer in the - documentation and/or other associated materials; + 2. distributions in binary form include the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other associated materials; 3. the copyright holder's name is not used to endorse products built using this software without specific written permission. @@ -167,9 +168,9 @@ Portions contributed by Red Hat, including the pre-authentication plug-in framework and the NSS crypto implementation, contain the following copyright: - Copyright (C) 2006 Red Hat, Inc. - Portions copyright (C) 2006 Massachusetts Institute of Technology - All Rights Reserved. + Copyright (C) 2006 Red Hat, Inc. + Portions copyright (C) 2006 Massachusetts Institute of Technology + All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -178,10 +179,10 @@ following copyright: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. * Neither the name of Red Hat, Inc., nor the names of its contributors may be used to endorse or promote products derived @@ -344,15 +345,16 @@ Kerberos V5 includes documentation and software developed at the University of California at Berkeley, which includes this copyright notice: - Copyright (C) 1983 Regents of the University of California. - All rights reserved. + Copyright (C) 1983 Regents of the University of California. + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following @@ -381,8 +383,8 @@ notice: Portions contributed by Novell, Inc., including the LDAP database backend, are subject to the following license: - Copyright (C) 2004-2005, Novell, Inc. - All rights reserved. + Copyright (C) 2004-2005, Novell, Inc. + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -391,10 +393,10 @@ backend, are subject to the following license: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. * The copyright holder's name is not used to endorse or promote products derived from this software without specific prior @@ -420,9 +422,9 @@ University of Michigan's Center for Information Technology Integration, including the PKINIT implementation, are subject to the following license: - COPYRIGHT (C) 2006-2007 - THE REGENTS OF THE UNIVERSITY OF MICHIGAN - ALL RIGHTS RESERVED + COPYRIGHT (C) 2006-2007 + THE REGENTS OF THE UNIVERSITY OF MICHIGAN + ALL RIGHTS RESERVED Permission is granted to use, copy, create derivative works and redistribute this software and such derivative works for any @@ -450,8 +452,8 @@ following license: The pkcs11.h file included in the PKINIT code has the following license: - Copyright 2006 g10 Code GmbH - Copyright 2006 Andreas Jellinghaus + Copyright 2006 g10 Code GmbH + Copyright 2006 Andreas Jellinghaus This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without @@ -495,22 +497,23 @@ The implementations of UTF-8 string handling in src/util/support and src/lib/krb5/unicode are subject to the following copyright and permission notice: - The OpenLDAP Public License - Version 2.8, 17 August 2003 + The OpenLDAP Public License + Version 2.8, 17 August 2003 Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions in source form must retain copyright statements - and notices, + 1. Redistributions in source form must retain copyright + statements and notices, 2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution, and - 3. Redistributions must contain a verbatim copy of this document. + 3. Redistributions must contain a verbatim copy of this + document. The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by a version number. You may use @@ -548,25 +551,26 @@ permission notice: Marked test programs in src/lib/krb5/krb have the following copyright: - Copyright (C) 2006 Kungliga Tekniska Högskola - (Royal Institute of Technology, Stockholm, Sweden). - All rights reserved. + Copyright (C) 2006 Kungliga Tekniska Högskola + (Royal Institute of Technology, Stockholm, Sweden). + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - 3. Neither the name of KTH nor the names of its contributors may be - used to endorse or promote products derived from this software - without specific prior written permission. + 3. Neither the name of KTH nor the names of its contributors may + be used to endorse or promote products derived from this + software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, @@ -635,16 +639,17 @@ src/include/gssrpc have the following copyright and permission notice: modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - 3. Neither the name of the "Oracle America, Inc." nor the names of - its contributors may be used to endorse or promote products + 3. Neither the name of the "Oracle America, Inc." nor the names + of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. @@ -670,9 +675,9 @@ src/include/gssrpc have the following copyright and permission notice: modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer as - the first lines of this file unmodified. + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer as the first lines of this file unmodified. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following @@ -731,26 +736,6 @@ src/include/gssrpc have the following copyright and permission notice: ====================================================================== -Portions extracted from Internet RFCs have the following copyright -notice: - - Copyright (C) The Internet Society (2006). - - This document is subject to the rights, licenses and restrictions - contained in BCP 78, and except as set forth therein, the authors - retain all their rights. - - This document and the information contained herein are provided on - an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE - REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND - THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT - THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR - ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A - PARTICULAR PURPOSE. - -====================================================================== - Copyright (C) 1991, 1992, 1994 by Cygnus Support. Permission to use, copy, modify, and distribute this software and @@ -791,15 +776,16 @@ notice: Portions of the implementation of the Fortuna-like PRNG are subject to the following notice: - Copyright (C) 2005 Marko Kreen - All rights reserved. + Copyright (C) 2005 Marko Kreen + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following @@ -844,8 +830,8 @@ the following notice: ====================================================================== - Copyright (C) 1995 - The President and Fellows of Harvard University + Copyright (C) 1995 + The President and Fellows of Harvard University This code is derived from software contributed to Harvard by Jeremy Rassen. @@ -854,8 +840,9 @@ the following notice: modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following @@ -887,9 +874,9 @@ the following notice: ====================================================================== - Copyright (C) 2008 by the Massachusetts Institute of Technology. - Copyright 1995 by Richard P. Basch. All Rights Reserved. - Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. + Copyright (C) 2008 by the Massachusetts Institute of Technology. + Copyright 1995 by Richard P. Basch. All Rights Reserved. + Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. Export of this software from the United States of America may require a specific license from the United States Government. It @@ -913,8 +900,8 @@ the following notice: The following notice applies to "src/lib/krb5/krb/strptime.c" and "src/include/k5-queue.h". - Copyright (C) 1997, 1998 The NetBSD Foundation, Inc. - All rights reserved. + Copyright (C) 1997, 1998 The NetBSD Foundation, Inc. + All rights reserved. This code was contributed to The NetBSD Foundation by Klaus Klein. @@ -922,8 +909,9 @@ The following notice applies to "src/lib/krb5/krb/strptime.c" and modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following @@ -936,9 +924,10 @@ The following notice applies to "src/lib/krb5/krb/strptime.c" and This product includes software developed by the NetBSD Foundation, Inc. and its contributors. - 4. Neither the name of The NetBSD Foundation nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. + 4. Neither the name of The NetBSD Foundation nor the names of + its contributors may be used to endorse or promote products + derived from this software without specific prior written + permission. THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, @@ -959,8 +948,8 @@ The following notice applies to "src/lib/krb5/krb/strptime.c" and The following notice applies to Unicode library files in "src/lib/krb5/unicode": - Copyright 1997, 1998, 1999 Computing Research Labs, - New Mexico State University + Copyright 1997, 1998, 1999 Computing Research Labs, + New Mexico State University Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation @@ -1048,8 +1037,9 @@ The following notice applies to portiions of "src/lib/rpc" and modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following @@ -1143,9 +1133,10 @@ The following notice applies to Portions of "src/lib/krb5" are subject to the following notice: - Copyright (C) 1994 CyberSAFE Corporation. - Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology. - All Rights Reserved. + Copyright (C) 1994 CyberSAFE Corporation. + Copyright 1990,1991,2007,2008 by the Massachusetts + Institute of Technology. + All Rights Reserved. Export of this software from the United States of America may require a specific license from the United States Government. It @@ -1178,8 +1169,9 @@ license: modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following @@ -1217,10 +1209,10 @@ The bundled libev source code is subject to the following license: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT @@ -1252,15 +1244,15 @@ The bundled libev source code is subject to the following license: Files copied from the Intel AESNI Sample Library are subject to the following license: - Copyright (C) 2010, Intel Corporation - All rights reserved. + Copyright (C) 2010, Intel Corporation All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + * Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following diff --git a/src/config/config.guess b/src/config/config.guess index 31e01ef..18f8edc 100755 --- a/src/config/config.guess +++ b/src/config/config.guess @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2017 Free Software Foundation, Inc. +# Copyright 1992-2018 Free Software Foundation, Inc. -timestamp='2017-11-07' +timestamp='2018-08-29' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -50,7 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2017 Free Software Foundation, Inc. +Copyright 1992-2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -84,8 +84,6 @@ if test $# != 0; then exit 1 fi -trap 'exit 1' 1 2 15 - # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a @@ -96,34 +94,39 @@ trap 'exit 1' 1 2 15 # Portable tmp directory creation inspired by the Autoconf team. -set_cc_for_build=' -trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; -: ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -dummy=$tmp/dummy ; -tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; -case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; - for c in cc gcc c89 c99 ; do - if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then - CC_FOR_BUILD="$c"; break ; - fi ; - done ; - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found ; - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ; set_cc_for_build= ;' +tmp= +# shellcheck disable=SC2172 +trap 'test -z "$tmp" || rm -fr "$tmp"' 1 2 13 15 +trap 'exitcode=$?; test -z "$tmp" || rm -fr "$tmp"; exit $exitcode' 0 + +set_cc_for_build() { + : "${TMPDIR=/tmp}" + # shellcheck disable=SC2039 + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } + dummy=$tmp/dummy + case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in + ,,) echo "int x;" > "$dummy.c" + for driver in cc gcc c89 c99 ; do + if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then + CC_FOR_BUILD="$driver" + break + fi + done + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; + esac +} # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then +if test -f /.attbin/uname ; then PATH=$PATH:/.attbin ; export PATH fi @@ -132,14 +135,14 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "${UNAME_SYSTEM}" in +case "$UNAME_SYSTEM" in Linux|GNU|GNU/*) # If the system lacks a compiler, then just pick glibc. # We could probably try harder. LIBC=gnu - eval $set_cc_for_build - cat <<-EOF > $dummy.c + set_cc_for_build + cat <<-EOF > "$dummy.c" #include <features.h> #if defined(__UCLIBC__) LIBC=uclibc @@ -149,13 +152,20 @@ Linux|GNU|GNU/*) LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + + # If ldd exists, use it to detect musl libc. + if command -v ldd >/dev/null && \ + ldd --version 2>&1 | grep -q ^musl + then + LIBC=musl + fi ;; esac # Note: order is significant - the case branches are not exclusive. -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in +case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, @@ -169,30 +179,30 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ - /sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || \ + "/sbin/$sysctl" 2>/dev/null || \ + "/usr/sbin/$sysctl" 2>/dev/null || \ echo unknown)` - case "${UNAME_MACHINE_ARCH}" in + case "$UNAME_MACHINE_ARCH" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; earmv*) - arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` - endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` - machine=${arch}${endian}-unknown + arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` + machine="${arch}${endian}"-unknown ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + *) machine="$UNAME_MACHINE_ARCH"-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently (or will in the future) and ABI. - case "${UNAME_MACHINE_ARCH}" in + case "$UNAME_MACHINE_ARCH" in earm*) os=netbsdelf ;; arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build + set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then @@ -208,10 +218,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ;; esac # Determine ABI tags. - case "${UNAME_MACHINE_ARCH}" in + case "$UNAME_MACHINE_ARCH" in earm*) expr='s/^earmv[0-9]/-eabi/;s/eb$//' - abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` + abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` ;; esac # The OS release @@ -219,52 +229,55 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. - case "${UNAME_VERSION}" in + case "$UNAME_VERSION" in Debian*) release='-gnu' ;; *) - release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2` + release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}${abi}" + echo "$machine-${os}${release}${abi-}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" exit ;; *:LibertyBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" exit ;; *:MidnightBSD:*:*) - echo ${UNAME_MACHINE}-unknown-midnightbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" exit ;; *:ekkoBSD:*:*) - echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" exit ;; *:SolidBSD:*:*) - echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" exit ;; macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd${UNAME_RELEASE} + echo powerpc-unknown-mirbsd"$UNAME_RELEASE" exit ;; *:MirBSD:*:*) - echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" exit ;; *:Sortix:*:*) - echo ${UNAME_MACHINE}-unknown-sortix + echo "$UNAME_MACHINE"-unknown-sortix exit ;; *:Redox:*:*) - echo ${UNAME_MACHINE}-unknown-redox + echo "$UNAME_MACHINE"-unknown-redox exit ;; + mips:OSF1:*.*) + echo mips-dec-osf1 + exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) @@ -316,7 +329,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 @@ -325,10 +338,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos + echo "$UNAME_MACHINE"-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos + echo "$UNAME_MACHINE"-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition @@ -340,7 +353,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} + echo arm-acorn-riscix"$UNAME_RELEASE" exit ;; arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos @@ -367,38 +380,33 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) - echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" exit ;; sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux${UNAME_RELEASE} + echo i386-pc-auroraux"$UNAME_RELEASE" exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - eval $set_cc_for_build - SUN_ARCH=i386 - # If there is a compiler, see if it is configured for 64-bit objects. - # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. - # This test works for both compilers. - if [ "$CC_FOR_BUILD" != no_compiler_found ]; then - if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - SUN_ARCH=x86_64 - fi - fi - echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + UNAME_REL="`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" + case `isainfo -b` in + 32) + echo i386-pc-solaris2"$UNAME_REL" + ;; + 64) + echo x86_64-pc-solaris2"$UNAME_REL" + ;; + esac exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in @@ -407,25 +415,25 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" exit ;; sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} + echo m68k-sun-sunos"$UNAME_RELEASE" exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3 + test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) - echo m68k-sun-sunos${UNAME_RELEASE} + echo m68k-sun-sunos"$UNAME_RELEASE" ;; sun4) - echo sparc-sun-sunos${UNAME_RELEASE} + echo sparc-sun-sunos"$UNAME_RELEASE" ;; esac exit ;; aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} + echo sparc-auspex-sunos"$UNAME_RELEASE" exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not @@ -436,44 +444,44 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} + echo m68k-milan-mint"$UNAME_RELEASE" exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} + echo m68k-hades-mint"$UNAME_RELEASE" exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} + echo m68k-unknown-mint"$UNAME_RELEASE" exit ;; m68k:machten:*:*) - echo m68k-apple-machten${UNAME_RELEASE} + echo m68k-apple-machten"$UNAME_RELEASE" exit ;; powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} + echo powerpc-apple-machten"$UNAME_RELEASE" exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} + echo mips-dec-ultrix"$UNAME_RELEASE" exit ;; VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} + echo vax-dec-ultrix"$UNAME_RELEASE" exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} + echo clipper-intergraph-clix"$UNAME_RELEASE" exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" #ifdef __cplusplus #include <stdio.h> /* for printf() prototype */ int main (int argc, char *argv[]) { @@ -494,11 +502,11 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in exit (-1); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && - dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && - SYSTEM_NAME=`$dummy $dummyarg` && + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && + dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`"$dummy" "$dummyarg"` && { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} + echo mips-mips-riscos"$UNAME_RELEASE" exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax @@ -524,17 +532,17 @@ EOF AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ - [ ${TARGET_BINARY_INTERFACE}x = x ] + if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ + [ "$TARGET_BINARY_INTERFACE"x = x ] then - echo m88k-dg-dgux${UNAME_RELEASE} + echo m88k-dg-dgux"$UNAME_RELEASE" else - echo m88k-dg-dguxbcs${UNAME_RELEASE} + echo m88k-dg-dguxbcs"$UNAME_RELEASE" fi else - echo i586-dg-dgux${UNAME_RELEASE} + echo i586-dg-dgux"$UNAME_RELEASE" fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) @@ -551,7 +559,7 @@ EOF echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id @@ -563,14 +571,14 @@ EOF if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" #include <sys/systemcfg.h> main() @@ -581,7 +589,7 @@ EOF exit(0); } EOF - if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` then echo "$SYSTEM_NAME" else @@ -595,7 +603,7 @@ EOF exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc @@ -604,9 +612,9 @@ EOF IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} + echo "$IBM_ARCH"-ibm-aix"$IBM_REV" exit ;; *:AIX:*:*) echo rs6000-ibm-aix @@ -615,7 +623,7 @@ EOF echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx @@ -630,28 +638,28 @@ EOF echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + case "$UNAME_MACHINE" in 9000/31?) HP_ARCH=m68000 ;; 9000/[34]??) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in + case "$sc_cpu_version" in 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in + case "$sc_kernel_bits" in 32) HP_ARCH=hppa2.0n ;; 64) HP_ARCH=hppa2.0w ;; '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi - if [ "${HP_ARCH}" = "" ]; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + if [ "$HP_ARCH" = "" ]; then + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" #define _HPUX_SOURCE #include <stdlib.h> @@ -684,13 +692,13 @@ EOF exit (0); } EOF - (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ ${HP_ARCH} = hppa2.0w ] + if [ "$HP_ARCH" = hppa2.0w ] then - eval $set_cc_for_build + set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler @@ -709,15 +717,15 @@ EOF HP_ARCH=hppa64 fi fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} + echo "$HP_ARCH"-hp-hpux"$HPUX_REV" exit ;; ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux"$HPUX_REV" exit ;; 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" #include <unistd.h> int main () @@ -742,7 +750,7 @@ EOF exit (0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; @@ -763,9 +771,9 @@ EOF exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk + echo "$UNAME_MACHINE"-unknown-osf1mk else - echo ${UNAME_MACHINE}-unknown-osf1 + echo "$UNAME_MACHINE"-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) @@ -790,109 +798,120 @@ EOF echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" exit ;; sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} + echo sparc-unknown-bsdi"$UNAME_RELEASE" exit ;; *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" + exit ;; + arm:FreeBSD:*:*) + UNAME_PROCESSOR=`uname -p` + set_cc_for_build + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabi + else + echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabihf + fi exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` - case ${UNAME_PROCESSOR} in + case "$UNAME_PROCESSOR" in amd64) UNAME_PROCESSOR=x86_64 ;; i386) UNAME_PROCESSOR=i586 ;; esac - echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" exit ;; i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin + echo "$UNAME_MACHINE"-pc-cygwin exit ;; *:MINGW64*:*) - echo ${UNAME_MACHINE}-pc-mingw64 + echo "$UNAME_MACHINE"-pc-mingw64 exit ;; *:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 + echo "$UNAME_MACHINE"-pc-mingw32 exit ;; *:MSYS*:*) - echo ${UNAME_MACHINE}-pc-msys + echo "$UNAME_MACHINE"-pc-msys exit ;; i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 + echo "$UNAME_MACHINE"-pc-pw32 exit ;; *:Interix*:*) - case ${UNAME_MACHINE} in + case "$UNAME_MACHINE" in x86) - echo i586-pc-interix${UNAME_RELEASE} + echo i586-pc-interix"$UNAME_RELEASE" exit ;; authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix${UNAME_RELEASE} + echo x86_64-unknown-interix"$UNAME_RELEASE" exit ;; IA64) - echo ia64-unknown-interix${UNAME_RELEASE} + echo ia64-unknown-interix"$UNAME_RELEASE" exit ;; esac ;; i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin + echo "$UNAME_MACHINE"-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) - echo x86_64-unknown-cygwin + echo x86_64-pc-cygwin exit ;; prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" exit ;; - i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix + *:Minix:*:*) + echo "$UNAME_MACHINE"-unknown-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -906,63 +925,63 @@ EOF esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC=gnulibc1 ; fi - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; arc:Linux:*:* | arceb:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; arm*:Linux:*:*) - eval $set_cc_for_build + set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi else - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" exit ;; e2k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; i*86:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; k1om:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; mips:Linux:*:* | mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el @@ -976,70 +995,70 @@ EOF #endif #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`" + test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; } ;; mips64el:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; openrisc*:Linux:*:*) - echo or1k-unknown-linux-${LIBC} + echo or1k-unknown-linux-"$LIBC" exit ;; or32:Linux:*:* | or1k*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-${LIBC} + echo sparc-unknown-linux-"$LIBC" exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-${LIBC} + echo hppa64-unknown-linux-"$LIBC" exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; - PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; - *) echo hppa-unknown-linux-${LIBC} ;; + PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; + PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; + *) echo hppa-unknown-linux-"$LIBC" ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-${LIBC} + echo powerpc64-unknown-linux-"$LIBC" exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-${LIBC} + echo powerpc-unknown-linux-"$LIBC" exit ;; ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-${LIBC} + echo powerpc64le-unknown-linux-"$LIBC" exit ;; ppcle:Linux:*:*) - echo powerpcle-unknown-linux-${LIBC} + echo powerpcle-unknown-linux-"$LIBC" exit ;; riscv32:Linux:*:* | riscv64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux-${LIBC} + echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-${LIBC} + echo "$UNAME_MACHINE"-dec-linux-"$LIBC" exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1053,34 +1072,34 @@ EOF # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx + echo "$UNAME_MACHINE"-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop + echo "$UNAME_MACHINE"-unknown-stop exit ;; i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos + echo "$UNAME_MACHINE"-unknown-atheos exit ;; i*86:syllable:*:*) - echo ${UNAME_MACHINE}-pc-syllable + echo "$UNAME_MACHINE"-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} + echo i386-unknown-lynxos"$UNAME_RELEASE" exit ;; i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp + echo "$UNAME_MACHINE"-pc-msdosdjgpp exit ;; i*86:*:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" fi exit ;; i*86:*:5:[678]*) @@ -1090,12 +1109,12 @@ EOF *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}" exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` - echo ${UNAME_MACHINE}-pc-isc$UNAME_REL + echo "$UNAME_MACHINE"-pc-isc"$UNAME_REL" elif /bin/uname -X 2>/dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 @@ -1105,9 +1124,9 @@ EOF && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" else - echo ${UNAME_MACHINE}-pc-sysv32 + echo "$UNAME_MACHINE"-pc-sysv32 fi exit ;; pc:*:*:*) @@ -1127,9 +1146,9 @@ EOF exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) @@ -1149,9 +1168,9 @@ EOF test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; @@ -1160,28 +1179,28 @@ EOF test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} + echo m68k-unknown-lynxos"$UNAME_RELEASE" exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} + echo sparc-unknown-lynxos"$UNAME_RELEASE" exit ;; rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} + echo rs6000-unknown-lynxos"$UNAME_RELEASE" exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} + echo powerpc-unknown-lynxos"$UNAME_RELEASE" exit ;; SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} + echo mips-dde-sysv"$UNAME_RELEASE" exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 @@ -1192,7 +1211,7 @@ EOF *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 + echo "$UNAME_MACHINE"-sni-sysv4 else echo ns32k-sni-sysv fi @@ -1212,23 +1231,23 @@ EOF exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. - echo ${UNAME_MACHINE}-stratus-vos + echo "$UNAME_MACHINE"-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} + echo m68k-apple-aux"$UNAME_RELEASE" exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} + echo mips-nec-sysv"$UNAME_RELEASE" else - echo mips-unknown-sysv${UNAME_RELEASE} + echo mips-unknown-sysv"$UNAME_RELEASE" fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. @@ -1247,39 +1266,39 @@ EOF echo x86_64-unknown-haiku exit ;; SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} + echo sx4-nec-superux"$UNAME_RELEASE" exit ;; SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} + echo sx5-nec-superux"$UNAME_RELEASE" exit ;; SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} + echo sx6-nec-superux"$UNAME_RELEASE" exit ;; SX-7:SUPER-UX:*:*) - echo sx7-nec-superux${UNAME_RELEASE} + echo sx7-nec-superux"$UNAME_RELEASE" exit ;; SX-8:SUPER-UX:*:*) - echo sx8-nec-superux${UNAME_RELEASE} + echo sx8-nec-superux"$UNAME_RELEASE" exit ;; SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux${UNAME_RELEASE} + echo sx8r-nec-superux"$UNAME_RELEASE" exit ;; SX-ACE:SUPER-UX:*:*) - echo sxace-nec-superux${UNAME_RELEASE} + echo sxace-nec-superux"$UNAME_RELEASE" exit ;; Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} + echo powerpc-apple-rhapsody"$UNAME_RELEASE" exit ;; *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - eval $set_cc_for_build + set_cc_for_build if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi - if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ @@ -1307,7 +1326,7 @@ EOF # that Apple uses in portable devices. UNAME_PROCESSOR=x86_64 fi - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` @@ -1315,22 +1334,25 @@ EOF UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NEO-*:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk${UNAME_RELEASE} + echo neo-tandem-nsk"$UNAME_RELEASE" exit ;; NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk${UNAME_RELEASE} + echo nse-tandem-nsk"$UNAME_RELEASE" exit ;; NSR-*:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} + echo nsr-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSV-*:NONSTOP_KERNEL:*:*) + echo nsv-tandem-nsk"$UNAME_RELEASE" exit ;; NSX-*:NONSTOP_KERNEL:*:*) - echo nsx-tandem-nsk${UNAME_RELEASE} + echo nsx-tandem-nsk"$UNAME_RELEASE" exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux @@ -1339,18 +1361,19 @@ EOF echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. + # shellcheck disable=SC2154 if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi - echo ${UNAME_MACHINE}-unknown-plan9 + echo "$UNAME_MACHINE"-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 @@ -1371,14 +1394,14 @@ EOF echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} + echo mips-sei-seiux"$UNAME_RELEASE" exit ;; *:DragonFly:*:*) - echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "${UNAME_MACHINE}" in + case "$UNAME_MACHINE" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; @@ -1387,16 +1410,16 @@ EOF echo i386-pc-xenix exit ;; i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'` + echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" exit ;; i*86:rdos:*:*) - echo ${UNAME_MACHINE}-pc-rdos + echo "$UNAME_MACHINE"-pc-rdos exit ;; i*86:AROS:*:*) - echo ${UNAME_MACHINE}-pc-aros + echo "$UNAME_MACHINE"-pc-aros exit ;; x86_64:VMkernel:*:*) - echo ${UNAME_MACHINE}-unknown-esx + echo "$UNAME_MACHINE"-unknown-esx exit ;; amd64:Isilon\ OneFS:*:*) echo x86_64-unknown-onefs @@ -1405,7 +1428,7 @@ esac echo "$0: unable to guess system type" >&2 -case "${UNAME_MACHINE}:${UNAME_SYSTEM}" in +case "$UNAME_MACHINE:$UNAME_SYSTEM" in mips:Linux | mips64:Linux) # If we got here on MIPS GNU/Linux, output extra information. cat >&2 <<EOF @@ -1447,16 +1470,16 @@ hostinfo = `(hostinfo) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` -UNAME_MACHINE = ${UNAME_MACHINE} -UNAME_RELEASE = ${UNAME_RELEASE} -UNAME_SYSTEM = ${UNAME_SYSTEM} -UNAME_VERSION = ${UNAME_VERSION} +UNAME_MACHINE = "$UNAME_MACHINE" +UNAME_RELEASE = "$UNAME_RELEASE" +UNAME_SYSTEM = "$UNAME_SYSTEM" +UNAME_VERSION = "$UNAME_VERSION" EOF exit 1 # Local variables: -# eval: (add-hook 'write-file-functions 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff --git a/src/config/config.sub b/src/config/config.sub index 00f68b8..f208558 100755 --- a/src/config/config.sub +++ b/src/config/config.sub @@ -1,8 +1,8 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2017 Free Software Foundation, Inc. +# Copyright 1992-2018 Free Software Foundation, Inc. -timestamp='2017-11-23' +timestamp='2018-08-29' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -67,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>." version="\ GNU config.sub ($timestamp) -Copyright 1992-2017 Free Software Foundation, Inc. +Copyright 1992-2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -89,12 +89,12 @@ while test $# -gt 0 ; do - ) # Use stdin as input. break ;; -* ) - echo "$me: invalid option $1$help" + echo "$me: invalid option $1$help" >&2 exit 1 ;; *local*) # First pass through any local machine types. - echo $1 + echo "$1" exit ;; * ) @@ -110,1251 +110,1159 @@ case $# in exit 1;; esac -# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). -# Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` -case $maybe_os in - nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ - kopensolaris*-gnu* | cloudabi*-eabi* | \ - storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; - android-linux) - os=-linux-android - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown - ;; - *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` - else os=; fi - ;; -esac +# Split fields of configuration type +IFS="-" read -r field1 field2 field3 field4 <<EOF +$1 +EOF -### Let's recognize common machines as not being operating systems so -### that things like config.sub decstation-3100 work. We also -### recognize some manufacturers as not being operating systems, so we -### can provide default operating systems below. -case $os in - -sun*os*) - # Prevent following clause from handling this invalid input. - ;; - -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ - -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ - -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze*) - os= - basic_machine=$1 - ;; - -bluegene*) - os=-cnk - ;; - -sim | -cisco | -oki | -wec | -winbond) - os= - basic_machine=$1 - ;; - -scout) - ;; - -wrs) - os=-vxworks - basic_machine=$1 - ;; - -chorusos*) - os=-chorusos - basic_machine=$1 - ;; - -chorusrdb) - os=-chorusrdb - basic_machine=$1 - ;; - -hiux*) - os=-hiuxwe2 - ;; - -sco6) - os=-sco5v6 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5) - os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco4) - os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2.[4-9]*) - os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2v[4-9]*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5v6*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco*) - os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -isc) - os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -clix*) - basic_machine=clipper-intergraph - ;; - -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -lynx*178) - os=-lynxos178 - ;; - -lynx*5) - os=-lynxos5 +# Separate into logical components for further validation +case $1 in + *-*-*-*-*) + echo Invalid configuration \`"$1"\': more than four components >&2 + exit 1 ;; - -lynx*) - os=-lynxos + *-*-*-*) + basic_machine=$field1-$field2 + os=$field3-$field4 ;; - -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + *-*-*) + # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two + # parts + maybe_os=$field2-$field3 + case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc \ + | linux-newlib* | linux-musl* | linux-uclibc* | uclinux-uclibc* \ + | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ + | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ + | storm-chaos* | os2-emx* | rtmk-nova*) + basic_machine=$field1 + os=$maybe_os + ;; + android-linux) + basic_machine=$field1-unknown + os=linux-android + ;; + *) + basic_machine=$field1-$field2 + os=$field3 + ;; + esac ;; - -psos*) - os=-psos + *-*) + # A lone config we happen to match not fitting any pattern + case $field1-$field2 in + decstation-3100) + basic_machine=mips-dec + os= + ;; + *-*) + # Second component is usually, but not always the OS + case $field2 in + # Prevent following clause from handling this valid os + sun*os*) + basic_machine=$field1 + os=$field2 + ;; + # Manufacturers + dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ + | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ + | unicom* | ibm* | next | hp | isi* | apollo | altos* \ + | convergent* | ncr* | news | 32* | 3600* | 3100* \ + | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ + | ultra | tti* | harris | dolphin | highlevel | gould \ + | cbm | ns | masscomp | apple | axis | knuth | cray \ + | microblaze* | sim | cisco \ + | oki | wec | wrs | winbond) + basic_machine=$field1-$field2 + os= + ;; + *) + basic_machine=$field1 + os=$field2 + ;; + esac + ;; + esac ;; - -mint | -mint[0-9]*) - basic_machine=m68k-atari - os=-mint + *) + # Convert single-component short-hands not valid as part of + # multi-component configurations. + case $field1 in + 386bsd) + basic_machine=i386-pc + os=bsd + ;; + a29khif) + basic_machine=a29k-amd + os=udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=scout + ;; + alliant) + basic_machine=fx80-alliant + os= + ;; + altos | altos3068) + basic_machine=m68k-altos + os= + ;; + am29k) + basic_machine=a29k-none + os=bsd + ;; + amdahl) + basic_machine=580-amdahl + os=sysv + ;; + amiga) + basic_machine=m68k-unknown + os= + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=bsd + ;; + aros) + basic_machine=i386-pc + os=aros + ;; + aux) + basic_machine=m68k-apple + os=aux + ;; + balance) + basic_machine=ns32k-sequent + os=dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=linux + ;; + cegcc) + basic_machine=arm-unknown + os=cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=bsd + ;; + convex-c2) + basic_machine=c2-convex + os=bsd + ;; + convex-c32) + basic_machine=c32-convex + os=bsd + ;; + convex-c34) + basic_machine=c34-convex + os=bsd + ;; + convex-c38) + basic_machine=c38-convex + os=bsd + ;; + cray) + basic_machine=j90-cray + os=unicos + ;; + crds | unos) + basic_machine=m68k-crds + os= + ;; + da30) + basic_machine=m68k-da30 + os= + ;; + decstation | pmax | pmin | dec3100 | decstatn) + basic_machine=mips-dec + os= + ;; + delta88) + basic_machine=m88k-motorola + os=sysv3 + ;; + dicos) + basic_machine=i686-pc + os=dicos + ;; + djgpp) + basic_machine=i586-pc + os=msdosdjgpp + ;; + ebmon29k) + basic_machine=a29k-amd + os=ebmon + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=ose + ;; + gmicro) + basic_machine=tron-gmicro + os=sysv + ;; + go32) + basic_machine=i386-pc + os=go32 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=hms + ;; + harris) + basic_machine=m88k-harris + os=sysv3 + ;; + hp300) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=hpux + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=proelf + ;; + i386mach) + basic_machine=i386-mach + os=mach + ;; + vsta) + basic_machine=i386-pc + os=vsta + ;; + isi68 | isi) + basic_machine=m68k-isi + os=sysv + ;; + m68knommu) + basic_machine=m68k-unknown + os=linux + ;; + magnum | m3230) + basic_machine=mips-mips + os=sysv + ;; + merlin) + basic_machine=ns32k-utek + os=sysv + ;; + mingw64) + basic_machine=x86_64-pc + os=mingw64 + ;; + mingw32) + basic_machine=i686-pc + os=mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=mingw32ce + ;; + monitor) + basic_machine=m68k-rom68k + os=coff + ;; + morphos) + basic_machine=powerpc-unknown + os=morphos + ;; + moxiebox) + basic_machine=moxie-unknown + os=moxiebox + ;; + msdos) + basic_machine=i386-pc + os=msdos + ;; + msys) + basic_machine=i686-pc + os=msys + ;; + mvs) + basic_machine=i370-ibm + os=mvs + ;; + nacl) + basic_machine=le32-unknown + os=nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=sysv4 + ;; + netbsd386) + basic_machine=i386-pc + os=netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=newsos + ;; + news1000) + basic_machine=m68030-sony + os=newsos + ;; + necv70) + basic_machine=v70-nec + os=sysv + ;; + nh3000) + basic_machine=m68k-harris + os=cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=cxux + ;; + nindy960) + basic_machine=i960-intel + os=nindy + ;; + mon960) + basic_machine=i960-intel + os=mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=nonstopux + ;; + os400) + basic_machine=powerpc-ibm + os=os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=ose + ;; + os68k) + basic_machine=m68k-none + os=os68k + ;; + paragon) + basic_machine=i860-intel + os=osf + ;; + parisc) + basic_machine=hppa-unknown + os=linux + ;; + pw32) + basic_machine=i586-unknown + os=pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + os=rdos + ;; + rdos32) + basic_machine=i386-pc + os=rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=coff + ;; + sa29200) + basic_machine=a29k-amd + os=udi + ;; + sei) + basic_machine=mips-sei + os=seiux + ;; + sequent) + basic_machine=i386-sequent + os= + ;; + sps7) + basic_machine=m68k-bull + os=sysv2 + ;; + st2000) + basic_machine=m68k-tandem + os= + ;; + stratus) + basic_machine=i860-stratus + os=sysv4 + ;; + sun2) + basic_machine=m68000-sun + os= + ;; + sun2os3) + basic_machine=m68000-sun + os=sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=sunos4 + ;; + sun3) + basic_machine=m68k-sun + os= + ;; + sun3os3) + basic_machine=m68k-sun + os=sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=sunos4 + ;; + sun4) + basic_machine=sparc-sun + os= + ;; + sun4os3) + basic_machine=sparc-sun + os=sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=solaris2 + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + os= + ;; + sv1) + basic_machine=sv1-cray + os=unicos + ;; + symmetry) + basic_machine=i386-sequent + os=dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=unicos + ;; + t90) + basic_machine=t90-cray + os=unicos + ;; + toad1) + basic_machine=pdp10-xkl + os=tops20 + ;; + tpf) + basic_machine=s390x-ibm + os=tpf + ;; + udi29k) + basic_machine=a29k-amd + os=udi + ;; + ultra3) + basic_machine=a29k-nyu + os=sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=none + ;; + vaxv) + basic_machine=vax-dec + os=sysv + ;; + vms) + basic_machine=vax-dec + os=vms + ;; + vxworks960) + basic_machine=i960-wrs + os=vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=vxworks + ;; + xbox) + basic_machine=i686-pc + os=mingw32 + ;; + ymp) + basic_machine=ymp-cray + os=unicos + ;; + *) + basic_machine=$1 + os= + ;; + esac ;; esac -# Decode aliases for certain CPU-COMPANY combinations. +# Decode 1-component or ad-hoc basic machines case $basic_machine in - # Recognize the basic CPU types without company name. - # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | aarch64 | aarch64_be \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arceb \ - | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ - | avr | avr32 \ - | ba \ - | be32 | be64 \ - | bfin \ - | c4x | c8051 | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | e2k | epiphany \ - | fido | fr30 | frv | ft32 \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | hexagon \ - | i370 | i860 | i960 | ia16 | ia64 \ - | ip2k | iq2000 \ - | k1om \ - | le32 | le64 \ - | lm32 \ - | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64octeon | mips64octeonel \ - | mips64orion | mips64orionel \ - | mips64r5900 | mips64r5900el \ - | mips64vr | mips64vrel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa32r6 | mipsisa32r6el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64r6 | mipsisa64r6el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipsr5900 | mipsr5900el \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | moxie \ - | mt \ - | msp430 \ - | nds32 | nds32le | nds32be \ - | nios | nios2 | nios2eb | nios2el \ - | ns16k | ns32k \ - | open8 | or1k | or1knd | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle \ - | pru \ - | pyramid \ - | riscv32 | riscv64 \ - | rl78 | rx \ - | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ - | spu \ - | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ - | ubicom32 \ - | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ - | visium \ - | wasm32 \ - | x86 | xc16x | xstormy16 | xtensa \ - | z8k | z80) - basic_machine=$basic_machine-unknown - ;; - c54x) - basic_machine=tic54x-unknown - ;; - c55x) - basic_machine=tic55x-unknown - ;; - c6x) - basic_machine=tic6x-unknown - ;; - leon|leon[3-9]) - basic_machine=sparc-$basic_machine - ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) - basic_machine=$basic_machine-unknown - os=-none + # Here we handle the default manufacturer of certain CPU types. It is in + # some cases the only manufacturer, in others, it is the most popular. + w89k) + cpu=hppa1.1 + vendor=winbond ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + op50n) + cpu=hppa1.1 + vendor=oki ;; - ms1) - basic_machine=mt-unknown + op60c) + cpu=hppa1.1 + vendor=oki ;; - - strongarm | thumb | xscale) - basic_machine=arm-unknown + ibm*) + cpu=i370 + vendor=ibm ;; - xgate) - basic_machine=$basic_machine-unknown - os=-none + orion105) + cpu=clipper + vendor=highlevel ;; - xscaleeb) - basic_machine=armeb-unknown + mac | mpw | mac-mpw) + cpu=m68k + vendor=apple ;; - - xscaleel) - basic_machine=armel-unknown + pmac | pmac-mpw) + cpu=powerpc + vendor=apple ;; - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and - # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) - basic_machine=$basic_machine-pc - ;; - # Object if more than one company name word. - *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; - # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | aarch64-* | aarch64_be-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* | avr32-* \ - | ba-* \ - | be32-* | be64-* \ - | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | c8051-* | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | e2k-* | elxsi-* \ - | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | hexagon-* \ - | i*86-* | i860-* | i960-* | ia16-* | ia64-* \ - | ip2k-* | iq2000-* \ - | k1om-* \ - | le32-* | le64-* \ - | lm32-* \ - | m32c-* | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ - | microblaze-* | microblazeel-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64octeon-* | mips64octeonel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64r5900-* | mips64r5900el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mips64vr5900-* | mips64vr5900el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa32r6-* | mipsisa32r6el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64r6-* | mipsisa64r6el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipsr5900-* | mipsr5900el-* \ - | mipstx39-* | mipstx39el-* \ - | mmix-* \ - | mt-* \ - | msp430-* \ - | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* | nios2eb-* | nios2el-* \ - | none-* | np1-* | ns16k-* | ns32k-* \ - | open8-* \ - | or1k*-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ - | pru-* \ - | pyramid-* \ - | riscv32-* | riscv64-* \ - | rl78-* | romp-* | rs6000-* | rx-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ - | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ - | tahoe-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile*-* \ - | tron-* \ - | ubicom32-* \ - | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ - | vax-* \ - | visium-* \ - | wasm32-* \ - | we32k-* \ - | x86-* | x86_64-* | xc16x-* | xps100-* \ - | xstormy16-* | xtensa*-* \ - | ymp-* \ - | z8k-* | z80-*) - ;; - # Recognize the basic CPU types without company name, with glob match. - xtensa*) - basic_machine=$basic_machine-unknown - ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. - 386bsd) - basic_machine=i386-unknown - os=-bsd - ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - basic_machine=m68000-att + cpu=m68000 + vendor=att ;; 3b*) - basic_machine=we32k-att - ;; - a29khif) - basic_machine=a29k-amd - os=-udi - ;; - abacus) - basic_machine=abacus-unknown - ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout - ;; - alliant | fx80) - basic_machine=fx80-alliant - ;; - altos | altos3068) - basic_machine=m68k-altos - ;; - am29k) - basic_machine=a29k-none - os=-bsd - ;; - amd64) - basic_machine=x86_64-pc - ;; - amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - amdahl) - basic_machine=580-amdahl - os=-sysv - ;; - amiga | amiga-*) - basic_machine=m68k-unknown - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=-amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=-sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=-sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=-bsd - ;; - aros) - basic_machine=i386-pc - os=-aros - ;; - asmjs) - basic_machine=asmjs-unknown - ;; - aux) - basic_machine=m68k-apple - os=-aux - ;; - balance) - basic_machine=ns32k-sequent - os=-dynix - ;; - blackfin) - basic_machine=bfin-unknown - os=-linux - ;; - blackfin-*) - basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux + cpu=we32k + vendor=att ;; bluegene*) - basic_machine=powerpc-ibm - os=-cnk - ;; - c54x-*) - basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c55x-*) - basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c6x-*) - basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; - cegcc) - basic_machine=arm-unknown - os=-cegcc - ;; - convex-c1) - basic_machine=c1-convex - os=-bsd - ;; - convex-c2) - basic_machine=c2-convex - os=-bsd - ;; - convex-c32) - basic_machine=c32-convex - os=-bsd - ;; - convex-c34) - basic_machine=c34-convex - os=-bsd - ;; - convex-c38) - basic_machine=c38-convex - os=-bsd - ;; - cray | j90) - basic_machine=j90-cray - os=-unicos - ;; - craynv) - basic_machine=craynv-cray - os=-unicosmp - ;; - cr16 | cr16-*) - basic_machine=cr16-unknown - os=-elf - ;; - crds | unos) - basic_machine=m68k-crds - ;; - crisv32 | crisv32-* | etraxfs*) - basic_machine=crisv32-axis - ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; - crx) - basic_machine=crx-unknown - os=-elf - ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; - decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) - basic_machine=mips-dec + cpu=powerpc + vendor=ibm + os=cnk ;; decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 + cpu=pdp10 + vendor=dec + os=tops10 ;; decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 + cpu=pdp10 + vendor=dec + os=tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) - basic_machine=m68k-motorola - ;; - delta88) - basic_machine=m88k-motorola - os=-sysv3 - ;; - dicos) - basic_machine=i686-pc - os=-dicos - ;; - djgpp) - basic_machine=i586-pc - os=-msdosdjgpp - ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx + cpu=m68k + vendor=motorola ;; dpx2*) - basic_machine=m68k-bull - os=-sysv3 - ;; - e500v[12]) - basic_machine=powerpc-unknown - os=$os"spe" - ;; - e500v[12]-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - os=$os"spe" - ;; - ebmon29k) - basic_machine=a29k-amd - os=-ebmon - ;; - elxsi) - basic_machine=elxsi-elxsi - os=-bsd + cpu=m68k + vendor=bull + os=sysv3 ;; encore | umax | mmax) - basic_machine=ns32k-encore + cpu=ns32k + vendor=encore ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=-ose + elxsi) + cpu=elxsi + vendor=elxsi + os=${os:-bsd} ;; fx2800) - basic_machine=i860-alliant + cpu=i860 + vendor=alliant ;; genix) - basic_machine=ns32k-ns - ;; - gmicro) - basic_machine=tron-gmicro - os=-sysv - ;; - go32) - basic_machine=i386-pc - os=-go32 + cpu=ns32k + vendor=ns ;; h3050r* | hiux*) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=-hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=-xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=-hms - ;; - harris) - basic_machine=m88k-harris - os=-sysv3 - ;; - hp300-*) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=-bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=-hpux + cpu=hppa1.1 + vendor=hitachi + os=hiuxwe2 ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) - basic_machine=hppa1.0-hp + cpu=hppa1.0 + vendor=hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) - basic_machine=m68000-hp + cpu=m68000 + vendor=hp ;; hp9k3[2-9][0-9]) - basic_machine=m68k-hp + cpu=m68k + vendor=hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) - basic_machine=hppa1.0-hp + cpu=hppa1.0 + vendor=hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hppa-next) - os=-nextstep3 - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=-osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=-proelf - ;; - i370-ibm* | ibm*) - basic_machine=i370-ibm + cpu=hppa1.0 + vendor=hp ;; i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv32 + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv32 ;; i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv4 + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv4 ;; i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv ;; i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-solaris2 + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=solaris2 ;; - i386mach) - basic_machine=i386-mach - os=-mach - ;; - i386-vsta | vsta) - basic_machine=i386-unknown - os=-vsta + j90 | j90-cray) + cpu=j90 + vendor=cray + os=${os:-unicos} ;; iris | iris4d) - basic_machine=mips-sgi + cpu=mips + vendor=sgi case $os in - -irix*) + irix*) ;; *) - os=-irix4 + os=irix4 ;; esac ;; - isi68 | isi) - basic_machine=m68k-isi - os=-sysv - ;; - leon-*|leon[3-9]-*) - basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` - ;; - m68knommu) - basic_machine=m68k-unknown - os=-linux - ;; - m68knommu-*) - basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - m88k-omron*) - basic_machine=m88k-omron - ;; - magnum | m3230) - basic_machine=mips-mips - os=-sysv - ;; - merlin) - basic_machine=ns32k-utek - os=-sysv - ;; - microblaze*) - basic_machine=microblaze-xilinx - ;; - mingw64) - basic_machine=x86_64-pc - os=-mingw64 - ;; - mingw32) - basic_machine=i686-pc - os=-mingw32 - ;; - mingw32ce) - basic_machine=arm-unknown - os=-mingw32ce - ;; miniframe) - basic_machine=m68000-convergent - ;; - *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; - mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` - ;; - mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown - ;; - monitor) - basic_machine=m68k-rom68k - os=-coff - ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; - moxiebox) - basic_machine=moxie-unknown - os=-moxiebox - ;; - msdos) - basic_machine=i386-pc - os=-msdos - ;; - ms1-*) - basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` - ;; - msys) - basic_machine=i686-pc - os=-msys - ;; - mvs) - basic_machine=i370-ibm - os=-mvs + cpu=m68000 + vendor=convergent ;; - nacl) - basic_machine=le32-unknown - os=-nacl - ;; - ncr3000) - basic_machine=i486-ncr - os=-sysv4 - ;; - netbsd386) - basic_machine=i386-unknown - os=-netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=-linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=-newsos - ;; - news1000) - basic_machine=m68030-sony - os=-newsos + *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*) + cpu=m68k + vendor=atari + os=mint ;; news-3600 | risc-news) - basic_machine=mips-sony - os=-newsos - ;; - necv70) - basic_machine=v70-nec - os=-sysv + cpu=mips + vendor=sony + os=newsos ;; next | m*-next) - basic_machine=m68k-next + cpu=m68k + vendor=next case $os in - -nextstep* ) + nextstep* ) ;; - -ns2*) - os=-nextstep2 + ns2*) + os=nextstep2 ;; *) - os=-nextstep3 + os=nextstep3 ;; esac ;; - nh3000) - basic_machine=m68k-harris - os=-cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=-cxux - ;; - nindy960) - basic_machine=i960-intel - os=-nindy - ;; - mon960) - basic_machine=i960-intel - os=-mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; np1) - basic_machine=np1-gould - ;; - neo-tandem) - basic_machine=neo-tandem - ;; - nse-tandem) - basic_machine=nse-tandem - ;; - nsr-tandem) - basic_machine=nsr-tandem - ;; - nsx-tandem) - basic_machine=nsx-tandem + cpu=np1 + vendor=gould ;; op50n-* | op60c-*) - basic_machine=hppa1.1-oki - os=-proelf - ;; - openrisc | openrisc-*) - basic_machine=or32-unknown - ;; - os400) - basic_machine=powerpc-ibm - os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=-ose - ;; - os68k) - basic_machine=m68k-none - os=-os68k + cpu=hppa1.1 + vendor=oki + os=proelf ;; pa-hitachi) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - paragon) - basic_machine=i860-intel - os=-osf - ;; - parisc) - basic_machine=hppa-unknown - os=-linux - ;; - parisc-*) - basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux + cpu=hppa1.1 + vendor=hitachi + os=hiuxwe2 ;; pbd) - basic_machine=sparc-tti + cpu=sparc + vendor=tti ;; pbb) - basic_machine=m68k-tti + cpu=m68k + vendor=tti ;; - pc532 | pc532-*) - basic_machine=ns32k-pc532 - ;; - pc98) - basic_machine=i386-pc - ;; - pc98-*) - basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc - ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc - ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc - ;; - pentium4) - basic_machine=i786-pc - ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + pc532) + cpu=ns32k + vendor=pc532 ;; pn) - basic_machine=pn-gould - ;; - power) basic_machine=power-ibm - ;; - ppc | ppcbe) basic_machine=powerpc-unknown - ;; - ppc-* | ppcbe-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppcle | powerpclittle) - basic_machine=powerpcle-unknown + cpu=pn + vendor=gould ;; - ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64) basic_machine=powerpc64-unknown - ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64le | powerpc64little) - basic_machine=powerpc64le-unknown - ;; - ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + power) + cpu=power + vendor=ibm ;; ps2) - basic_machine=i386-ibm - ;; - pw32) - basic_machine=i586-unknown - os=-pw32 - ;; - rdos | rdos64) - basic_machine=x86_64-pc - os=-rdos - ;; - rdos32) - basic_machine=i386-pc - os=-rdos - ;; - rom68k) - basic_machine=m68k-rom68k - os=-coff + cpu=i386 + vendor=ibm ;; rm[46]00) - basic_machine=mips-siemens + cpu=mips + vendor=siemens ;; rtpc | rtpc-*) - basic_machine=romp-ibm - ;; - s390 | s390-*) - basic_machine=s390-ibm - ;; - s390x | s390x-*) - basic_machine=s390x-ibm - ;; - sa29200) - basic_machine=a29k-amd - os=-udi - ;; - sb1) - basic_machine=mipsisa64sb1-unknown - ;; - sb1el) - basic_machine=mipsisa64sb1el-unknown + cpu=romp + vendor=ibm ;; sde) - basic_machine=mipsisa32-sde - os=-elf + cpu=mipsisa32 + vendor=sde + os=${os:-elf} ;; - sei) - basic_machine=mips-sei - os=-seiux + simso-wrs) + cpu=sparclite + vendor=wrs + os=vxworks ;; - sequent) - basic_machine=i386-sequent + tower | tower-32) + cpu=m68k + vendor=ncr ;; - sh) - basic_machine=sh-hitachi - os=-hms + vpp*|vx|vx-*) + cpu=f301 + vendor=fujitsu ;; - sh5el) - basic_machine=sh5le-unknown + w65) + cpu=w65 + vendor=wdc ;; - sh64) - basic_machine=sh64-unknown + w89k-*) + cpu=hppa1.1 + vendor=winbond + os=proelf ;; - sparclite-wrs | simso-wrs) - basic_machine=sparclite-wrs - os=-vxworks + none) + cpu=none + vendor=none ;; - sps7) - basic_machine=m68k-bull - os=-sysv2 + leon|leon[3-9]) + cpu=sparc + vendor=$basic_machine ;; - spur) - basic_machine=spur-unknown + leon-*|leon[3-9]-*) + cpu=sparc + vendor=`echo "$basic_machine" | sed 's/-.*//'` ;; - st2000) - basic_machine=m68k-tandem + + *-*) + IFS="-" read -r cpu vendor <<EOF +$basic_machine +EOF ;; - stratus) - basic_machine=i860-stratus - os=-sysv4 + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + cpu=$basic_machine + vendor=pc ;; - strongarm-* | thumb-*) - basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + # These rules are duplicated from below for sake of the special case above; + # i.e. things that normalized to x86 arches should also default to "pc" + pc98) + cpu=i386 + vendor=pc ;; - sun2) - basic_machine=m68000-sun + x64 | amd64) + cpu=x86_64 + vendor=pc ;; - sun2os3) - basic_machine=m68000-sun - os=-sunos3 + # Recognize the basic CPU types without company name. + *) + cpu=$basic_machine + vendor=unknown ;; - sun2os4) - basic_machine=m68000-sun - os=-sunos4 +esac + +unset -v basic_machine + +# Decode basic machines in the full and proper CPU-Company form. +case $cpu-$vendor in + # Here we handle the default manufacturer of certain CPU types in canonical form. It is in + # some cases the only manufacturer, in others, it is the most popular. + craynv-unknown) + vendor=cray + os=${os:-unicosmp} ;; - sun3os3) - basic_machine=m68k-sun - os=-sunos3 + c90-unknown | c90-cray) + vendor=cray + os=${os:-unicos} ;; - sun3os4) - basic_machine=m68k-sun - os=-sunos4 + fx80-unknown) + vendor=alliant ;; - sun4os3) - basic_machine=sparc-sun - os=-sunos3 + romp-unknown) + vendor=ibm ;; - sun4os4) - basic_machine=sparc-sun - os=-sunos4 + mmix-unknown) + vendor=knuth ;; - sun4sol2) - basic_machine=sparc-sun - os=-solaris2 + microblaze-unknown | microblazeel-unknown) + vendor=xilinx ;; - sun3 | sun3-*) - basic_machine=m68k-sun + rs6000-unknown) + vendor=ibm ;; - sun4) - basic_machine=sparc-sun + vax-unknown) + vendor=dec ;; - sun386 | sun386i | roadrunner) - basic_machine=i386-sun + pdp11-unknown) + vendor=dec ;; - sv1) - basic_machine=sv1-cray - os=-unicos + we32k-unknown) + vendor=att ;; - symmetry) - basic_machine=i386-sequent - os=-dynix + cydra-unknown) + vendor=cydrome ;; - t3e) - basic_machine=alphaev5-cray - os=-unicos + i370-ibm*) + vendor=ibm ;; - t90) - basic_machine=t90-cray - os=-unicos + orion-unknown) + vendor=highlevel ;; - tile*) - basic_machine=$basic_machine-unknown - os=-linux-gnu + xps-unknown | xps100-unknown) + cpu=xps100 + vendor=honeywell ;; - tx39) - basic_machine=mipstx39-unknown + + # Here we normalize CPU types with a missing or matching vendor + dpx20-unknown | dpx20-bull) + cpu=rs6000 + vendor=bull + os=${os:-bosx} ;; - tx39el) - basic_machine=mipstx39el-unknown + + # Here we normalize CPU types irrespective of the vendor + amd64-*) + cpu=x86_64 ;; - toad1) - basic_machine=pdp10-xkl - os=-tops20 + blackfin-*) + cpu=bfin + os=linux ;; - tower | tower-32) - basic_machine=m68k-ncr + c54x-*) + cpu=tic54x ;; - tpf) - basic_machine=s390x-ibm - os=-tpf + c55x-*) + cpu=tic55x ;; - udi29k) - basic_machine=a29k-amd - os=-udi + c6x-*) + cpu=tic6x ;; - ultra3) - basic_machine=a29k-nyu - os=-sym1 + e500v[12]-*) + cpu=powerpc + os=$os"spe" ;; - v810 | necv810) - basic_machine=v810-nec - os=-none + mips3*-*) + cpu=mips64 ;; - vaxv) - basic_machine=vax-dec - os=-sysv + ms1-*) + cpu=mt ;; - vms) - basic_machine=vax-dec - os=-vms + m68knommu-*) + cpu=m68k + os=linux ;; - vpp*|vx|vx-*) - basic_machine=f301-fujitsu + m9s12z-* | m68hcs12z-* | hcs12z-* | s12z-*) + cpu=s12z ;; - vxworks960) - basic_machine=i960-wrs - os=-vxworks + openrisc-*) + cpu=or32 ;; - vxworks68) - basic_machine=m68k-wrs - os=-vxworks + parisc-*) + cpu=hppa + os=linux ;; - vxworks29k) - basic_machine=a29k-wrs - os=-vxworks + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + cpu=i586 ;; - wasm32) - basic_machine=wasm32-unknown + pentiumpro-* | p6-* | 6x86-* | athlon-* | athalon_*-*) + cpu=i686 ;; - w65*) - basic_machine=w65-wdc - os=-none + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + cpu=i686 ;; - w89k-*) - basic_machine=hppa1.1-winbond - os=-proelf + pentium4-*) + cpu=i786 ;; - x64) - basic_machine=x86_64-pc + pc98-*) + cpu=i386 ;; - xbox) - basic_machine=i686-pc - os=-mingw32 + ppc-* | ppcbe-*) + cpu=powerpc ;; - xps | xps100) - basic_machine=xps100-honeywell + ppcle-* | powerpclittle-*) + cpu=powerpcle ;; - xscale-* | xscalee[bl]-*) - basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + ppc64-*) + cpu=powerpc64 ;; - ymp) - basic_machine=ymp-cray - os=-unicos + ppc64le-* | powerpc64little-*) + cpu=powerpc64le ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim + sb1-*) + cpu=mipsisa64sb1 ;; - z80-*-coff) - basic_machine=z80-unknown - os=-sim + sb1el-*) + cpu=mipsisa64sb1el ;; - none) - basic_machine=none-none - os=-none + sh5e[lb]-*) + cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'` ;; - -# Here we handle the default manufacturer of certain CPU types. It is in -# some cases the only manufacturer, in others, it is the most popular. - w89k) - basic_machine=hppa1.1-winbond + spur-*) + cpu=spur ;; - op50n) - basic_machine=hppa1.1-oki + strongarm-* | thumb-*) + cpu=arm ;; - op60c) - basic_machine=hppa1.1-oki + tx39-*) + cpu=mipstx39 ;; - romp) - basic_machine=romp-ibm + tx39el-*) + cpu=mipstx39el ;; - mmix) - basic_machine=mmix-knuth + x64-*) + cpu=x86_64 ;; - rs6000) - basic_machine=rs6000-ibm + xscale-* | xscalee[bl]-*) + cpu=`echo "$cpu" | sed 's/^xscale/arm/'` ;; - vax) - basic_machine=vax-dec + + # Recognize the canonical CPU Types that limit and/or modify the + # company names they are paired with. + cr16-*) + os=${os:-elf} ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown + crisv32-* | etraxfs*-*) + cpu=crisv32 + vendor=axis ;; - pdp11) - basic_machine=pdp11-dec + cris-* | etrax*-*) + cpu=cris + vendor=axis ;; - we32k) - basic_machine=we32k-att + crx-*) + os=${os:-elf} ;; - sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown + neo-tandem) + cpu=neo + vendor=tandem ;; - sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) - basic_machine=sparc-sun + nse-tandem) + cpu=nse + vendor=tandem ;; - cydra) - basic_machine=cydra-cydrome + nsr-tandem) + cpu=nsr + vendor=tandem ;; - orion) - basic_machine=orion-highlevel + nsv-tandem) + cpu=nsv + vendor=tandem ;; - orion105) - basic_machine=clipper-highlevel + nsx-tandem) + cpu=nsx + vendor=tandem ;; - mac | mpw | mac-mpw) - basic_machine=m68k-apple + s390-*) + cpu=s390 + vendor=ibm ;; - pmac | pmac-mpw) - basic_machine=powerpc-apple + s390x-*) + cpu=s390x + vendor=ibm ;; - *-unknown) - # Make sure to match an already-canonicalized machine name. + tile*-*) + os=${os:-linux-gnu} ;; + *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 + # Recognize the canonical CPU types that are allowed with any + # company name. + case $cpu in + 1750a | 580 \ + | a29k \ + | aarch64 | aarch64_be \ + | abacus \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \ + | alphapca5[67] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arceb \ + | arm | arm[lb]e | arme[lb] | armv* \ + | avr | avr32 \ + | asmjs \ + | ba \ + | be32 | be64 \ + | bfin | bs2000 \ + | c[123]* | c30 | [cjt]90 | c4x \ + | c8051 | clipper | craynv | csky | cydra \ + | d10v | d30v | dlx | dsp16xx \ + | e2k | elxsi | epiphany \ + | f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \ + | h8300 | h8500 \ + | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i*86 | i860 | i960 | ia16 | ia64 \ + | ip2k | iq2000 \ + | k1om \ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle \ + | m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k | v70 | w65 \ + | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip \ + | m88110 | m88k | maxq | mb | mcore | mep | metag \ + | microblaze | microblazeel \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ + | mipstx39 | mipstx39el \ + | mmix \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nfp \ + | nios | nios2 | nios2eb | nios2el \ + | none | np1 | ns16k | ns32k \ + | open8 \ + | or1k* \ + | or32 \ + | orion \ + | pdp10 | pdp11 | pj | pjl | pn | power \ + | powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \ + | pru \ + | pyramid \ + | riscv | riscv32 | riscv64 \ + | rl78 | romp | rs6000 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \ + | sh[1234]e[lb] | sh[12345][lb]e | sh[23]ele | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \ + | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \ + | spu \ + | tahoe \ + | tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \ + | tron \ + | ubicom32 \ + | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \ + | vax \ + | visium \ + | wasm32 \ + | we32k \ + | x86 | x86_64 | xc16x | xgate | xps100 \ + | xstormy16 | xtensa* \ + | ymp \ + | z8k | z80) + ;; + + *) + echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2 + exit 1 + ;; + esac ;; esac # Here we canonicalize certain aliases for manufacturers. -case $basic_machine in - *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` +case $vendor in + digital*) + vendor=dec ;; - *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + commodore*) + vendor=cbm ;; *) ;; @@ -1362,213 +1270,246 @@ esac # Decode manufacturer-specific aliases for certain operating systems. -if [ x"$os" != x"" ] +if [ x$os != x ] then case $os in # First match some system type aliases that might get confused # with valid system types. - # -solaris* is a basic system type, with this one exception. - -auroraux) - os=-auroraux + # solaris* is a basic system type, with this one exception. + auroraux) + os=auroraux ;; - -solaris1 | -solaris1.*) - os=`echo $os | sed -e 's|solaris1|sunos4|'` + bluegene*) + os=cnk ;; - -solaris) - os=-solaris2 + solaris1 | solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; - -svr4*) - os=-sysv4 + solaris) + os=solaris2 ;; - -unixware*) - os=-sysv4.2uw + unixware*) + os=sysv4.2uw ;; - -gnu/linux*) + gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; + # es1800 is here to avoid being matched by es* (a different OS) + es1800*) + os=ose + ;; + # Some version numbers need modification + chorusos*) + os=chorusos + ;; + isc) + os=isc2.2 + ;; + sco6) + os=sco5v6 + ;; + sco5) + os=sco3.2v5 + ;; + sco4) + os=sco3.2v4 + ;; + sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + ;; + sco3.2v[4-9]* | sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + ;; + scout) + # Don't match below + ;; + sco*) + os=sco3.2v2 + ;; + psos*) + os=psos + ;; # Now accept the basic system types. # The portable systems comes first. # Each alternative MUST end in a * to match a version number. - # -sysv* is not here because it comes later, after sysvr4. - -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* | -plan9* \ - | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* | -cloudabi* | -sortix* \ - | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ - | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ - | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ - | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ - | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \ - | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ - | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox*) + # sysv* is not here because it comes later, after sysvr4. + gnu* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ + | *vms* | esix* | aix* | cnk* | sunos | sunos[34]*\ + | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ + | sym* | kopensolaris* | plan9* \ + | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ + | aos* | aros* | cloudabi* | sortix* \ + | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ + | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ + | knetbsd* | mirbsd* | netbsd* \ + | bitrig* | openbsd* | solidbsd* | libertybsd* \ + | ekkobsd* | kfreebsd* | freebsd* | riscix* | lynxos* \ + | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \ + | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \ + | udi* | eabi* | lites* | ieee* | go32* | aux* | hcos* \ + | chorusrdb* | cegcc* | glidix* \ + | cygwin* | msys* | pe* | moss* | proelf* | rtems* \ + | midipix* | mingw32* | mingw64* | linux-gnu* | linux-android* \ + | linux-newlib* | linux-musl* | linux-uclibc* \ + | uxpv* | beos* | mpeix* | udk* | moxiebox* \ + | interix* | uwin* | mks* | rhapsody* | darwin* \ + | openstep* | oskit* | conix* | pw32* | nonstopux* \ + | storm-chaos* | tops10* | tenex* | tops20* | its* \ + | os2* | vos* | palmos* | uclinux* | nucleus* \ + | morphos* | superux* | rtmk* | windiss* \ + | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \ + | skyos* | haiku* | rdos* | toppers* | drops* | es* \ + | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ + | midnightbsd*) # Remember, each alternative MUST END IN *, to match a version number. ;; - -qnx*) - case $basic_machine in - x86-* | i*86-*) + qnx*) + case $cpu in + x86 | i*86) ;; *) - os=-nto$os + os=nto-$os ;; esac ;; - -nto-qnx*) + hiux*) + os=hiuxwe2 ;; - -nto*) - os=`echo $os | sed -e 's|nto|nto-qnx|'` + nto-qnx*) ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ - | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; - -mac*) - os=`echo $os | sed -e 's|mac|macos|'` + sim | xray | os68k* | v88r* \ + | windows* | osx | abug | netware* | os9* \ + | macos* | mpw* | magic* | mmixware* | mon960* | lnews*) ;; - -linux-dietlibc) - os=-linux-dietlibc + linux-dietlibc) + os=linux-dietlibc ;; - -linux*) + linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; - -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` + lynx*178) + os=lynxos178 ;; - -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` + lynx*5) + os=lynxos5 ;; - -opened*) - os=-openedition + lynx*) + os=lynxos ;; - -os400*) - os=-os400 + mac*) + os=`echo "$os" | sed -e 's|mac|macos|'` ;; - -wince*) - os=-wince + opened*) + os=openedition ;; - -osfrose*) - os=-osfrose + os400*) + os=os400 ;; - -osf*) - os=-osf + sunos5*) + os=`echo "$os" | sed -e 's|sunos5|solaris2|'` ;; - -utek*) - os=-bsd + sunos6*) + os=`echo "$os" | sed -e 's|sunos6|solaris3|'` ;; - -dynix*) - os=-bsd + wince*) + os=wince ;; - -acis*) - os=-aos + utek*) + os=bsd ;; - -atheos*) - os=-atheos + dynix*) + os=bsd ;; - -syllable*) - os=-syllable + acis*) + os=aos ;; - -386bsd) - os=-bsd + atheos*) + os=atheos ;; - -ctix* | -uts*) - os=-sysv + syllable*) + os=syllable ;; - -nova*) - os=-rtmk-nova - ;; - -ns2) - os=-nextstep2 + 386bsd) + os=bsd ;; - -nsk*) - os=-nsk + ctix* | uts*) + os=sysv ;; - # Preserve the version number of sinix5. - -sinix5.*) - os=`echo $os | sed -e 's|sinix|sysv|'` + nova*) + os=rtmk-nova ;; - -sinix*) - os=-sysv4 + ns2) + os=nextstep2 ;; - -tpf*) - os=-tpf + nsk*) + os=nsk ;; - -triton*) - os=-sysv3 + # Preserve the version number of sinix5. + sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` ;; - -oss*) - os=-sysv3 + sinix*) + os=sysv4 ;; - -svr4) - os=-sysv4 + tpf*) + os=tpf ;; - -svr3) - os=-sysv3 + triton*) + os=sysv3 ;; - -sysvr4) - os=-sysv4 + oss*) + os=sysv3 ;; - # This must come after -sysvr4. - -sysv*) + svr4*) + os=sysv4 ;; - -ose*) - os=-ose + svr3) + os=sysv3 ;; - -es1800*) - os=-ose + sysvr4) + os=sysv4 ;; - -xenix) - os=-xenix + # This must come after sysvr4. + sysv*) ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint + ose*) + os=ose ;; - -aros*) - os=-aros + *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) + os=mint ;; - -zvmoe) - os=-zvmoe + zvmoe) + os=zvmoe ;; - -dicos*) - os=-dicos + dicos*) + os=dicos ;; - -pikeos*) + pikeos*) # Until real need of OS specific support for # particular features comes up, bare metal # configurations are quite functional. - case $basic_machine in + case $cpu in arm*) - os=-eabi + os=eabi ;; *) - os=-elf + os=elf ;; esac ;; - -nacl*) + nacl*) ;; - -ios) + ios) ;; - -none) + none) + ;; + *-eabi) ;; *) - # Get rid of the `-' at the beginning of $os. - os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2 exit 1 ;; esac @@ -1584,264 +1525,265 @@ else # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. -case $basic_machine in +case $cpu-$vendor in score-*) - os=-elf + os=elf ;; spu-*) - os=-elf + os=elf ;; *-acorn) - os=-riscix1.2 + os=riscix1.2 ;; arm*-rebel) - os=-linux + os=linux ;; arm*-semi) - os=-aout + os=aout ;; c4x-* | tic4x-*) - os=-coff + os=coff ;; c8051-*) - os=-elf + os=elf + ;; + clipper-intergraph) + os=clix ;; hexagon-*) - os=-elf + os=elf ;; tic54x-*) - os=-coff + os=coff ;; tic55x-*) - os=-coff + os=coff ;; tic6x-*) - os=-coff + os=coff ;; # This must come before the *-dec entry. pdp10-*) - os=-tops20 + os=tops20 ;; pdp11-*) - os=-none + os=none ;; *-dec | vax-*) - os=-ultrix4.2 + os=ultrix4.2 ;; m68*-apollo) - os=-domain + os=domain ;; i386-sun) - os=-sunos4.0.2 + os=sunos4.0.2 ;; m68000-sun) - os=-sunos3 + os=sunos3 ;; m68*-cisco) - os=-aout + os=aout ;; mep-*) - os=-elf + os=elf ;; mips*-cisco) - os=-elf + os=elf ;; mips*-*) - os=-elf + os=elf ;; or32-*) - os=-coff + os=coff ;; *-tti) # must be before sparc entry or we get the wrong os. - os=-sysv3 + os=sysv3 ;; sparc-* | *-sun) - os=-sunos4.1.1 + os=sunos4.1.1 ;; pru-*) - os=-elf + os=elf ;; *-be) - os=-beos - ;; - *-haiku) - os=-haiku + os=beos ;; *-ibm) - os=-aix + os=aix ;; *-knuth) - os=-mmixware + os=mmixware ;; *-wec) - os=-proelf + os=proelf ;; *-winbond) - os=-proelf + os=proelf ;; *-oki) - os=-proelf + os=proelf ;; *-hp) - os=-hpux + os=hpux ;; *-hitachi) - os=-hiux + os=hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=-sysv + os=sysv ;; *-cbm) - os=-amigaos + os=amigaos ;; *-dg) - os=-dgux + os=dgux ;; *-dolphin) - os=-sysv3 + os=sysv3 ;; m68k-ccur) - os=-rtu + os=rtu ;; m88k-omron*) - os=-luna + os=luna ;; *-next) - os=-nextstep + os=nextstep ;; *-sequent) - os=-ptx + os=ptx ;; *-crds) - os=-unos + os=unos ;; *-ns) - os=-genix + os=genix ;; i370-*) - os=-mvs - ;; - *-next) - os=-nextstep3 + os=mvs ;; *-gould) - os=-sysv + os=sysv ;; *-highlevel) - os=-bsd + os=bsd ;; *-encore) - os=-bsd + os=bsd ;; *-sgi) - os=-irix + os=irix ;; *-siemens) - os=-sysv4 + os=sysv4 ;; *-masscomp) - os=-rtu + os=rtu ;; f30[01]-fujitsu | f700-fujitsu) - os=-uxpv + os=uxpv ;; *-rom68k) - os=-coff + os=coff ;; *-*bug) - os=-coff + os=coff ;; *-apple) - os=-macos + os=macos ;; *-atari*) - os=-mint + os=mint + ;; + *-wrs) + os=vxworks ;; *) - os=-none + os=none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. -vendor=unknown -case $basic_machine in - *-unknown) +case $vendor in + unknown) case $os in - -riscix*) + riscix*) vendor=acorn ;; - -sunos*) + sunos*) vendor=sun ;; - -cnk*|-aix*) + cnk*|-aix*) vendor=ibm ;; - -beos*) + beos*) vendor=be ;; - -hpux*) + hpux*) vendor=hp ;; - -mpeix*) + mpeix*) vendor=hp ;; - -hiux*) + hiux*) vendor=hitachi ;; - -unos*) + unos*) vendor=crds ;; - -dgux*) + dgux*) vendor=dg ;; - -luna*) + luna*) vendor=omron ;; - -genix*) + genix*) vendor=ns ;; - -mvs* | -opened*) + clix*) + vendor=intergraph + ;; + mvs* | opened*) vendor=ibm ;; - -os400*) + os400*) vendor=ibm ;; - -ptx*) + ptx*) vendor=sequent ;; - -tpf*) + tpf*) vendor=ibm ;; - -vxsim* | -vxworks* | -windiss*) + vxsim* | vxworks* | windiss*) vendor=wrs ;; - -aux*) + aux*) vendor=apple ;; - -hms*) + hms*) vendor=hitachi ;; - -mpw* | -macos*) + mpw* | macos*) vendor=apple ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) vendor=atari ;; - -vos*) + vos*) vendor=stratus ;; esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac -echo $basic_machine$os +echo "$cpu-$vendor-$os" exit # Local variables: -# eval: (add-hook 'write-file-functions 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff --git a/src/kdc/deps b/src/kdc/deps index 6bc00f7..9bf1db1 100644 --- a/src/kdc/deps +++ b/src/kdc/deps @@ -202,15 +202,16 @@ $(OUTPRE)replay.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - extern.h kdc_util.h realm_data.h replay.c reqstate.h + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hashtab.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h extern.h kdc_util.h \ + realm_data.h replay.c reqstate.h $(OUTPRE)kdc_authdata.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \ @@ -283,12 +284,13 @@ $(OUTPRE)t_replay.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-cmocka.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h extern.h kdc_util.h \ - realm_data.h replay.c reqstate.h t_replay.c + $(top_srcdir)/include/k5-hashtab.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + extern.h kdc_util.h realm_data.h replay.c reqstate.h \ + t_replay.c diff --git a/src/lib/krb5/ccache/deps b/src/lib/krb5/ccache/deps index 6732f75..d05a3c1 100644 --- a/src/lib/krb5/ccache/deps +++ b/src/lib/krb5/ccache/deps @@ -144,13 +144,14 @@ cc_file.so cc_file.po $(OUTPRE)cc_file.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/socket-utils.h cc-int.h cc_file.c cc_kcm.so cc_kcm.po $(OUTPRE)cc_kcm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kcm.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/kcm.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ $(top_srcdir)/include/socket-utils.h cc-int.h cc_kcm.c cc_memory.so cc_memory.po $(OUTPRE)cc_memory.$(OBJEXT): \ @@ -158,12 +159,13 @@ cc_memory.so cc_memory.po $(OUTPRE)cc_memory.$(OBJEXT): \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(srcdir)/../krb/int-proto.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h cc-int.h cc_memory.c + $(top_srcdir)/include/k5-hashtab.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + cc-int.h cc_memory.c cc_keyring.so cc_keyring.po $(OUTPRE)cc_keyring.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ diff --git a/src/lib/krb5/krb/deltat.c b/src/lib/krb5/krb/deltat.c index 6e6616e..81f1971 100644 --- a/src/lib/krb5/krb/deltat.c +++ b/src/lib/krb5/krb/deltat.c @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.0.2. */ +/* A Bison parser, made by GNU Bison 3.0.4. */ /* Bison implementation for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc. + Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -44,7 +44,7 @@ #define YYBISON 1 /* Bison version. */ -#define YYBISON_VERSION "3.0.2" +#define YYBISON_VERSION "3.0.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -193,7 +193,7 @@ extern int yydebug; /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE YYSTYPE; + union YYSTYPE { #line 128 "x-deltat.y" /* yacc.c:355 */ @@ -201,6 +201,8 @@ int val; #line 203 "deltat.c" /* yacc.c:355 */ }; + +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif @@ -213,7 +215,7 @@ int yyparse (struct param *tmv); /* Copy the second part of user declarations. */ -#line 217 "deltat.c" /* yacc.c:358 */ +#line 219 "deltat.c" /* yacc.c:358 */ #ifdef short # undef short @@ -1311,91 +1313,91 @@ yyreduce: case 6: #line 144 "x-deltat.y" /* yacc.c:1646 */ { (yyval.val) = - (yyvsp[0].val); } -#line 1315 "deltat.c" /* yacc.c:1646 */ +#line 1317 "deltat.c" /* yacc.c:1646 */ break; case 9: #line 146 "x-deltat.y" /* yacc.c:1646 */ { (yyval.val) = (yyvsp[0].val); } -#line 1321 "deltat.c" /* yacc.c:1646 */ +#line 1323 "deltat.c" /* yacc.c:1646 */ break; case 10: #line 147 "x-deltat.y" /* yacc.c:1646 */ { YYERROR; } -#line 1327 "deltat.c" /* yacc.c:1646 */ +#line 1329 "deltat.c" /* yacc.c:1646 */ break; case 11: #line 149 "x-deltat.y" /* yacc.c:1646 */ { DO ((yyvsp[-2].val), 0, 0, (yyvsp[0].val)); } -#line 1333 "deltat.c" /* yacc.c:1646 */ +#line 1335 "deltat.c" /* yacc.c:1646 */ break; case 12: #line 150 "x-deltat.y" /* yacc.c:1646 */ { DO ( 0, (yyvsp[-2].val), 0, (yyvsp[0].val)); } -#line 1339 "deltat.c" /* yacc.c:1646 */ +#line 1341 "deltat.c" /* yacc.c:1646 */ break; case 13: #line 151 "x-deltat.y" /* yacc.c:1646 */ { DO ( 0, 0, (yyvsp[-2].val), (yyvsp[0].val)); } -#line 1345 "deltat.c" /* yacc.c:1646 */ +#line 1347 "deltat.c" /* yacc.c:1646 */ break; case 14: #line 152 "x-deltat.y" /* yacc.c:1646 */ { DO ( 0, 0, 0, (yyvsp[-1].val)); } -#line 1351 "deltat.c" /* yacc.c:1646 */ +#line 1353 "deltat.c" /* yacc.c:1646 */ break; case 15: #line 153 "x-deltat.y" /* yacc.c:1646 */ { DO ((yyvsp[-6].val), (yyvsp[-4].val), (yyvsp[-2].val), (yyvsp[0].val)); } -#line 1357 "deltat.c" /* yacc.c:1646 */ +#line 1359 "deltat.c" /* yacc.c:1646 */ break; case 16: #line 154 "x-deltat.y" /* yacc.c:1646 */ { DO ( 0, (yyvsp[-4].val), (yyvsp[-2].val), (yyvsp[0].val)); } -#line 1363 "deltat.c" /* yacc.c:1646 */ +#line 1365 "deltat.c" /* yacc.c:1646 */ break; case 17: #line 155 "x-deltat.y" /* yacc.c:1646 */ { DO ( 0, (yyvsp[-2].val), (yyvsp[0].val), 0); } -#line 1369 "deltat.c" /* yacc.c:1646 */ +#line 1371 "deltat.c" /* yacc.c:1646 */ break; case 18: #line 156 "x-deltat.y" /* yacc.c:1646 */ { DO ( 0, 0, 0, (yyvsp[0].val)); } -#line 1375 "deltat.c" /* yacc.c:1646 */ +#line 1377 "deltat.c" /* yacc.c:1646 */ break; case 20: #line 162 "x-deltat.y" /* yacc.c:1646 */ { if (HOUR_NOT_OK((yyvsp[-2].val))) YYERROR; DO_SUM((yyval.val), (yyvsp[-2].val) * 3600, (yyvsp[0].val)); } -#line 1382 "deltat.c" /* yacc.c:1646 */ +#line 1384 "deltat.c" /* yacc.c:1646 */ break; case 22: #line 166 "x-deltat.y" /* yacc.c:1646 */ { if (MIN_NOT_OK((yyvsp[-2].val))) YYERROR; DO_SUM((yyval.val), (yyvsp[-2].val) * 60, (yyvsp[0].val)); } -#line 1389 "deltat.c" /* yacc.c:1646 */ +#line 1391 "deltat.c" /* yacc.c:1646 */ break; case 23: #line 169 "x-deltat.y" /* yacc.c:1646 */ { (yyval.val) = 0; } -#line 1395 "deltat.c" /* yacc.c:1646 */ +#line 1397 "deltat.c" /* yacc.c:1646 */ break; -#line 1399 "deltat.c" /* yacc.c:1646 */ +#line 1401 "deltat.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires diff --git a/src/lib/krb5/krb/deps b/src/lib/krb5/krb/deps index f78b47e..a4a809b 100644 --- a/src/lib/krb5/krb/deps +++ b/src/lib/krb5/krb/deps @@ -468,6 +468,18 @@ get_creds.so get_creds.po $(OUTPRE)get_creds.$(OBJEXT): \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ fast.h get_creds.c int-proto.h +get_etype_info.so get_etype_info.po $(OUTPRE)get_etype_info.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h fast.h get_etype_info.c \ + init_creds_ctx.h int-proto.h get_in_tkt.so get_in_tkt.po $(OUTPRE)get_in_tkt.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -589,10 +601,11 @@ kfree.so kfree.po $(OUTPRE)kfree.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h kfree.c + $(top_srcdir)/include/k5-spake.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + kfree.c libdef_parse.so libdef_parse.po $(OUTPRE)libdef_parse.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -774,12 +787,13 @@ preauth_encts.so preauth_encts.po $(OUTPRE)preauth_encts.$(OBJEXT): \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h int-proto.h preauth_encts.c + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + init_creds_ctx.h int-proto.h preauth_encts.c preauth_otp.so preauth_otp.po $(OUTPRE)preauth_otp.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -1277,6 +1291,11 @@ t_expand.so t_expand.po $(OUTPRE)t_expand.$(OBJEXT): \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ chk_trans.c t_expand.c +t_get_etype_info.so t_get_etype_info.po $(OUTPRE)t_get_etype_info.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(top_srcdir)/include/k5-hex.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \ + t_get_etype_info.c t_pac.so t_pac.po $(OUTPRE)t_pac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ diff --git a/src/lib/krb5/os/deps b/src/lib/krb5/os/deps index 0e5de6e..9e4e210 100644 --- a/src/lib/krb5/os/deps +++ b/src/lib/krb5/os/deps @@ -163,7 +163,7 @@ hostrealm_dns.so hostrealm_dns.po $(OUTPRE)hostrealm_dns.$(OBJEXT): \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/hostrealm_plugin.h \ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - dnsglue.h hostrealm_dns.c os-proto.h + hostrealm_dns.c os-proto.h hostrealm_domain.so hostrealm_domain.po $(OUTPRE)hostrealm_domain.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ diff --git a/src/man/k5identity.man b/src/man/k5identity.man index ec4bda4..b3222ae 100644 --- a/src/man/k5identity.man +++ b/src/man/k5identity.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "K5IDENTITY" "5" " " "1.16" "MIT Kerberos" +.TH "K5IDENTITY" "5" " " "1.17" "MIT Kerberos" .SH NAME k5identity \- Kerberos V5 client principal selection rules . @@ -50,19 +50,19 @@ principal is chosen as the client principal. The following fields are recognized: .INDENT 0.0 .TP -.B \fBrealm\fP +\fBrealm\fP If the realm of the server principal is known, it is matched against \fIvalue\fP, which may be a pattern using shell wildcards. For host\-based server principals, the realm will generally only be -known if there is a \fIdomain_realm\fP section in -\fIkrb5.conf(5)\fP with a mapping for the hostname. +known if there is a domain_realm section in +krb5.conf(5) with a mapping for the hostname. .TP -.B \fBservice\fP +\fBservice\fP If the server principal is a host\-based principal, its service component is matched against \fIvalue\fP, which may be a pattern using shell wildcards. .TP -.B \fBhost\fP +\fBhost\fP If the server principal is a host\-based principal, its hostname component is converted to lower case and matched against \fIvalue\fP, which may be a pattern using shell wildcards. @@ -94,10 +94,10 @@ alice/mail@EXAMPLE.COM host=mail.example.com service=imap .UNINDENT .SH SEE ALSO .sp -kerberos(1), \fIkrb5.conf(5)\fP +kerberos(1), krb5.conf(5) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/k5login.man b/src/man/k5login.man index fea5c23..a87cba4 100644 --- a/src/man/k5login.man +++ b/src/man/k5login.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "K5LOGIN" "5" " " "1.16" "MIT Kerberos" +.TH "K5LOGIN" "5" " " "1.17" "MIT Kerberos" .SH NAME k5login \- Kerberos V5 acl file for host access . @@ -56,7 +56,7 @@ bob@FOOBAR.ORG This would allow \fBbob\fP to use Kerberos network applications, such as ssh(1), to access \fBalice\fP\(aqs account, using \fBbob\fP\(aqs Kerberos tickets. In a default configuration (with \fBk5login_authoritative\fP set -to true in \fIkrb5.conf(5)\fP), this .k5login file would not let +to true in krb5.conf(5)), this .k5login file would not let \fBalice\fP use those network applications to access her account, since she is not listed! With no .k5login file, or with \fBk5login_authoritative\fP set to false, a default rule would permit the principal \fBalice\fP in the @@ -91,6 +91,6 @@ kerberos(1) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/k5srvutil.man b/src/man/k5srvutil.man index 1830476..d2316cd 100644 --- a/src/man/k5srvutil.man +++ b/src/man/k5srvutil.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "K5SRVUTIL" "1" " " "1.16" "MIT Kerberos" +.TH "K5SRVUTIL" "1" " " "1.17" "MIT Kerberos" .SH NAME k5srvutil \- host key table (keytab) manipulation utility . @@ -45,11 +45,11 @@ or to delete non\-current keys from a keytab. \fIoperation\fP must be one of the following: .INDENT 0.0 .TP -.B \fBlist\fP +\fBlist\fP Lists the keys in a keytab, showing version number and principal name. .TP -.B \fBchange\fP +\fBchange\fP Uses the kadmin protocol to update the keys in the Kerberos database to new randomly\-generated keys, and updates the keys in the keytab to match. If a key\(aqs version number doesn\(aqt match the @@ -63,14 +63,14 @@ option. Old keys are retained in the keytab so that existing tickets continue to work, but \fBdelold\fP should be used after such tickets expire, to prevent attacks against the old keys. .TP -.B \fBdelold\fP +\fBdelold\fP Deletes keys that are not the most recent version from the keytab. This operation should be used some time after a change operation to remove old keys, after existing tickets issued for the service have expired. If the \fB\-i\fP flag is given, then k5srvutil will prompt for confirmation for each principal. .TP -.B \fBdelete\fP +\fBdelete\fP Deletes particular keys in the keytab, interactively prompting for each key. .UNINDENT @@ -78,14 +78,18 @@ each key. In all cases, the default keytab is used unless this is overridden by the \fB\-f\fP option. .sp -k5srvutil uses the \fIkadmin(1)\fP program to edit the keytab in +k5srvutil uses the kadmin(1) program to edit the keytab in place. +.SH ENVIRONMENT +.sp +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkadmin(1)\fP, \fIktutil(1)\fP +kadmin(1), ktutil(1), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kadm5.acl.man b/src/man/kadm5.acl.man index fe9b611..fb1169c 100644 --- a/src/man/kadm5.acl.man +++ b/src/man/kadm5.acl.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KADM5.ACL" "5" " " "1.16" "MIT Kerberos" +.TH "KADM5.ACL" "5" " " "1.17" "MIT Kerberos" .SH NAME kadm5.acl \- Kerberos ACL file . @@ -32,14 +32,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .. .SH DESCRIPTION .sp -The Kerberos \fIkadmind(8)\fP daemon uses an Access Control List +The Kerberos kadmind(8) daemon uses an Access Control List (ACL) file to manage access rights to the Kerberos database. For operations that affect principals, the ACL file also controls which principals can operate on which other principals. .sp The default location of the Kerberos ACL file is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP unless this is overridden by the \fIacl_file\fP -variable in \fIkdc.conf(5)\fP\&. +variable in kdc.conf(5)\&. .SH SYNTAX .sp Empty lines and lines starting with the sharp sign (\fB#\fP) are @@ -127,7 +127,7 @@ _ T{ p T} T{ -[Dis]allows the propagation of the principal database (used in \fIincr_db_prop\fP) +[Dis]allows the propagation of the principal database (used in incr_db_prop) T} _ T{ @@ -185,7 +185,7 @@ in which \fB*number\fP matches the corresponding wildcard in .B {+|\-}\fIflagname\fP flag is forced to the indicated value. The permissible flags are the same as those for the \fBdefault_principal_flags\fP -variable in \fIkdc.conf(5)\fP\&. +variable in kdc.conf(5)\&. .TP .B \fI\-clearpolicy\fP policy is forced to be empty. @@ -194,7 +194,7 @@ policy is forced to be empty. policy is forced to be \fIpol\fP\&. .TP .B \-{\fIexpire, pwexpire, maxlife, maxrenewlife\fP} \fItime\fP -(\fIgetdate\fP string) associated value will be forced to +(getdate string) associated value will be forced to MIN(\fItime\fP, requested value). .UNINDENT .UNINDENT @@ -260,20 +260,20 @@ postdateable tickets or tickets with a life of longer than 9 hours. .SH MODULE BEHAVIOR .sp The ACL file can coexist with other authorization modules in release -1.16 and later, as configured in the \fIkadm5_auth\fP section of -\fIkrb5.conf(5)\fP\&. The ACL file will positively authorize +1.16 and later, as configured in the kadm5_auth section of +krb5.conf(5)\&. The ACL file will positively authorize operations according to the rules above, but will never authoritatively deny an operation, so other modules can authorize operations in addition to those authorized by the ACL file. .sp To operate without an ACL file, set the \fIacl_file\fP variable in -\fIkdc.conf(5)\fP to the empty string with \fBacl_file = ""\fP\&. +kdc.conf(5) to the empty string with \fBacl_file = ""\fP\&. .SH SEE ALSO .sp -\fIkdc.conf(5)\fP, \fIkadmind(8)\fP +kdc.conf(5), kadmind(8) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kadmin.man b/src/man/kadmin.man index 008d9bf..db47ba8 100644 --- a/src/man/kadmin.man +++ b/src/man/kadmin.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KADMIN" "1" " " "1.16" "MIT Kerberos" +.TH "KADMIN" "1" " " "1.17" "MIT Kerberos" .SH NAME kadmin \- Kerberos V5 database administration program . @@ -56,7 +56,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] kadmin and kadmin.local are command\-line interfaces to the Kerberos V5 administration system. They provide nearly identical functionalities; the difference is that kadmin.local directly accesses the KDC -database, while kadmin performs operations using \fIkadmind(8)\fP\&. +database, while kadmin performs operations using kadmind(8)\&. Except as explicitly noted otherwise, this man page will use "kadmin" to refer to both versions. kadmin provides for the maintenance of Kerberos principals, password policies, and service key tables @@ -80,30 +80,30 @@ kadmin.local can be run on any host which can access the LDAP server. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP Use \fIrealm\fP as the default database realm. .TP -.B \fB\-p\fP \fIprincipal\fP +\fB\-p\fP \fIprincipal\fP Use \fIprincipal\fP to authenticate. Otherwise, kadmin will append \fB/admin\fP to the primary principal name of the default ccache, the value of the \fBUSER\fP environment variable, or the username as obtained with getpwuid, in order of preference. .TP -.B \fB\-k\fP +\fB\-k\fP Use a keytab to decrypt the KDC response instead of prompting for a password. In this case, the default principal will be \fBhost/hostname\fP\&. If there is no keytab specified with the \fB\-t\fP option, then the default keytab will be used. .TP -.B \fB\-t\fP \fIkeytab\fP +\fB\-t\fP \fIkeytab\fP Use \fIkeytab\fP to decrypt the KDC response. This can only be used with the \fB\-k\fP option. .TP -.B \fB\-n\fP +\fB\-n\fP Requests anonymous processing. Two types of anonymous principals are supported. For fully anonymous Kerberos, configure PKINIT on the KDC and configure \fBpkinit_anchors\fP in the client\(aqs -\fIkrb5.conf(5)\fP\&. Then use the \fB\-n\fP option with a principal +krb5.conf(5)\&. Then use the \fB\-n\fP option with a principal of the form \fB@REALM\fP (an empty principal name followed by the at\-sign and a realm name). If permitted by the KDC, an anonymous ticket will be returned. A second form of anonymous tickets is @@ -114,46 +114,46 @@ principal (but not realm) will be replaced by the anonymous principal. As of release 1.8, the MIT Kerberos KDC only supports fully anonymous operation. .TP -.B \fB\-c\fP \fIcredentials_cache\fP +\fB\-c\fP \fIcredentials_cache\fP Use \fIcredentials_cache\fP as the credentials cache. The cache should contain a service ticket for the \fBkadmin/ADMINHOST\fP (where \fIADMINHOST\fP is the fully\-qualified hostname of the admin server) or \fBkadmin/admin\fP service; it can be acquired with the -\fIkinit(1)\fP program. If this option is not specified, kadmin +kinit(1) program. If this option is not specified, kadmin requests a new service ticket from the KDC, and stores it in its own temporary ccache. .TP -.B \fB\-w\fP \fIpassword\fP +\fB\-w\fP \fIpassword\fP Use \fIpassword\fP instead of prompting for one. Use this option with care, as it may expose the password to other users on the system via the process list. .TP -.B \fB\-q\fP \fIquery\fP +\fB\-q\fP \fIquery\fP Perform the specified query and then exit. .TP -.B \fB\-d\fP \fIdbname\fP +\fB\-d\fP \fIdbname\fP Specifies the name of the KDC database. This option does not apply to the LDAP database module. .TP -.B \fB\-s\fP \fIadmin_server\fP[:\fIport\fP] +\fB\-s\fP \fIadmin_server\fP[:\fIport\fP] Specifies the admin server which kadmin should contact. .TP -.B \fB\-m\fP +\fB\-m\fP If using kadmin.local, prompt for the database master password instead of reading it from a stash file. .TP -.B \fB\-e\fP "\fIenc\fP:\fIsalt\fP ..." +\fB\-e\fP "\fIenc\fP:\fIsalt\fP ..." Sets the keysalt list to be used for any new keys created. See -\fIKeysalt_lists\fP in \fIkdc.conf(5)\fP for a list of possible +Keysalt_lists in kdc.conf(5) for a list of possible values. .TP -.B \fB\-O\fP +\fB\-O\fP Force use of old AUTH_GSSAPI authentication flavor. .TP -.B \fB\-N\fP +\fB\-N\fP Prevent fallback to AUTH_GSSAPI authentication flavor. .TP -.B \fB\-x\fP \fIdb_args\fP +\fB\-x\fP \fIdb_args\fP Specifies the database specific arguments. See the next section for supported options. .UNINDENT @@ -188,10 +188,10 @@ Supported options for the DB2 module are: .INDENT 3.5 .INDENT 0.0 .TP -.B \fB\-x dbname=\fP*filename* +\fB\-x dbname=\fP*filename* Specifies the base filename of the DB2 database. .TP -.B \fB\-x lockiter\fP +\fB\-x lockiter\fP Make iteration operations hold the lock for the duration of the entire operation, rather than temporarily releasing the lock while handling each principal. This is the default @@ -199,7 +199,7 @@ behavior, but this option exists to allow command line override of a [dbmodules] setting. First introduced in release 1.13. .TP -.B \fB\-x unlockiter\fP +\fB\-x unlockiter\fP Make iteration operations unlock the database for each principal, instead of holding the lock for the duration of the entire operation. First introduced in release 1.13. @@ -212,39 +212,39 @@ Supported options for the LDAP module are: .INDENT 3.5 .INDENT 0.0 .TP -.B \fB\-x host=\fP\fIldapuri\fP +\fB\-x host=\fP\fIldapuri\fP Specifies the LDAP server to connect to by a LDAP URI. .TP -.B \fB\-x binddn=\fP\fIbind_dn\fP +\fB\-x binddn=\fP\fIbind_dn\fP Specifies the DN used to bind to the LDAP server. .TP -.B \fB\-x bindpwd=\fP\fIpassword\fP +\fB\-x bindpwd=\fP\fIpassword\fP Specifies the password or SASL secret used to bind to the LDAP server. Using this option may expose the password to other users on the system via the process list; to avoid this, instead stash the password using the \fBstashsrvpw\fP command of -\fIkdb5_ldap_util(8)\fP\&. +kdb5_ldap_util(8)\&. .TP -.B \fB\-x sasl_mech=\fP\fImechanism\fP +\fB\-x sasl_mech=\fP\fImechanism\fP Specifies the SASL mechanism used to bind to the LDAP server. The bind DN is ignored if a SASL mechanism is used. New in release 1.13. .TP -.B \fB\-x sasl_authcid=\fP\fIname\fP +\fB\-x sasl_authcid=\fP\fIname\fP Specifies the authentication name used when binding to the LDAP server with a SASL mechanism, if the mechanism requires one. New in release 1.13. .TP -.B \fB\-x sasl_authzid=\fP\fIname\fP +\fB\-x sasl_authzid=\fP\fIname\fP Specifies the authorization name used when binding to the LDAP server with a SASL mechanism. New in release 1.13. .TP -.B \fB\-x sasl_realm=\fP\fIrealm\fP +\fB\-x sasl_realm=\fP\fIrealm\fP Specifies the realm used when binding to the LDAP server with a SASL mechanism, if the mechanism uses one. New in release 1.13. .TP -.B \fB\-x debug=\fP\fIlevel\fP +\fB\-x debug=\fP\fIlevel\fP sets the OpenLDAP client library debug level. \fIlevel\fP is an integer to be interpreted by the library. Debugging messages are printed to standard error. New in release 1.12. @@ -254,7 +254,7 @@ are printed to standard error. New in release 1.12. .SH COMMANDS .sp When using the remote client, available commands may be restricted -according to the privileges specified in the \fIkadm5.acl(5)\fP file +according to the privileges specified in the kadm5.acl(5) file on the admin server. .SS add_principal .INDENT 0.0 @@ -277,54 +277,55 @@ Aliases: \fBaddprinc\fP, \fBank\fP Options: .INDENT 0.0 .TP -.B \fB\-expire\fP \fIexpdate\fP -(\fIgetdate\fP string) The expiration date of the principal. +\fB\-expire\fP \fIexpdate\fP +(getdate string) The expiration date of the principal. .TP -.B \fB\-pwexpire\fP \fIpwexpdate\fP -(\fIgetdate\fP string) The password expiration date. +\fB\-pwexpire\fP \fIpwexpdate\fP +(getdate string) The password expiration date. .TP -.B \fB\-maxlife\fP \fImaxlife\fP -(\fIduration\fP or \fIgetdate\fP string) The maximum ticket life +\fB\-maxlife\fP \fImaxlife\fP +(duration or getdate string) The maximum ticket life for the principal. .TP -.B \fB\-maxrenewlife\fP \fImaxrenewlife\fP -(\fIduration\fP or \fIgetdate\fP string) The maximum renewable +\fB\-maxrenewlife\fP \fImaxrenewlife\fP +(duration or getdate string) The maximum renewable life of tickets for the principal. .TP -.B \fB\-kvno\fP \fIkvno\fP +\fB\-kvno\fP \fIkvno\fP The initial key version number. .TP -.B \fB\-policy\fP \fIpolicy\fP +\fB\-policy\fP \fIpolicy\fP The password policy used by this principal. If not specified, the policy \fBdefault\fP is used if it exists (unless \fB\-clearpolicy\fP is specified). .TP -.B \fB\-clearpolicy\fP +\fB\-clearpolicy\fP Prevents any policy from being assigned when \fB\-policy\fP is not specified. .TP -.B {\-|+}\fBallow_postdated\fP +{\-|+}\fBallow_postdated\fP \fB\-allow_postdated\fP prohibits this principal from obtaining postdated tickets. \fB+allow_postdated\fP clears this flag. .TP -.B {\-|+}\fBallow_forwardable\fP +{\-|+}\fBallow_forwardable\fP \fB\-allow_forwardable\fP prohibits this principal from obtaining forwardable tickets. \fB+allow_forwardable\fP clears this flag. .TP -.B {\-|+}\fBallow_renewable\fP +{\-|+}\fBallow_renewable\fP \fB\-allow_renewable\fP prohibits this principal from obtaining renewable tickets. \fB+allow_renewable\fP clears this flag. .TP -.B {\-|+}\fBallow_proxiable\fP +{\-|+}\fBallow_proxiable\fP \fB\-allow_proxiable\fP prohibits this principal from obtaining proxiable tickets. \fB+allow_proxiable\fP clears this flag. .TP -.B {\-|+}\fBallow_dup_skey\fP +{\-|+}\fBallow_dup_skey\fP \fB\-allow_dup_skey\fP disables user\-to\-user authentication for this -principal by prohibiting this principal from obtaining a session -key for another user. \fB+allow_dup_skey\fP clears this flag. +principal by prohibiting others from obtaining a service ticket +encrypted in this principal\(aqs TGT session key. +\fB+allow_dup_skey\fP clears this flag. .TP -.B {\-|+}\fBrequires_preauth\fP +{\-|+}\fBrequires_preauth\fP \fB+requires_preauth\fP requires this principal to preauthenticate before being allowed to kinit. \fB\-requires_preauth\fP clears this flag. When \fB+requires_preauth\fP is set on a service principal, @@ -332,7 +333,7 @@ the KDC will only issue service tickets for that service principal if the client\(aqs initial authentication was performed using preauthentication. .TP -.B {\-|+}\fBrequires_hwauth\fP +{\-|+}\fBrequires_hwauth\fP \fB+requires_hwauth\fP requires this principal to preauthenticate using a hardware device before being allowed to kinit. \fB\-requires_hwauth\fP clears this flag. When \fB+requires_hwauth\fP is @@ -340,45 +341,47 @@ set on a service principal, the KDC will only issue service tickets for that service principal if the client\(aqs initial authentication was performed using a hardware device to preauthenticate. .TP -.B {\-|+}\fBok_as_delegate\fP +{\-|+}\fBok_as_delegate\fP \fB+ok_as_delegate\fP sets the \fBokay as delegate\fP flag on tickets issued with this principal as the service. Clients may use this flag as a hint that credentials should be delegated when authenticating to the service. \fB\-ok_as_delegate\fP clears this flag. .TP -.B {\-|+}\fBallow_svr\fP +{\-|+}\fBallow_svr\fP \fB\-allow_svr\fP prohibits the issuance of service tickets for this -principal. \fB+allow_svr\fP clears this flag. +principal. In release 1.17 and later, user\-to\-user service +tickets are still allowed unless the \fB\-allow_dup_skey\fP flag is +also set. \fB+allow_svr\fP clears this flag. .TP -.B {\-|+}\fBallow_tgs_req\fP +{\-|+}\fBallow_tgs_req\fP \fB\-allow_tgs_req\fP specifies that a Ticket\-Granting Service (TGS) request for a service ticket for this principal is not permitted. \fB+allow_tgs_req\fP clears this flag. .TP -.B {\-|+}\fBallow_tix\fP +{\-|+}\fBallow_tix\fP \fB\-allow_tix\fP forbids the issuance of any tickets for this principal. \fB+allow_tix\fP clears this flag. .TP -.B {\-|+}\fBneedchange\fP +{\-|+}\fBneedchange\fP \fB+needchange\fP forces a password change on the next initial authentication to this principal. \fB\-needchange\fP clears this flag. .TP -.B {\-|+}\fBpassword_changing_service\fP +{\-|+}\fBpassword_changing_service\fP \fB+password_changing_service\fP marks this principal as a password change service principal. .TP -.B {\-|+}\fBok_to_auth_as_delegate\fP +{\-|+}\fBok_to_auth_as_delegate\fP \fB+ok_to_auth_as_delegate\fP allows this principal to acquire forwardable tickets to itself from arbitrary users, for use with constrained delegation. .TP -.B {\-|+}\fBno_auth_data_required\fP +{\-|+}\fBno_auth_data_required\fP \fB+no_auth_data_required\fP prevents PAC or AD\-SIGNEDPATH data from being added to service tickets for the principal. .TP -.B {\-|+}\fBlockdown_keys\fP +{\-|+}\fBlockdown_keys\fP \fB+lockdown_keys\fP prevents keys for this principal from leaving the KDC via kadmind. The chpass and extract operations are denied for a principal with this attribute. The chrand operation is @@ -389,42 +392,42 @@ krbtgt/* or kadmin/* with new principals without the attribute. This attribute can be set via the network protocol, but can only be removed using kadmin.local. .TP -.B \fB\-randkey\fP +\fB\-randkey\fP Sets the key of the principal to a random value. .TP -.B \fB\-nokey\fP +\fB\-nokey\fP Causes the principal to be created with no key. New in release 1.12. .TP -.B \fB\-pw\fP \fIpassword\fP +\fB\-pw\fP \fIpassword\fP Sets the password of the principal to the specified string and does not prompt for a password. Note: using this option in a shell script may expose the password to other users on the system via the process list. .TP -.B \fB\-e\fP \fIenc\fP:\fIsalt\fP,... +\fB\-e\fP \fIenc\fP:\fIsalt\fP,... Uses the specified keysalt list for setting the keys of the -principal. See \fIKeysalt_lists\fP in \fIkdc.conf(5)\fP for a +principal. See Keysalt_lists in kdc.conf(5) for a list of possible values. .TP -.B \fB\-x\fP \fIdb_princ_args\fP +\fB\-x\fP \fIdb_princ_args\fP Indicates database\-specific options. The options for the LDAP database module are: .INDENT 7.0 .TP -.B \fB\-x dn=\fP\fIdn\fP +\fB\-x dn=\fP\fIdn\fP Specifies the LDAP object that will contain the Kerberos principal being created. .TP -.B \fB\-x linkdn=\fP\fIdn\fP +\fB\-x linkdn=\fP\fIdn\fP Specifies the LDAP object to which the newly created Kerberos principal object will point. .TP -.B \fB\-x containerdn=\fP\fIcontainer_dn\fP +\fB\-x containerdn=\fP\fIcontainer_dn\fP Specifies the container object under which the Kerberos principal is to be created. .TP -.B \fB\-x tktpolicy=\fP\fIpolicy\fP +\fB\-x tktpolicy=\fP\fIpolicy\fP Associates a ticket policy to the Kerberos principal. .UNINDENT .sp @@ -484,7 +487,7 @@ Alias: \fBmodprinc\fP Options (in addition to the \fBaddprinc\fP options): .INDENT 0.0 .TP -.B \fB\-unlock\fP +\fB\-unlock\fP Unlocks a locked principal (one which has received too many failed authentication attempts without enough time between them according to its password policy) so that it can successfully authenticate. @@ -535,20 +538,20 @@ Alias: \fBcpw\fP The following options are available: .INDENT 0.0 .TP -.B \fB\-randkey\fP +\fB\-randkey\fP Sets the key of the principal to a random value. .TP -.B \fB\-pw\fP \fIpassword\fP +\fB\-pw\fP \fIpassword\fP Set the password to the specified string. Using this option in a script may expose the password to other users on the system via the process list. .TP -.B \fB\-e\fP \fIenc\fP:\fIsalt\fP,... +\fB\-e\fP \fIenc\fP:\fIsalt\fP,... Uses the specified keysalt list for setting the keys of the -principal. See \fIKeysalt_lists\fP in \fIkdc.conf(5)\fP for a +principal. See Keysalt_lists in kdc.conf(5) for a list of possible values. .TP -.B \fB\-keepold\fP +\fB\-keepold\fP Keeps the existing keys in the database. This flag is usually not necessary except perhaps for \fBkrbtgt\fP principals. .UNINDENT @@ -689,29 +692,29 @@ modules. The following string attribute names are recognized by the KDC: .INDENT 0.0 .TP -.B \fBrequire_auth\fP +\fBrequire_auth\fP Specifies an authentication indicator which is required to authenticate to the principal as a service. Multiple indicators can be specified, separated by spaces; in this case any of the specified indicators will be accepted. (New in release 1.14.) .TP -.B \fBsession_enctypes\fP +\fBsession_enctypes\fP Specifies the encryption types supported for session keys when the principal is authenticated to as a server. See -\fIEncryption_types\fP in \fIkdc.conf(5)\fP for a list of the +Encryption_types in kdc.conf(5) for a list of the accepted values. .TP -.B \fBotp\fP +\fBotp\fP Enables One Time Passwords (OTP) preauthentication for a client \fIprincipal\fP\&. The \fIvalue\fP is a JSON string representing an array of objects, each having optional \fBtype\fP and \fBusername\fP fields. .TP -.B \fBpkinit_cert_match\fP +\fBpkinit_cert_match\fP Specifies a matching expression that defines the certificate attributes required for the client certificate used by the principal during PKINIT authentication. The matching expression is in the same format as those used by the \fBpkinit_cert_match\fP -option in \fIkrb5.conf(5)\fP\&. (New in release 1.16.) +option in krb5.conf(5)\&. (New in release 1.16.) .UNINDENT .sp This command requires the \fBmodify\fP privilege. @@ -758,29 +761,29 @@ Alias: \fBaddpol\fP The following options are available: .INDENT 0.0 .TP -.B \fB\-maxlife\fP \fItime\fP -(\fIduration\fP or \fIgetdate\fP string) Sets the maximum +\fB\-maxlife\fP \fItime\fP +(duration or getdate string) Sets the maximum lifetime of a password. .TP -.B \fB\-minlife\fP \fItime\fP -(\fIduration\fP or \fIgetdate\fP string) Sets the minimum +\fB\-minlife\fP \fItime\fP +(duration or getdate string) Sets the minimum lifetime of a password. .TP -.B \fB\-minlength\fP \fIlength\fP +\fB\-minlength\fP \fIlength\fP Sets the minimum length of a password. .TP -.B \fB\-minclasses\fP \fInumber\fP +\fB\-minclasses\fP \fInumber\fP Sets the minimum number of character classes required in a password. The five character classes are lower case, upper case, numbers, punctuation, and whitespace/unprintable characters. .TP -.B \fB\-history\fP \fInumber\fP +\fB\-history\fP \fInumber\fP Sets the number of past keys kept for a principal. This option is not supported with the LDAP KDC database module. .UNINDENT .INDENT 0.0 .TP -.B \fB\-maxfailure\fP \fImaxnumber\fP +\fB\-maxfailure\fP \fImaxnumber\fP Sets the number of authentication failures before the principal is locked. Authentication failures are only tracked for principals which require preauthentication. The counter of failed attempts @@ -789,8 +792,8 @@ resets to 0 after a successful attempt to authenticate. A .UNINDENT .INDENT 0.0 .TP -.B \fB\-failurecountinterval\fP \fIfailuretime\fP -(\fIduration\fP or \fIgetdate\fP string) Sets the allowable time +\fB\-failurecountinterval\fP \fIfailuretime\fP +(duration or getdate string) Sets the allowable time between authentication failures. If an authentication failure happens after \fIfailuretime\fP has elapsed since the previous failure, the number of authentication failures is reset to 1. A @@ -798,18 +801,18 @@ failure, the number of authentication failures is reset to 1. A .UNINDENT .INDENT 0.0 .TP -.B \fB\-lockoutduration\fP \fIlockouttime\fP -(\fIduration\fP or \fIgetdate\fP string) Sets the duration for +\fB\-lockoutduration\fP \fIlockouttime\fP +(duration or getdate string) Sets the duration for which the principal is locked from authenticating if too many authentication failures occur without the specified failure count interval elapsing. A duration of 0 (the default) means the principal remains locked out until it is administratively unlocked with \fBmodprinc \-unlock\fP\&. .TP -.B \fB\-allowedkeysalts\fP +\fB\-allowedkeysalts\fP Specifies the key/salt tuples supported for long\-term keys when setting or changing a principal\(aqs password/keys. See -\fIKeysalt_lists\fP in \fIkdc.conf(5)\fP for a list of the +Keysalt_lists in kdc.conf(5) for a list of the accepted values, but note that key/salt tuples must be separated with commas (\(aq,\(aq) only. To clear the allowed key/salt policy use a value of \(aq\-\(aq. @@ -969,19 +972,19 @@ With the \fB\-glob\fP form, it also requires the \fBlist\fP privilege. The options are: .INDENT 0.0 .TP -.B \fB\-k[eytab]\fP \fIkeytab\fP +\fB\-k[eytab]\fP \fIkeytab\fP Use \fIkeytab\fP as the keytab file. Otherwise, the default keytab is used. .TP -.B \fB\-e\fP \fIenc\fP:\fIsalt\fP,... +\fB\-e\fP \fIenc\fP:\fIsalt\fP,... Uses the specified keysalt list for setting the new keys of the -principal. See \fIKeysalt_lists\fP in \fIkdc.conf(5)\fP for a +principal. See Keysalt_lists in kdc.conf(5) for a list of possible values. .TP -.B \fB\-q\fP +\fB\-q\fP Display less verbose information. .TP -.B \fB\-norandkey\fP +\fB\-norandkey\fP Do not randomize the keys. The keys and their version numbers stay unchanged. This option cannot be specified in combination with the \fB\-e\fP option. @@ -1025,11 +1028,11 @@ kvno match that integer are removed. The options are: .INDENT 0.0 .TP -.B \fB\-k[eytab]\fP \fIkeytab\fP +\fB\-k[eytab]\fP \fIkeytab\fP Use \fIkeytab\fP as the keytab file. Otherwise, the default keytab is used. .TP -.B \fB\-q\fP +\fB\-q\fP Display less verbose information. .UNINDENT .sp @@ -1068,12 +1071,16 @@ Aliases: \fBexit\fP, \fBq\fP .sp The kadmin program was originally written by Tom Yu at MIT, as an interface to the OpenVision Kerberos administration program. +.SH ENVIRONMENT +.sp +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkpasswd(1)\fP, \fIkadmind(8)\fP +kpasswd(1), kadmind(8), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kadmind.man b/src/man/kadmind.man index 6d592a0..4b6410e 100644 --- a/src/man/kadmind.man +++ b/src/man/kadmind.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KADMIND" "8" " " "1.16" "MIT Kerberos" +.TH "KADMIND" "8" " " "1.17" "MIT Kerberos" .SH NAME kadmind \- KADM5 administration server . @@ -50,24 +50,24 @@ kadmind starts the Kerberos administration server. kadmind typically runs on the master Kerberos server, which stores the KDC database. If the KDC database uses the LDAP module, the administration server and the KDC server need not run on the same machine. kadmind accepts -remote requests from programs such as \fIkadmin(1)\fP and -\fIkpasswd(1)\fP to administer the information in these database. +remote requests from programs such as kadmin(1) and +kpasswd(1) to administer the information in these database. .sp kadmind requires a number of configuration files to be set up in order for it to work: .INDENT 0.0 .TP -.B \fIkdc.conf(5)\fP +.B kdc.conf(5) The KDC configuration file contains configuration information for the KDC and admin servers. kadmind uses settings in this file to locate the Kerberos database, and is also affected by the \fBacl_file\fP, \fBdict_file\fP, \fBkadmind_port\fP, and iprop\-related settings. .TP -.B \fIkadm5.acl(5)\fP +.B kadm5.acl(5) kadmind\(aqs ACL (access control list) tells it which principals are allowed to perform administration actions. The pathname to the -ACL file can be specified with the \fBacl_file\fP \fIkdc.conf(5)\fP +ACL file can be specified with the \fBacl_file\fP kdc.conf(5) variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. .UNINDENT .sp @@ -75,76 +75,80 @@ After the server begins running, it puts itself in the background and disassociates itself from its controlling terminal. .sp kadmind can be configured for incremental database propagation. -Incremental propagation allows slave KDC servers to receive principal -and policy updates incrementally instead of receiving full dumps of -the database. This facility can be enabled in the \fIkdc.conf(5)\fP -file with the \fBiprop_enable\fP option. Incremental propagation -requires the principal \fBkiprop/MASTER\e@REALM\fP (where MASTER is the -master KDC\(aqs canonical host name, and REALM the realm name). In -release 1.13, this principal is automatically created and registered -into the datebase. +Incremental propagation allows replica KDC servers to receive +principal and policy updates incrementally instead of receiving full +dumps of the database. This facility can be enabled in the +kdc.conf(5) file with the \fBiprop_enable\fP option. Incremental +propagation requires the principal \fBkiprop/MASTER\e@REALM\fP (where +MASTER is the master KDC\(aqs canonical host name, and REALM the realm +name). In release 1.13, this principal is automatically created and +registered into the datebase. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP specifies the realm that kadmind will serve; if it is not specified, the default realm of the host is used. .TP -.B \fB\-m\fP +\fB\-m\fP causes the master database password to be fetched from the keyboard (before the server puts itself in the background, if not invoked with the \fB\-nofork\fP option) rather than from a file on disk. .TP -.B \fB\-nofork\fP +\fB\-nofork\fP causes the server to remain in the foreground and remain associated to the terminal. In normal operation, you should allow the server to place itself in the background. .TP -.B \fB\-proponly\fP -causes the server to only listen and respond to Kerberos slave +\fB\-proponly\fP +causes the server to only listen and respond to Kerberos replica incremental propagation polling requests. This option can be used -to set up a hierarchical propagation topology where a slave KDC -provides incremental updates to other Kerberos slaves. +to set up a hierarchical propagation topology where a replica KDC +provides incremental updates to other Kerberos replicas. .TP -.B \fB\-port\fP \fIport\-number\fP +\fB\-port\fP \fIport\-number\fP specifies the port on which the administration server listens for connections. The default port is determined by the -\fBkadmind_port\fP configuration variable in \fIkdc.conf(5)\fP\&. +\fBkadmind_port\fP configuration variable in kdc.conf(5)\&. .TP -.B \fB\-P\fP \fIpid_file\fP +\fB\-P\fP \fIpid_file\fP specifies the file to which the PID of kadmind process should be written after it starts up. This file can be used to identify whether kadmind is still running and to allow init scripts to stop the correct process. .TP -.B \fB\-p\fP \fIkdb5_util_path\fP +\fB\-p\fP \fIkdb5_util_path\fP specifies the path to the kdb5_util command to use when dumping the KDB in response to full resync requests when iprop is enabled. .TP -.B \fB\-K\fP \fIkprop_path\fP +\fB\-K\fP \fIkprop_path\fP specifies the path to the kprop command to use to send full dumps -to slaves in response to full resync requests. +to replicas in response to full resync requests. .TP -.B \fB\-k\fP \fIkprop_port\fP -specifies the port by which the kprop process that is spawned by kadmind -connects to the slave kpropd, in order to transfer the dump file during -an iprop full resync request. +\fB\-k\fP \fIkprop_port\fP +specifies the port by which the kprop process that is spawned by +kadmind connects to the replica kpropd, in order to transfer the +dump file during an iprop full resync request. .TP -.B \fB\-F\fP \fIdump_file\fP +\fB\-F\fP \fIdump_file\fP specifies the file path to be used for dumping the KDB in response to full resync requests when iprop is enabled. .TP -.B \fB\-x\fP \fIdb_args\fP -specifies database\-specific arguments. See \fIDatabase Options\fP in \fIkadmin(1)\fP for supported arguments. +\fB\-x\fP \fIdb_args\fP +specifies database\-specific arguments. See Database Options in kadmin(1) for supported arguments. .UNINDENT +.SH ENVIRONMENT +.sp +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkpasswd(1)\fP, \fIkadmin(1)\fP, \fIkdb5_util(8)\fP, -\fIkdb5_ldap_util(8)\fP, \fIkadm5.acl(5)\fP +kpasswd(1), kadmin(1), kdb5_util(8), +kdb5_ldap_util(8), kadm5.acl(5), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kdb5_ldap_util.man b/src/man/kdb5_ldap_util.man index 001c797..ce6b1fe 100644 --- a/src/man/kdb5_ldap_util.man +++ b/src/man/kdb5_ldap_util.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KDB5_LDAP_UTIL" "8" " " "1.16" "MIT Kerberos" +.TH "KDB5_LDAP_UTIL" "8" " " "1.17" "MIT Kerberos" .SH NAME kdb5_ldap_util \- Kerberos configuration utility . @@ -44,15 +44,15 @@ services and ticket policies. .SH COMMAND-LINE OPTIONS .INDENT 0.0 .TP -.B \fB\-D\fP \fIuser_dn\fP +\fB\-D\fP \fIuser_dn\fP Specifies the Distinguished Name (DN) of the user who has sufficient rights to perform the operation on the LDAP server. .TP -.B \fB\-w\fP \fIpasswd\fP +\fB\-w\fP \fIpasswd\fP Specifies the password of \fIuser_dn\fP\&. This option is not recommended. .TP -.B \fB\-H\fP \fIldapuri\fP +\fB\-H\fP \fIldapuri\fP Specifies the URI of the LDAP server. It is recommended to use \fBldapi://\fP or \fBldaps://\fP to connect to the LDAP server. .UNINDENT @@ -78,60 +78,60 @@ Specifies the URI of the LDAP server. It is recommended to use Creates realm in directory. Options: .INDENT 0.0 .TP -.B \fB\-subtrees\fP \fIsubtree_dn_list\fP +\fB\-subtrees\fP \fIsubtree_dn_list\fP Specifies the list of subtrees containing the principals of a realm. The list contains the DNs of the subtree objects separated by colon (\fB:\fP). .TP -.B \fB\-sscope\fP \fIsearch_scope\fP +\fB\-sscope\fP \fIsearch_scope\fP Specifies the scope for searching the principals under the subtree. The possible values are 1 or one (one level), 2 or sub (subtrees). .TP -.B \fB\-containerref\fP \fIcontainer_reference_dn\fP +\fB\-containerref\fP \fIcontainer_reference_dn\fP Specifies the DN of the container object in which the principals of a realm will be created. If the container reference is not configured for a realm, the principals will be created in the realm container. .TP -.B \fB\-k\fP \fImkeytype\fP +\fB\-k\fP \fImkeytype\fP Specifies the key type of the master key in the database. The default is given by the \fBmaster_key_type\fP variable in -\fIkdc.conf(5)\fP\&. +kdc.conf(5)\&. .TP -.B \fB\-kv\fP \fImkeyVNO\fP +\fB\-kv\fP \fImkeyVNO\fP Specifies the version number of the master key in the database; the default is 1. Note that 0 is not allowed. .TP -.B \fB\-m\fP +\fB\-m\fP Specifies that the master database password should be read from the TTY rather than fetched from a file on the disk. .TP -.B \fB\-P\fP \fIpassword\fP +\fB\-P\fP \fIpassword\fP Specifies the master database password. This option is not recommended. .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP Specifies the Kerberos realm of the database. .TP -.B \fB\-sf\fP \fIstashfilename\fP +\fB\-sf\fP \fIstashfilename\fP Specifies the stash file of the master database password. .TP -.B \fB\-s\fP +\fB\-s\fP Specifies that the stash file is to be created. .TP -.B \fB\-maxtktlife\fP \fImax_ticket_life\fP -(\fIgetdate\fP string) Specifies maximum ticket life for +\fB\-maxtktlife\fP \fImax_ticket_life\fP +(getdate string) Specifies maximum ticket life for principals in this realm. .TP -.B \fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP -(\fIgetdate\fP string) Specifies maximum renewable life of +\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP +(getdate string) Specifies maximum renewable life of tickets for principals in this realm. .TP .B \fIticket_flags\fP Specifies global ticket flags for the realm. Allowable flags are documented in the description of the \fBadd_principal\fP command in -\fIkadmin(1)\fP\&. +kadmin(1)\&. .UNINDENT .sp Example: @@ -169,35 +169,35 @@ Re\-enter KDC database master key to verify: Modifies the attributes of a realm. Options: .INDENT 0.0 .TP -.B \fB\-subtrees\fP \fIsubtree_dn_list\fP +\fB\-subtrees\fP \fIsubtree_dn_list\fP Specifies the list of subtrees containing the principals of a realm. The list contains the DNs of the subtree objects separated by colon (\fB:\fP). This list replaces the existing list. .TP -.B \fB\-sscope\fP \fIsearch_scope\fP +\fB\-sscope\fP \fIsearch_scope\fP Specifies the scope for searching the principals under the subtrees. The possible values are 1 or one (one level), 2 or sub (subtrees). .TP -.B \fB\-containerref\fP \fIcontainer_reference_dn\fP Specifies the DN of the +\fB\-containerref\fP \fIcontainer_reference_dn\fP Specifies the DN of the container object in which the principals of a realm will be created. .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP Specifies the Kerberos realm of the database. .TP -.B \fB\-maxtktlife\fP \fImax_ticket_life\fP -(\fIgetdate\fP string) Specifies maximum ticket life for +\fB\-maxtktlife\fP \fImax_ticket_life\fP +(getdate string) Specifies maximum ticket life for principals in this realm. .TP -.B \fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP -(\fIgetdate\fP string) Specifies maximum renewable life of +\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP +(getdate string) Specifies maximum renewable life of tickets for principals in this realm. .TP .B \fIticket_flags\fP Specifies global ticket flags for the realm. Allowable flags are documented in the description of the \fBadd_principal\fP command in -\fIkadmin(1)\fP\&. +kadmin(1)\&. .UNINDENT .sp Example: @@ -225,7 +225,7 @@ shell% Displays the attributes of a realm. Options: .INDENT 0.0 .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP Specifies the Kerberos realm of the database. .UNINDENT .sp @@ -259,10 +259,10 @@ Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE Destroys an existing realm. Options: .INDENT 0.0 .TP -.B \fB\-f\fP +\fB\-f\fP If specified, will not prompt the user for confirmation. .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP Specifies the Kerberos realm of the database. .UNINDENT .sp @@ -323,16 +323,16 @@ file so that KDC and Administration server can use it to authenticate to the LDAP server. Options: .INDENT 0.0 .TP -.B \fB\-f\fP \fIfilename\fP +\fB\-f\fP \fIfilename\fP Specifies the complete path of the service password file. By default, \fB/usr/local/var/service_passwd\fP is used. .TP .B \fIname\fP Specifies the name of the object whose password is to be stored. -If \fIkrb5kdc(8)\fP or \fIkadmind(8)\fP are configured for +If krb5kdc(8) or kadmind(8) are configured for simple binding, this should be the distinguished name it will use as given by the \fBldap_kdc_dn\fP or \fBldap_kadmind_dn\fP -variable in \fIkdc.conf(5)\fP\&. If the KDC or kadmind is +variable in kdc.conf(5)\&. If the KDC or kadmind is configured for SASL binding, this should be the authentication name it will use as given by the \fBldap_kdc_sasl_authcid\fP or \fBldap_kadmind_sasl_authcid\fP variable. @@ -367,22 +367,22 @@ Re\-enter password for "cn=service\-kdc,o=org": Creates a ticket policy in the directory. Options: .INDENT 0.0 .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP Specifies the Kerberos realm of the database. .TP -.B \fB\-maxtktlife\fP \fImax_ticket_life\fP -(\fIgetdate\fP string) Specifies maximum ticket life for +\fB\-maxtktlife\fP \fImax_ticket_life\fP +(getdate string) Specifies maximum ticket life for principals. .TP -.B \fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP -(\fIgetdate\fP string) Specifies maximum renewable life of +\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP +(getdate string) Specifies maximum renewable life of tickets for principals. .TP .B \fIticket_flags\fP Specifies the ticket flags. If this option is not specified, by default, no restriction will be set by the policy. Allowable flags are documented in the description of the \fBadd_principal\fP -command in \fIkadmin(1)\fP\&. +command in kadmin(1)\&. .TP .B \fIpolicy_name\fP Specifies the name of the ticket policy. @@ -479,10 +479,10 @@ Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE Destroys an existing ticket policy. Options: .INDENT 0.0 .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP Specifies the Kerberos realm of the database. .TP -.B \fB\-force\fP +\fB\-force\fP Forces the deletion of the policy object. If not specified, the user will be prompted for confirmation before deleting the policy. .TP @@ -518,7 +518,7 @@ Lists the ticket policies in realm if specified or in the default realm. Options: .INDENT 0.0 .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP Specifies the Kerberos realm of the database. .UNINDENT .sp @@ -538,12 +538,16 @@ userpolicy .fi .UNINDENT .UNINDENT +.SH ENVIRONMENT +.sp +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkadmin(1)\fP +kadmin(1), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kdb5_util.man b/src/man/kdb5_util.man index 66bf6f8..53d945e 100644 --- a/src/man/kdb5_util.man +++ b/src/man/kdb5_util.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KDB5_UTIL" "8" " " "1.16" "MIT Kerberos" +.TH "KDB5_UTIL" "8" " " "1.17" "MIT Kerberos" .SH NAME kdb5_util \- Kerberos database maintenance utility . @@ -36,10 +36,12 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] [\fB\-r\fP \fIrealm\fP] [\fB\-d\fP \fIdbname\fP] [\fB\-k\fP \fImkeytype\fP] -[\fB\-M\fP \fImkeyname\fP] [\fB\-kv\fP \fImkeyVNO\fP] -[\fB\-sf\fP \fIstashfilename\fP] +[\fB\-M\fP \fImkeyname\fP] [\fB\-m\fP] +[\fB\-sf\fP \fIstashfilename\fP] +[\fB\-P\fP \fIpassword\fP] +[\fB\-x\fP \fIdb_args\fP] \fIcommand\fP [\fIcommand_options\fP] .SH DESCRIPTION .sp @@ -58,42 +60,46 @@ commands. .SH COMMAND-LINE OPTIONS .INDENT 0.0 .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP specifies the Kerberos realm of the database. .TP -.B \fB\-d\fP \fIdbname\fP +\fB\-d\fP \fIdbname\fP specifies the name under which the principal database is stored; -by default the database is that listed in \fIkdc.conf(5)\fP\&. The +by default the database is that listed in kdc.conf(5)\&. The password policy database and lock files are also derived from this value. .TP -.B \fB\-k\fP \fImkeytype\fP +\fB\-k\fP \fImkeytype\fP specifies the key type of the master key in the database. The default is given by the \fBmaster_key_type\fP variable in -\fIkdc.conf(5)\fP\&. +kdc.conf(5)\&. .TP -.B \fB\-kv\fP \fImkeyVNO\fP +\fB\-kv\fP \fImkeyVNO\fP Specifies the version number of the master key in the database; the default is 1. Note that 0 is not allowed. .TP -.B \fB\-M\fP \fImkeyname\fP +\fB\-M\fP \fImkeyname\fP principal name for the master key in the database. If not specified, the name is determined by the \fBmaster_key_name\fP -variable in \fIkdc.conf(5)\fP\&. +variable in kdc.conf(5)\&. .TP -.B \fB\-m\fP +\fB\-m\fP specifies that the master database password should be read from the keyboard rather than fetched from a file on disk. .TP -.B \fB\-sf\fP \fIstash_file\fP +\fB\-sf\fP \fIstash_file\fP specifies the stash filename of the master database password. If not specified, the filename is determined by the -\fBkey_stash_file\fP variable in \fIkdc.conf(5)\fP\&. +\fBkey_stash_file\fP variable in kdc.conf(5)\&. .TP -.B \fB\-P\fP \fIpassword\fP +\fB\-P\fP \fIpassword\fP specifies the master database password. Using this option may expose the password to other users on the system via the process list. +.TP +\fB\-x\fP \fIdb_args\fP +specifies database\-specific options. See kadmin(1) for +supported options. .UNINDENT .SH COMMANDS .SS create @@ -126,13 +132,14 @@ the \fB\-f\fP argument, does not prompt the user. .sp Stores the master principal\(aqs keys in a stash file. The \fB\-f\fP argument can be used to override the \fIkeyfile\fP specified in -\fIkdc.conf(5)\fP\&. +kdc.conf(5)\&. .SS dump .INDENT 0.0 .INDENT 3.5 -\fBdump\fP [\fB\-b7\fP|\fB\-ov\fP|\fB\-r13\fP] [\fB\-verbose\fP] -[\fB\-mkey_convert\fP] [\fB\-new_mkey_file\fP \fImkey_file\fP] [\fB\-rev\fP] -[\fB\-recurse\fP] [\fIfilename\fP [\fIprincipals\fP\&...]] +\fBdump\fP [\fB\-b7\fP|\fB\-ov\fP|\fB\-r13\fP|\fB\-r18\fP] +[\fB\-verbose\fP] [\fB\-mkey_convert\fP] [\fB\-new_mkey_file\fP +\fImkey_file\fP] [\fB\-rev\fP] [\fB\-recurse\fP] [\fIfilename\fP +[\fIprincipals\fP\&...]] .UNINDENT .UNINDENT .sp @@ -142,43 +149,43 @@ load_dump version 7". If filename is not specified, or is the string "\-", the dump is sent to standard output. Options: .INDENT 0.0 .TP -.B \fB\-b7\fP +\fB\-b7\fP causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util load_dump version 4"). This was the dump format produced on releases prior to 1.2.2. .TP -.B \fB\-ov\fP +\fB\-ov\fP causes the dump to be in "ovsec_adm_export" format. .TP -.B \fB\-r13\fP +\fB\-r13\fP causes the dump to be in the Kerberos 5 1.3 format ("kdb5_util load_dump version 5"). This was the dump format produced on releases prior to 1.8. .TP -.B \fB\-r18\fP +\fB\-r18\fP causes the dump to be in the Kerberos 5 1.8 format ("kdb5_util load_dump version 6"). This was the dump format produced on releases prior to 1.11. .TP -.B \fB\-verbose\fP +\fB\-verbose\fP causes the name of each principal and policy to be printed as it is dumped. .TP -.B \fB\-mkey_convert\fP +\fB\-mkey_convert\fP prompts for a new master key. This new master key will be used to re\-encrypt principal key data in the dumpfile. The principal keys themselves will not be changed. .TP -.B \fB\-new_mkey_file\fP \fImkey_file\fP +\fB\-new_mkey_file\fP \fImkey_file\fP the filename of a stash file. The master key in this stash file will be used to re\-encrypt the key data in the dumpfile. The key data in the database will not be changed. .TP -.B \fB\-rev\fP +\fB\-rev\fP dumps in reverse order. This may recover principals that do not dump normally, in cases where database corruption has occurred. .TP -.B \fB\-recurse\fP +\fB\-recurse\fP causes the dump to walk the database recursively (btree only). This may recover principals that do not dump normally, in cases where database corruption has occurred. In cases of such @@ -196,8 +203,8 @@ doing a normal dump instead of a recursive traversal. .SS load .INDENT 0.0 .INDENT 3.5 -\fBload\fP [\fB\-b7\fP|\fB\-ov\fP|\fB\-r13\fP] [\fB\-hash\fP] -[\fB\-verbose\fP] [\fB\-update\fP] \fIfilename\fP [\fIdbname\fP] +\fBload\fP [\fB\-b7\fP|\fB\-ov\fP|\fB\-r13\fP|\fB\-r18\fP] [\fB\-hash\fP] +[\fB\-verbose\fP] [\fB\-update\fP] \fIfilename\fP .UNINDENT .UNINDENT .sp @@ -212,44 +219,42 @@ database module, the \fB\-update\fP flag is required. Options: .INDENT 0.0 .TP -.B \fB\-b7\fP +\fB\-b7\fP requires the database to be in the Kerberos 5 Beta 7 format ("kdb5_util load_dump version 4"). This was the dump format produced on releases prior to 1.2.2. .TP -.B \fB\-ov\fP +\fB\-ov\fP requires the database to be in "ovsec_adm_import" format. Must be used with the \fB\-update\fP option. .TP -.B \fB\-r13\fP +\fB\-r13\fP requires the database to be in Kerberos 5 1.3 format ("kdb5_util load_dump version 5"). This was the dump format produced on releases prior to 1.8. .TP -.B \fB\-r18\fP +\fB\-r18\fP requires the database to be in Kerberos 5 1.8 format ("kdb5_util load_dump version 6"). This was the dump format produced on releases prior to 1.11. .TP -.B \fB\-hash\fP -requires the database to be stored as a hash. If this option is -not specified, the database will be stored as a btree. This -option is not recommended, as databases stored in hash format are -known to corrupt data and lose principals. +\fB\-hash\fP +stores the database in hash format, if using the DB2 database +type. If this option is not specified, the database will be +stored in btree format. This option is not recommended, as +databases stored in hash format are known to corrupt data and lose +principals. .TP -.B \fB\-verbose\fP +\fB\-verbose\fP causes the name of each principal and policy to be printed as it is dumped. .TP -.B \fB\-update\fP +\fB\-update\fP records from the dump file are added to or updated in the existing database. Otherwise, a new database is created containing only what is in the dump file and the old one destroyed upon successful completion. .UNINDENT -.sp -If specified, \fIdbname\fP overrides the value specified on the command -line or the default. .SS ark .INDENT 0.0 .INDENT 3.5 @@ -271,13 +276,13 @@ salt types to be used for the new keys. Adds a new master key to the master key principal, but does not mark it as active. Existing master keys will remain. The \fB\-e\fP option specifies the encryption type of the new master key; see -\fIEncryption_types\fP in \fIkdc.conf(5)\fP for a list of possible +Encryption_types in kdc.conf(5) for a list of possible values. The \fB\-s\fP option stashes the new master key in the stash file, which will be created if it doesn\(aqt already exist. .sp -After a new master key is added, it should be propagated to slave -servers via a manual or periodic invocation of \fIkprop(8)\fP\&. Then, -the stash files on the slave servers should be updated with the +After a new master key is added, it should be propagated to replica +servers via a manual or periodic invocation of kprop(8)\&. Then, +the stash files on the replica servers should be updated with the kdb5_util \fBstash\fP command. Once those steps are complete, the key is ready to be marked active with the kdb5_util \fBuse_mkey\fP command. .SS use_mkey @@ -291,7 +296,7 @@ Sets the activation time of the master key specified by \fImkeyVNO\fP\&. Once a master key becomes active, it will be used to encrypt newly created principal keys. If no \fItime\fP argument is given, the current time is used, causing the specified master key version to become -active immediately. The format for \fItime\fP is \fIgetdate\fP string. +active immediately. The format for \fItime\fP is getdate string. .sp After a new master key becomes active, the kdb5_util \fBupdate_princ_encryption\fP command can be used to update all @@ -305,7 +310,7 @@ principal keys to be encrypted in the new master key. .sp List all master keys, from most recent to earliest, in the master key principal. The output will show the kvno, enctype, and salt type for -each mkey, similar to the output of \fIkadmin(1)\fP \fBgetprinc\fP\&. A +each mkey, similar to the output of kadmin(1) \fBgetprinc\fP\&. A \fB*\fP following an mkey denotes the currently active master key. .SS purge_mkeys .INDENT 0.0 @@ -319,14 +324,14 @@ protect any principals. This command can be used to remove old master keys all principal keys are protected by a newer master key. .INDENT 0.0 .TP -.B \fB\-f\fP +\fB\-f\fP does not prompt for confirmation. .TP -.B \fB\-n\fP +\fB\-n\fP performs a dry run, showing master keys that would be purged, but not actually purging any keys. .TP -.B \fB\-v\fP +\fB\-v\fP gives more verbose output. .UNINDENT .SS update_princ_encryption @@ -367,23 +372,23 @@ below). Options: .INDENT 0.0 .TP -.B \fB\-H\fP +\fB\-H\fP suppress writing the field names in a header line .TP -.B \fB\-c\fP +\fB\-c\fP use comma separated values (CSV) format, with minimal quoting, instead of the default tab\-separated (unquoted, unescaped) format .TP -.B \fB\-e\fP +\fB\-e\fP write empty hexadecimal string fields as empty fields instead of as "\-1". .TP -.B \fB\-n\fP +\fB\-n\fP produce numeric output for fields that normally have symbolic output, such as enctypes and flag names. Also requests output of time stamps as decimal POSIX time_t values. .TP -.B \fB\-o\fP \fIoutfile\fP +\fB\-o\fP \fIoutfile\fP write the dump to the specified output file instead of to standard output .UNINDENT @@ -391,38 +396,38 @@ output Dump types: .INDENT 0.0 .TP -.B \fBkeydata\fP +\fBkeydata\fP principal encryption key information, including actual key data (which is still encrypted in the master key) .INDENT 7.0 .TP -.B \fBname\fP +\fBname\fP principal name .TP -.B \fBkeyindex\fP +\fBkeyindex\fP index of this key in the principal\(aqs key list .TP -.B \fBkvno\fP +\fBkvno\fP key version number .TP -.B \fBenctype\fP +\fBenctype\fP encryption type .TP -.B \fBkey\fP +\fBkey\fP key data as a hexadecimal string .TP -.B \fBsalttype\fP +\fBsalttype\fP salt type .TP -.B \fBsalt\fP +\fBsalt\fP salt data as a hexadecimal string .UNINDENT .TP -.B \fBkeyinfo\fP +\fBkeyinfo\fP principal encryption key information (as in \fBkeydata\fP above), excluding actual key data .TP -.B \fBprinc_flags\fP +\fBprinc_flags\fP principal boolean attributes. Flag names print as hexadecimal numbers if the \fB\-n\fP option is specified, and all flag positions are printed regardless of whether or not they are set. If \fB\-n\fP @@ -431,93 +436,93 @@ but only print hexadecimal flag names if the corresponding flag is set. .INDENT 7.0 .TP -.B \fBname\fP +\fBname\fP principal name .TP -.B \fBflag\fP +\fBflag\fP flag name .TP -.B \fBvalue\fP +\fBvalue\fP boolean value (0 for clear, or 1 for set) .UNINDENT .TP -.B \fBprinc_lockout\fP +\fBprinc_lockout\fP state information used for tracking repeated password failures .INDENT 7.0 .TP -.B \fBname\fP +\fBname\fP principal name .TP -.B \fBlast_success\fP +\fBlast_success\fP time stamp of most recent successful authentication .TP -.B \fBlast_failed\fP +\fBlast_failed\fP time stamp of most recent failed authentication .TP -.B \fBfail_count\fP +\fBfail_count\fP count of failed attempts .UNINDENT .TP -.B \fBprinc_meta\fP +\fBprinc_meta\fP principal metadata .INDENT 7.0 .TP -.B \fBname\fP +\fBname\fP principal name .TP -.B \fBmodby\fP +\fBmodby\fP name of last principal to modify this principal .TP -.B \fBmodtime\fP +\fBmodtime\fP timestamp of last modification .TP -.B \fBlastpwd\fP +\fBlastpwd\fP timestamp of last password change .TP -.B \fBpolicy\fP +\fBpolicy\fP policy object name .TP -.B \fBmkvno\fP +\fBmkvno\fP key version number of the master key that encrypts this principal\(aqs key data .TP -.B \fBhist_kvno\fP +\fBhist_kvno\fP key version number of the history key that encrypts the key history data for this principal .UNINDENT .TP -.B \fBprinc_stringattrs\fP +\fBprinc_stringattrs\fP string attributes (key/value pairs) .INDENT 7.0 .TP -.B \fBname\fP +\fBname\fP principal name .TP -.B \fBkey\fP +\fBkey\fP attribute name .TP -.B \fBvalue\fP +\fBvalue\fP attribute value .UNINDENT .TP -.B \fBprinc_tktpolicy\fP +\fBprinc_tktpolicy\fP per\-principal ticket policy data, including maximum ticket lifetimes .INDENT 7.0 .TP -.B \fBname\fP +\fBname\fP principal name .TP -.B \fBexpiration\fP +\fBexpiration\fP principal expiration date .TP -.B \fBpw_expiration\fP +\fBpw_expiration\fP password expiration date .TP -.B \fBmax_life\fP +\fBmax_life\fP maximum ticket lifetime .TP -.B \fBmax_renew_life\fP +\fBmax_renew_life\fP maximum renewable ticket lifetime .UNINDENT .UNINDENT @@ -546,12 +551,16 @@ bar@EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1 .fi .UNINDENT .UNINDENT +.SH ENVIRONMENT +.sp +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkadmin(1)\fP +kadmin(1), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kdc.conf.man b/src/man/kdc.conf.man index 440ce3b..05cc8f6 100644 --- a/src/man/kdc.conf.man +++ b/src/man/kdc.conf.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KDC.CONF" "5" " " "1.16" "MIT Kerberos" +.TH "KDC.CONF" "5" " " "1.17" "MIT Kerberos" .SH NAME kdc.conf \- Kerberos V5 KDC configuration file . @@ -31,9 +31,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .sp -The kdc.conf file supplements \fIkrb5.conf(5)\fP for programs which -are typically only used on a KDC, such as the \fIkrb5kdc(8)\fP and -\fIkadmind(8)\fP daemons and the \fIkdb5_util(8)\fP program. +The kdc.conf file supplements krb5.conf(5) for programs which +are typically only used on a KDC, such as the krb5kdc(8) and +kadmind(8) daemons and the kdb5_util(8) program. Relations documented here may also be specified in krb5.conf; for the KDC programs mentioned, krb5.conf and kdc.conf will be merged into a single configuration profile. @@ -47,7 +47,7 @@ changes to take effect. .SH STRUCTURE .sp The kdc.conf file is set up in the same format as the -\fIkrb5.conf(5)\fP file. +krb5.conf(5) file. .SH SECTIONS .sp The kdc.conf file may contain the following sections: @@ -88,10 +88,10 @@ _ .TE .SS [kdcdefaults] .sp -With two exceptions, relations in the [kdcdefaults] section specify -default values for realm variables, to be used if the [realms] -subsection does not contain a relation for the tag. See the -\fI\%[realms]\fP section for the definitions of these relations. +Some relations in the [kdcdefaults] section specify default values for +realm variables, to be used if the [realms] subsection does not +contain a relation for the tag. See the \fI\%[realms]\fP section for +the definitions of these relations. .INDENT 0.0 .IP \(bu 2 \fBhost_based_services\fP @@ -108,16 +108,24 @@ subsection does not contain a relation for the tag. See the .IP \(bu 2 \fBrestrict_anonymous_to_tgt\fP .UNINDENT +.sp +The following [kdcdefaults] variables have no per\-realm equivalent: .INDENT 0.0 .TP -.B \fBkdc_max_dgram_reply_size\fP +\fBkdc_max_dgram_reply_size\fP Specifies the maximum packet size that can be sent over UDP. The default value is 4096 bytes. .TP -.B \fBkdc_tcp_listen_backlog\fP +\fBkdc_tcp_listen_backlog\fP (Integer.) Set the size of the listen queue length for the KDC daemon. The value may be limited by OS settings. The default value is 5. +.TP +\fBspake_preauth_kdc_challenge\fP +(String.) Specifies the group for a SPAKE optimistic challenge. +See the \fBspake_preauth_groups\fP variable in libdefaults +for possible values. The default is not to issue an optimistic +challenge. (New in release 1.17.) .UNINDENT .SS [realms] .sp @@ -142,33 +150,33 @@ to define one parameter for the ATHENA.MIT.EDU realm: The following tags may be specified in a [realms] subsection: .INDENT 0.0 .TP -.B \fBacl_file\fP +\fBacl_file\fP (String.) Location of the access control list file that -\fIkadmind(8)\fP uses to determine which principals are allowed +kadmind(8) uses to determine which principals are allowed which permissions on the Kerberos database. To operate without an ACL file, set this relation to the empty string with \fBacl_file = ""\fP\&. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. For more -information on Kerberos ACL file see \fIkadm5.acl(5)\fP\&. +information on Kerberos ACL file see kadm5.acl(5)\&. .TP -.B \fBdatabase_module\fP +\fBdatabase_module\fP (String.) This relation indicates the name of the configuration section under \fI\%[dbmodules]\fP for database\-specific parameters used by the loadable database library. The default value is the realm name. If this configuration section does not exist, default values will be used for all database parameters. .TP -.B \fBdatabase_name\fP +\fBdatabase_name\fP (String, deprecated.) This relation specifies the location of the Kerberos database for this realm, if the DB2 module is being used and the \fI\%[dbmodules]\fP configuration section does not specify a database name. The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP\&. .TP -.B \fBdefault_principal_expiration\fP -(\fIabstime\fP string.) Specifies the default expiration date of +\fBdefault_principal_expiration\fP +(abstime string.) Specifies the default expiration date of principals created in this realm. The default value is 0, which means no expiration date. .TP -.B \fBdefault_principal_flags\fP +\fBdefault_principal_flags\fP (Flag string.) Specifies the default attributes of principals created in this realm. The format for this string is a comma\-separated list of flags, with \(aq+\(aq before each flag that @@ -180,42 +188,41 @@ disabled. The \fBpostdateable\fP, \fBforwardable\fP, \fBtgt\-based\fP, There are a number of possible flags: .INDENT 7.0 .TP -.B \fBallow\-tickets\fP +\fBallow\-tickets\fP Enabling this flag means that the KDC will issue tickets for this principal. Disabling this flag essentially deactivates the principal within this realm. .TP -.B \fBdup\-skey\fP -Enabling this flag allows the principal to obtain a session -key for another user, permitting user\-to\-user authentication -for this principal. +\fBdup\-skey\fP +Enabling this flag allows the KDC to issue user\-to\-user +service tickets for this principal. .TP -.B \fBforwardable\fP +\fBforwardable\fP Enabling this flag allows the principal to obtain forwardable tickets. .TP -.B \fBhwauth\fP +\fBhwauth\fP If this flag is enabled, then the principal is required to preauthenticate using a hardware device before receiving any tickets. .TP -.B \fBno\-auth\-data\-required\fP +\fBno\-auth\-data\-required\fP Enabling this flag prevents PAC or AD\-SIGNEDPATH data from being added to service tickets for the principal. .TP -.B \fBok\-as\-delegate\fP +\fBok\-as\-delegate\fP If this flag is enabled, it hints the client that credentials can and should be delegated when authenticating to the service. .TP -.B \fBok\-to\-auth\-as\-delegate\fP +\fBok\-to\-auth\-as\-delegate\fP Enabling this flag allows the principal to use S4USelf tickets. .TP -.B \fBpostdateable\fP +\fBpostdateable\fP Enabling this flag allows the principal to obtain postdateable tickets. .TP -.B \fBpreauth\fP +\fBpreauth\fP If this flag is enabled on a client principal, then that principal is required to preauthenticate to the KDC before receiving any tickets. On a service principal, enabling this @@ -223,15 +230,15 @@ flag means that service tickets for this principal will only be issued to clients with a TGT that has the preauthenticated bit set. .TP -.B \fBproxiable\fP +\fBproxiable\fP Enabling this flag allows the principal to obtain proxy tickets. .TP -.B \fBpwchange\fP +\fBpwchange\fP Enabling this flag forces a password change for this principal. .TP -.B \fBpwservice\fP +\fBpwservice\fP If this flag is enabled, it marks this principal as a password change service. This should only be used in special cases, for example, if a user\(aqs password has expired, then the user @@ -239,54 +246,61 @@ has to get tickets for that principal without going through the normal password authentication in order to be able to change the password. .TP -.B \fBrenewable\fP +\fBrenewable\fP Enabling this flag allows the principal to obtain renewable tickets. .TP -.B \fBservice\fP +\fBservice\fP Enabling this flag allows the the KDC to issue service tickets -for this principal. +for this principal. In release 1.17 and later, user\-to\-user +service tickets are still allowed if the \fBdup\-skey\fP flag is +set. .TP -.B \fBtgt\-based\fP +\fBtgt\-based\fP Enabling this flag allows a principal to obtain tickets based on a ticket\-granting\-ticket, rather than repeating the authentication process that was used to obtain the TGT. .UNINDENT .TP -.B \fBdict_file\fP +\fBdict_file\fP (String.) Location of the dictionary file containing strings that are not allowed as passwords. The file should contain one string per line, with no additional whitespace. If none is specified or if there is no policy assigned to the principal, no dictionary checks of passwords will be performed. .TP -.B \fBencrypted_challenge_indicator\fP +\fBencrypted_challenge_indicator\fP (String.) Specifies the authentication indicator value that the KDC asserts into tickets obtained using FAST encrypted challenge pre\-authentication. New in 1.16. .TP -.B \fBhost_based_services\fP +\fBhost_based_services\fP (Whitespace\- or comma\-separated list.) Lists services which will get host\-based referral processing even if the server principal is not marked as host\-based by the client. .TP -.B \fBiprop_enable\fP +\fBiprop_enable\fP (Boolean value.) Specifies whether incremental database propagation is enabled. The default value is false. .TP -.B \fBiprop_master_ulogsize\fP +\fBiprop_master_ulogsize\fP (Integer.) Specifies the maximum number of log entries to be retained for incremental propagation. The default value is 1000. Prior to release 1.11, the maximum value was 2500. .TP -.B \fBiprop_slave_poll\fP -(Delta time string.) Specifies how often the slave KDC polls for -new updates from the master. The default value is \fB2m\fP (that -is, two minutes). +\fBiprop_replica_poll\fP +(Delta time string.) Specifies how often the replica KDC polls +for new updates from the master. The default value is \fB2m\fP +(that is, two minutes). New in release 1.17. .TP -.B \fBiprop_listen\fP +\fBiprop_slave_poll\fP +(Delta time string.) The name for \fBiprop_replica_poll\fP prior to +release 1.17. Its value is used as a fallback if +\fBiprop_replica_poll\fP is not specified. +.TP +\fBiprop_listen\fP (Whitespace\- or comma\-separated list.) Specifies the iprop RPC -listening addresses and/or ports for the \fIkadmind(8)\fP daemon. +listening addresses and/or ports for the kadmind(8) daemon. Each entry may be an interface address, a port number, or an address and port number separated by a colon. If the address contains colons, enclose it in square brackets. If no address is @@ -296,22 +310,22 @@ default (when \fBiprop_enable\fP is true) is to bind to the wildcard address at the port specified in \fBiprop_port\fP\&. New in release 1.15. .TP -.B \fBiprop_port\fP +\fBiprop_port\fP (Port number.) Specifies the port number to be used for incremental propagation. When \fBiprop_enable\fP is true, this -relation is required in the slave configuration file, and this -relation or \fBiprop_listen\fP is required in the master +relation is required in the replica KDC configuration file, and +this relation or \fBiprop_listen\fP is required in the master configuration file, as there is no default port number. Port numbers specified in \fBiprop_listen\fP entries will override this -port number for the \fIkadmind(8)\fP daemon. +port number for the kadmind(8) daemon. .TP -.B \fBiprop_resync_timeout\fP +\fBiprop_resync_timeout\fP (Delta time string.) Specifies the amount of time to wait for a full propagation to complete. This is optional in configuration -files, and is used by slave KDCs only. The default value is 5 +files, and is used by replica KDCs only. The default value is 5 minutes (\fB5m\fP). New in release 1.11. .TP -.B \fBiprop_logfile\fP +\fBiprop_logfile\fP (File name.) Specifies where the update log file for the realm database is to be stored. The default is to use the \fBdatabase_name\fP entry from the realms section of the krb5 config @@ -322,9 +336,9 @@ back end is being used, or the file name is specified in the \fBdatabase_name\fP is used. Determination of the \fBiprop_logfile\fP default value will not use values from the [dbmodules] section.) .TP -.B \fBkadmind_listen\fP +\fBkadmind_listen\fP (Whitespace\- or comma\-separated list.) Specifies the kadmin RPC -listening addresses and/or ports for the \fIkadmind(8)\fP daemon. +listening addresses and/or ports for the kadmind(8) daemon. Each entry may be an interface address, a port number, or an address and port number separated by a colon. If the address contains colons, enclose it in square brackets. If no address is @@ -334,19 +348,19 @@ default is to bind to the wildcard address at the port specified in \fBkadmind_port\fP, or the standard kadmin port (749). New in release 1.15. .TP -.B \fBkadmind_port\fP -(Port number.) Specifies the port on which the \fIkadmind(8)\fP +\fBkadmind_port\fP +(Port number.) Specifies the port on which the kadmind(8) daemon is to listen for this realm. Port numbers specified in \fBkadmind_listen\fP entries will override this port number. The assigned port for kadmind is 749, which is used by default. .TP -.B \fBkey_stash_file\fP +\fBkey_stash_file\fP (String.) Specifies the location where the master key has been stored (via kdb5_util stash). The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/.k5.REALM\fP, where \fIREALM\fP is the Kerberos realm. .TP -.B \fBkdc_listen\fP +\fBkdc_listen\fP (Whitespace\- or comma\-separated list.) Specifies the UDP -listening addresses and/or ports for the \fIkrb5kdc(8)\fP daemon. +listening addresses and/or ports for the krb5kdc(8) daemon. Each entry may be an interface address, a port number, or an address and port number separated by a colon. If the address contains colons, enclose it in square brackets. If no address is @@ -356,16 +370,16 @@ to any of the specified addresses, it will fail to start. The default is to bind to the wildcard address on the standard port. New in release 1.15. .TP -.B \fBkdc_ports\fP +\fBkdc_ports\fP (Whitespace\- or comma\-separated list, deprecated.) Prior to release 1.15, this relation lists the ports for the -\fIkrb5kdc(8)\fP daemon to listen on for UDP requests. In +krb5kdc(8) daemon to listen on for UDP requests. In release 1.15 and later, it has the same meaning as \fBkdc_listen\fP if that relation is not defined. .TP -.B \fBkdc_tcp_listen\fP +\fBkdc_tcp_listen\fP (Whitespace\- or comma\-separated list.) Specifies the TCP -listening addresses and/or ports for the \fIkrb5kdc(8)\fP daemon. +listening addresses and/or ports for the krb5kdc(8) daemon. Each entry may be an interface address, a port number, or an address and port number separated by a colon. If the address contains colons, enclose it in square brackets. If no address is @@ -376,16 +390,16 @@ If the KDC daemon fails to bind to any of the specified addresses, it will fail to start. The default is to bind to the wildcard address on the standard port. New in release 1.15. .TP -.B \fBkdc_tcp_ports\fP +\fBkdc_tcp_ports\fP (Whitespace\- or comma\-separated list, deprecated.) Prior to release 1.15, this relation lists the ports for the -\fIkrb5kdc(8)\fP daemon to listen on for UDP requests. In +krb5kdc(8) daemon to listen on for UDP requests. In release 1.15 and later, it has the same meaning as \fBkdc_tcp_listen\fP if that relation is not defined. .TP -.B \fBkpasswd_listen\fP +\fBkpasswd_listen\fP (Comma\-separated list.) Specifies the kpasswd listening addresses -and/or ports for the \fIkadmind(8)\fP daemon. Each entry may be +and/or ports for the kadmind(8) daemon. Each entry may be an interface address, a port number, or an address and port number separated by a colon. If the address contains colons, enclose it in square brackets. If no address is specified, the wildcard @@ -394,51 +408,51 @@ addresses, it will fail to start. The default is to bind to the wildcard address at the port specified in \fBkpasswd_port\fP, or the standard kpasswd port (464). New in release 1.15. .TP -.B \fBkpasswd_port\fP -(Port number.) Specifies the port on which the \fIkadmind(8)\fP +\fBkpasswd_port\fP +(Port number.) Specifies the port on which the kadmind(8) daemon is to listen for password change requests for this realm. Port numbers specified in \fBkpasswd_listen\fP entries will override this port number. The assigned port for password change requests is 464, which is used by default. .TP -.B \fBmaster_key_name\fP +\fBmaster_key_name\fP (String.) Specifies the name of the principal associated with the master key. The default is \fBK/M\fP\&. .TP -.B \fBmaster_key_type\fP +\fBmaster_key_type\fP (Key type string.) Specifies the master key\(aqs key type. The default value for this is \fBaes256\-cts\-hmac\-sha1\-96\fP\&. For a list of all possible values, see \fI\%Encryption types\fP\&. .TP -.B \fBmax_life\fP -(\fIduration\fP string.) Specifies the maximum time period for +\fBmax_life\fP +(duration string.) Specifies the maximum time period for which a ticket may be valid in this realm. The default value is 24 hours. .TP -.B \fBmax_renewable_life\fP -(\fIduration\fP string.) Specifies the maximum time period +\fBmax_renewable_life\fP +(duration string.) Specifies the maximum time period during which a valid ticket may be renewed in this realm. The default value is 0. .TP -.B \fBno_host_referral\fP +\fBno_host_referral\fP (Whitespace\- or comma\-separated list.) Lists services to block from getting host\-based referral processing, even if the client marks the server principal as host\-based or the service is also listed in \fBhost_based_services\fP\&. \fBno_host_referral = *\fP will disable referral processing altogether. .TP -.B \fBdes_crc_session_supported\fP +\fBdes_crc_session_supported\fP (Boolean value). If set to true, the KDC will assume that service principals support des\-cbc\-crc for session key enctype negotiation -purposes. If \fBallow_weak_crypto\fP in \fIlibdefaults\fP is +purposes. If \fBallow_weak_crypto\fP in libdefaults is false, or if des\-cbc\-crc is not a permitted enctype, then this variable has no effect. Defaults to true. New in release 1.11. .TP -.B \fBreject_bad_transit\fP +\fBreject_bad_transit\fP (Boolean value.) If set to true, the KDC will check the list of transited realms for cross\-realm tickets against the transit path computed from the realm names and the capaths section of its -\fIkrb5.conf(5)\fP file; if the path in the ticket to be issued +krb5.conf(5) file; if the path in the ticket to be issued contains any realms not in the computed path, the ticket will not be issued, and an error will be returned to the client instead. If this value is set to false, such tickets will be issued @@ -455,7 +469,7 @@ only to TGS requests. .sp The default value is true. .TP -.B \fBrestrict_anonymous_to_tgt\fP +\fBrestrict_anonymous_to_tgt\fP (Boolean value.) If set to true, the KDC will reject ticket requests from anonymous principals to service principals other than the realm\(aqs ticket\-granting service. This option allows @@ -463,10 +477,16 @@ anonymous PKINIT to be enabled for use as FAST armor tickets without allowing anonymous authentication to services. The default value is false. New in release 1.9. .TP -.B \fBsupported_enctypes\fP +\fBspake_preauth_indicator\fP +(String.) Specifies an authentication indicator value that the +KDC asserts into tickets obtained using SPAKE pre\-authentication. +The default is not to add any indicators. This option may be +specified multiple times. New in release 1.17. +.TP +\fBsupported_enctypes\fP (List of \fIkey\fP:\fIsalt\fP strings.) Specifies the default key/salt combinations of principals for this realm. Any principals created -through \fIkadmin(1)\fP will have keys of these types. The +through kadmin(1) will have keys of these types. The default value for this tag is \fBaes256\-cts\-hmac\-sha1\-96:normal aes128\-cts\-hmac\-sha1\-96:normal des3\-cbc\-sha1:normal arcfour\-hmac\-md5:normal\fP\&. For lists of possible values, see \fI\%Keysalt lists\fP\&. .UNINDENT @@ -530,16 +550,16 @@ define one database parameter for the ATHENA.MIT.EDU realm: The following tags may be specified in a [dbmodules] subsection: .INDENT 0.0 .TP -.B \fBdatabase_name\fP +\fBdatabase_name\fP This DB2\-specific tag indicates the location of the database in the filesystem. The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP\&. .TP -.B \fBdb_library\fP +\fBdb_library\fP This tag indicates the name of the loadable database module. The -value should be \fBdb2\fP for the DB2 module and \fBkldap\fP for the -LDAP module. +value should be \fBdb2\fP for the DB2 module, \fBklmdb\fP for the LMDB +module, or \fBkldap\fP for the LDAP module. .TP -.B \fBdisable_last_success\fP +\fBdisable_last_success\fP If set to \fBtrue\fP, suppresses KDC updates to the "Last successful authentication" field of principal entries requiring preauthentication. Setting this flag may improve performance. @@ -547,21 +567,21 @@ preauthentication. Setting this flag may improve performance. update the "Last successful authentication" field.). First introduced in release 1.9. .TP -.B \fBdisable_lockout\fP +\fBdisable_lockout\fP If set to \fBtrue\fP, suppresses KDC updates to the "Last failed authentication" and "Failed password attempts" fields of principal entries requiring preauthentication. Setting this flag may improve performance, but also disables account lockout. First introduced in release 1.9. .TP -.B \fBldap_conns_per_server\fP +\fBldap_conns_per_server\fP This LDAP\-specific tag indicates the number of connections to be maintained per LDAP server. .TP -.B \fBldap_kdc_dn\fP and \fBldap_kadmind_dn\fP +\fBldap_kdc_dn\fP and \fBldap_kadmind_dn\fP These LDAP\-specific tags indicate the default DN for binding to -the LDAP server. The \fIkrb5kdc(8)\fP daemon uses -\fBldap_kdc_dn\fP, while the \fIkadmind(8)\fP daemon and other +the LDAP server. The krb5kdc(8) daemon uses +\fBldap_kdc_dn\fP, while the kadmind(8) daemon and other administrative programs use \fBldap_kadmind_dn\fP\&. The kadmind DN must have the rights to read and write the Kerberos data in the LDAP database. The KDC DN must have the same rights, unless @@ -570,12 +590,12 @@ which case it only needs to have rights to read the Kerberos data. These tags are ignored if a SASL mechanism is set with \fBldap_kdc_sasl_mech\fP or \fBldap_kadmind_sasl_mech\fP\&. .TP -.B \fBldap_kdc_sasl_mech\fP and \fBldap_kadmind_sasl_mech\fP +\fBldap_kdc_sasl_mech\fP and \fBldap_kadmind_sasl_mech\fP These LDAP\-specific tags specify the SASL mechanism (such as \fBEXTERNAL\fP) to use when binding to the LDAP server. New in release 1.13. .TP -.B \fBldap_kdc_sasl_authcid\fP and \fBldap_kadmind_sasl_authcid\fP +\fBldap_kdc_sasl_authcid\fP and \fBldap_kadmind_sasl_authcid\fP These LDAP\-specific tags specify the SASL authentication identity to use when binding to the LDAP server. Not all SASL mechanisms require an authentication identity. If the SASL mechanism @@ -584,35 +604,53 @@ tags also determine the name within the \fBldap_service_password_file\fP where the secret is stashed. New in release 1.13. .TP -.B \fBldap_kdc_sasl_authzid\fP and \fBldap_kadmind_sasl_authzid\fP +\fBldap_kdc_sasl_authzid\fP and \fBldap_kadmind_sasl_authzid\fP These LDAP\-specific tags specify the SASL authorization identity to use when binding to the LDAP server. In most circumstances they do not need to be specified. New in release 1.13. .TP -.B \fBldap_kdc_sasl_realm\fP and \fBldap_kadmind_sasl_realm\fP +\fBldap_kdc_sasl_realm\fP and \fBldap_kadmind_sasl_realm\fP These LDAP\-specific tags specify the SASL realm to use when binding to the LDAP server. In most circumstances they do not need to be set. New in release 1.13. .TP -.B \fBldap_kerberos_container_dn\fP +\fBldap_kerberos_container_dn\fP This LDAP\-specific tag indicates the DN of the container object where the realm objects will be located. .TP -.B \fBldap_servers\fP +\fBldap_servers\fP This LDAP\-specific tag indicates the list of LDAP servers that the Kerberos servers can connect to. The list of LDAP servers is whitespace\-separated. The LDAP server is specified by a LDAP URI. It is recommended to use \fBldapi:\fP or \fBldaps:\fP URLs to connect to the LDAP server. .TP -.B \fBldap_service_password_file\fP +\fBldap_service_password_file\fP This LDAP\-specific tag indicates the file containing the stashed passwords (created by \fBkdb5_ldap_util stashsrvpw\fP) for the \fBldap_kdc_dn\fP and \fBldap_kadmind_dn\fP objects, or for the \fBldap_kdc_sasl_authcid\fP or \fBldap_kadmind_sasl_authcid\fP names for SASL authentication. This file must be kept secure. .TP -.B \fBunlockiter\fP +\fBmapsize\fP +This LMDB\-specific tag indicates the maximum size of the two +database environments in megabytes. The default value is 128. +Increase this value to address "Environment mapsize limit reached" +errors. New in release 1.17. +.TP +\fBmax_readers\fP +This LMDB\-specific tag indicates the maximum number of concurrent +reading processes for the databases. The default value is 128. +New in release 1.17. +.TP +\fBnosync\fP +This LMDB\-specific tag can be set to improve the throughput of +kadmind and other administrative agents, at the expense of +durability (recent database changes may not survive a power outage +or other sudden reboot). It does not affect the throughput of the +KDC. The default value is false. New in release 1.17. +.TP +\fBunlockiter\fP If set to \fBtrue\fP, this DB2\-specific tag causes iteration operations to release the database lock while processing each principal. Setting this flag to \fBtrue\fP can prevent extended @@ -624,28 +662,28 @@ The following tag may be specified directly in the [dbmodules] section to control where database modules are loaded from: .INDENT 0.0 .TP -.B \fBdb_module_dir\fP +\fBdb_module_dir\fP This tag controls where the plugin system looks for database modules. The value should be an absolute path. .UNINDENT .SS [logging] .sp -The [logging] section indicates how \fIkrb5kdc(8)\fP and -\fIkadmind(8)\fP perform logging. It may contain the following +The [logging] section indicates how krb5kdc(8) and +kadmind(8) perform logging. It may contain the following relations: .INDENT 0.0 .TP -.B \fBadmin_server\fP -Specifies how \fIkadmind(8)\fP performs logging. +\fBadmin_server\fP +Specifies how kadmind(8) performs logging. .TP -.B \fBkdc\fP -Specifies how \fIkrb5kdc(8)\fP performs logging. +\fBkdc\fP +Specifies how krb5kdc(8) performs logging. .TP -.B \fBdefault\fP +\fBdefault\fP Specifies how either daemon performs logging in the absence of relations specific to the daemon. .TP -.B \fBdebug\fP +\fBdebug\fP (Boolean value.) Specifies whether debugging messages are included in log outputs other than SYSLOG. Debugging messages are always included in the system log output because syslog performs @@ -656,39 +694,35 @@ release 1.15. Logging specifications may have the following forms: .INDENT 0.0 .TP -.B \fBFILE=\fP\fIfilename\fP or \fBFILE:\fP\fIfilename\fP +\fBFILE=\fP\fIfilename\fP or \fBFILE:\fP\fIfilename\fP This value causes the daemon\(aqs logging messages to go to the \fIfilename\fP\&. If the \fB=\fP form is used, the file is overwritten. If the \fB:\fP form is used, the file is appended to. .TP -.B \fBSTDERR\fP +\fBSTDERR\fP This value causes the daemon\(aqs logging messages to go to its standard error stream. .TP -.B \fBCONSOLE\fP +\fBCONSOLE\fP This value causes the daemon\(aqs logging messages to go to the console, if the system supports it. .TP -.B \fBDEVICE=\fP\fI<devicename>\fP +\fBDEVICE=\fP\fI<devicename>\fP This causes the daemon\(aqs logging messages to go to the specified device. .TP -.B \fBSYSLOG\fP[\fB:\fP\fIseverity\fP[\fB:\fP\fIfacility\fP]] +\fBSYSLOG\fP[\fB:\fP\fIseverity\fP[\fB:\fP\fIfacility\fP]] This causes the daemon\(aqs logging messages to go to the system log. .sp -The severity argument specifies the default severity of system log -messages. This may be any of the following severities supported -by the syslog(3) call, minus the \fBLOG_\fP prefix: \fBEMERG\fP, -\fBALERT\fP, \fBCRIT\fP, \fBERR\fP, \fBWARNING\fP, \fBNOTICE\fP, \fBINFO\fP, -and \fBDEBUG\fP\&. +For backward compatibility, a severity argument may be specified, +and must be specified in order to specify a facility. This +argument will be ignored. .sp The facility argument specifies the facility under which the messages are logged. This may be any of the following facilities supported by the syslog(3) call minus the LOG_ prefix: \fBKERN\fP, \fBUSER\fP, \fBMAIL\fP, \fBDAEMON\fP, \fBAUTH\fP, \fBLPR\fP, \fBNEWS\fP, -\fBUUCP\fP, \fBCRON\fP, and \fBLOCAL0\fP through \fBLOCAL7\fP\&. -.sp -If no severity is specified, the default is \fBERR\fP\&. If no +\fBUUCP\fP, \fBCRON\fP, and \fBLOCAL0\fP through \fBLOCAL7\fP\&. If no facility is specified, the default is \fBAUTH\fP\&. .UNINDENT .sp @@ -720,13 +754,13 @@ One Time Password request to a RADIUS server. For each token type, the following tags may be specified: .INDENT 0.0 .TP -.B \fBserver\fP +\fBserver\fP This is the server to send the RADIUS request to. It can be a hostname with optional port, an ip address with optional port, or a Unix domain socket address. The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/<name>.socket\fP\&. .TP -.B \fBsecret\fP +\fBsecret\fP This tag indicates a filename (which may be relative to \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP) containing the secret used to encrypt the RADIUS packets. The secret should appear in the first line of the file by itself; @@ -735,22 +769,22 @@ the value of \fBserver\fP is a Unix domain socket address, this tag is optional, and an empty secret will be used if it is not specified. Otherwise, this tag is required. .TP -.B \fBtimeout\fP +\fBtimeout\fP An integer which specifies the time in seconds during which the KDC should attempt to contact the RADIUS server. This tag is the total time across all retries and should be less than the time which an OTP value remains valid for. The default is 5 seconds. .TP -.B \fBretries\fP +\fBretries\fP This tag specifies the number of retries to make to the RADIUS server. The default is 3 retries (4 tries). .TP -.B \fBstrip_realm\fP +\fBstrip_realm\fP If this tag is \fBtrue\fP, the principal without the realm will be passed to the RADIUS server. Otherwise, the realm will be included. The default value is \fBtrue\fP\&. .TP -.B \fBindicator\fP +\fBindicator\fP This tag specifies an authentication indicator to be included in the ticket if this token type is used to authenticate. This option may be specified multiple times. (New in release 1.14.) @@ -836,21 +870,21 @@ generic value in the [kdcdefaults] section: .UNINDENT .sp For information about the syntax of some of these options, see -\fISpecifying PKINIT identity information\fP in -\fIkrb5.conf(5)\fP\&. +Specifying PKINIT identity information in +krb5.conf(5)\&. .INDENT 0.0 .TP -.B \fBpkinit_anchors\fP +\fBpkinit_anchors\fP Specifies the location of trusted anchor (root) certificates which the KDC trusts to sign client certificates. This option is required if pkinit is to be supported by the KDC. This option may be specified multiple times. .TP -.B \fBpkinit_dh_min_bits\fP +\fBpkinit_dh_min_bits\fP Specifies the minimum number of bits the KDC is willing to accept for a client\(aqs Diffie\-Hellman key. The default is 2048. .TP -.B \fBpkinit_allow_upn\fP +\fBpkinit_allow_upn\fP Specifies that the KDC is willing to accept client certificates with the Microsoft UserPrincipalName (UPN) Subject Alternative Name (SAN). This means the KDC accepts the binding of the UPN in @@ -861,49 +895,49 @@ Without this option, the KDC will only accept certificates with the id\-pkinit\-san as defined in \fI\%RFC 4556\fP\&. There is currently no option to disable SAN checking in the KDC. .TP -.B \fBpkinit_eku_checking\fP +\fBpkinit_eku_checking\fP This option specifies what Extended Key Usage (EKU) values the KDC is willing to accept in client certificates. The values recognized in the kdc.conf file are: .INDENT 7.0 .TP -.B \fBkpClientAuth\fP +\fBkpClientAuth\fP This is the default value and specifies that client certificates must have the id\-pkinit\-KPClientAuth EKU as defined in \fI\%RFC 4556\fP\&. .TP -.B \fBscLogin\fP +\fBscLogin\fP If scLogin is specified, client certificates with the Microsoft Smart Card Login EKU (id\-ms\-kp\-sc\-logon) will be accepted. .TP -.B \fBnone\fP +\fBnone\fP If none is specified, then client certificates will not be checked to verify they have an acceptable EKU. The use of this option is not recommended. .UNINDENT .TP -.B \fBpkinit_identity\fP +\fBpkinit_identity\fP Specifies the location of the KDC\(aqs X.509 identity information. This option is required if pkinit is to be supported by the KDC. .TP -.B \fBpkinit_indicator\fP +\fBpkinit_indicator\fP Specifies an authentication indicator to include in the ticket if pkinit is used to authenticate. This option may be specified multiple times. (New in release 1.14.) .TP -.B \fBpkinit_pool\fP +\fBpkinit_pool\fP Specifies the location of intermediate certificates which may be used by the KDC to complete the trust chain between a client\(aqs certificate and a trusted anchor. This option may be specified multiple times. .TP -.B \fBpkinit_revoke\fP +\fBpkinit_revoke\fP Specifies the location of Certificate Revocation List (CRL) information to be used by the KDC when verifying the validity of client certificates. This option may be specified multiple times. .TP -.B \fBpkinit_require_crl_checking\fP +\fBpkinit_require_crl_checking\fP The default certificate verification process will always check the available revocation information to see if a certificate has been revoked. If a match is found for the certificate in a CRL, @@ -918,6 +952,11 @@ fails. .sp \fBpkinit_require_crl_checking\fP should be set to true if the policy is such that up\-to\-date CRLs must be present for every CA. +.TP +\fBpkinit_require_freshness\fP +Specifies whether to require clients to include a freshness token +in PKINIT requests. The default value is false. (New in release +1.17.) .UNINDENT .SH ENCRYPTION TYPES .sp @@ -1190,10 +1229,10 @@ Here\(aqs an example of a kdc.conf file: \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kdc.conf\fP .SH SEE ALSO .sp -\fIkrb5.conf(5)\fP, \fIkrb5kdc(8)\fP, \fIkadm5.acl(5)\fP +krb5.conf(5), krb5kdc(8), kadm5.acl(5) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kdestroy.man b/src/man/kdestroy.man index 0801994..7b4b217 100644 --- a/src/man/kdestroy.man +++ b/src/man/kdestroy.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KDESTROY" "1" " " "1.16" "MIT Kerberos" +.TH "KDESTROY" "1" " " "1.17" "MIT Kerberos" .SH NAME kdestroy \- destroy Kerberos tickets . @@ -45,15 +45,16 @@ credentials cache is destroyed. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-A\fP +\fB\-A\fP Destroys all caches in the collection, if a cache collection is -available. +available. May be used with the \fB\-c\fP option to specify the +collection to be destroyed. .TP -.B \fB\-q\fP +\fB\-q\fP Run quietly. Normally kdestroy beeps if it fails to destroy the user\(aqs tickets. The \fB\-q\fP flag suppresses this behavior. .TP -.B \fB\-c\fP \fIcache_name\fP +\fB\-c\fP \fIcache_name\fP Use \fIcache_name\fP as the credentials (ticket) cache name and location; if this option is not used, the default cache name and location are used. @@ -61,6 +62,11 @@ location are used. The default credentials cache may vary between systems. If the \fBKRB5CCNAME\fP environment variable is set, its value is used to name the default ticket cache. +.TP +\fB\-p\fP \fIprinc_name\fP +If a cache collection is available, destroy the cache for +\fIprinc_name\fP instead of the primary cache. May be used with the +\fB\-c\fP option to specify the collection to be searched. .UNINDENT .SH NOTE .sp @@ -69,17 +75,8 @@ your .logout file, so that your tickets are destroyed automatically when you log out. .SH ENVIRONMENT .sp -kdestroy uses the following environment variable: -.INDENT 0.0 -.TP -.B \fBKRB5CCNAME\fP -Location of the default Kerberos 5 credentials (ticket) cache, in -the form \fItype\fP:\fIresidual\fP\&. If no \fItype\fP prefix is present, the -\fBFILE\fP type is assumed. The type of the default cache may -determine the availability of a cache collection; for instance, a -default cache of type \fBDIR\fP causes caches within the directory -to be present in the collection. -.UNINDENT +See kerberos(7) for a description of Kerberos environment +variables. .SH FILES .INDENT 0.0 .TP @@ -88,10 +85,10 @@ Default location of Kerberos 5 credentials cache .UNINDENT .SH SEE ALSO .sp -\fIkinit(1)\fP, \fIklist(1)\fP +kinit(1), klist(1), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kinit.man b/src/man/kinit.man index 24a6f96..16ecbaf 100644 --- a/src/man/kinit.man +++ b/src/man/kinit.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KINIT" "1" " " "1.16" "MIT Kerberos" +.TH "KINIT" "1" " " "1.17" "MIT Kerberos" .SH NAME kinit \- obtain and cache Kerberos ticket-granting ticket . @@ -63,11 +63,11 @@ choice of principal name. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-V\fP +\fB\-V\fP display verbose output. .TP -.B \fB\-l\fP \fIlifetime\fP -(\fIduration\fP string.) Requests a ticket with the lifetime +\fB\-l\fP \fIlifetime\fP +(duration string.) Requests a ticket with the lifetime \fIlifetime\fP\&. .sp For example, \fBkinit \-l 5:30\fP or \fBkinit \-l 5h30m\fP\&. @@ -77,62 +77,62 @@ If the \fB\-l\fP option is not specified, the default ticket lifetime longer than the maximum ticket lifetime (configured by each site) will not override the configured maximum ticket lifetime. .TP -.B \fB\-s\fP \fIstart_time\fP -(\fIduration\fP string.) Requests a postdated ticket. Postdated +\fB\-s\fP \fIstart_time\fP +(duration string.) Requests a postdated ticket. Postdated tickets are issued with the \fBinvalid\fP flag set, and need to be resubmitted to the KDC for validation before use. .sp \fIstart_time\fP specifies the duration of the delay before the ticket can become valid. .TP -.B \fB\-r\fP \fIrenewable_life\fP -(\fIduration\fP string.) Requests renewable tickets, with a total +\fB\-r\fP \fIrenewable_life\fP +(duration string.) Requests renewable tickets, with a total lifetime of \fIrenewable_life\fP\&. .TP -.B \fB\-f\fP +\fB\-f\fP requests forwardable tickets. .TP -.B \fB\-F\fP +\fB\-F\fP requests non\-forwardable tickets. .TP -.B \fB\-p\fP +\fB\-p\fP requests proxiable tickets. .TP -.B \fB\-P\fP +\fB\-P\fP requests non\-proxiable tickets. .TP -.B \fB\-a\fP +\fB\-a\fP requests tickets restricted to the host\(aqs local address[es]. .TP -.B \fB\-A\fP +\fB\-A\fP requests tickets not restricted by address. .TP -.B \fB\-C\fP +\fB\-C\fP requests canonicalization of the principal name, and allows the KDC to reply with a different client principal from the one requested. .TP -.B \fB\-E\fP +\fB\-E\fP treats the principal name as an enterprise name (implies the \fB\-C\fP option). .TP -.B \fB\-v\fP +\fB\-v\fP requests that the ticket\-granting ticket in the cache (with the \fBinvalid\fP flag set) be passed to the KDC for validation. If the ticket is within its requested time range, the cache is replaced with the validated ticket. .TP -.B \fB\-R\fP +\fB\-R\fP requests renewal of the ticket\-granting ticket. Note that an expired ticket cannot be renewed, even if the ticket is still within its renewable life. .sp Note that renewable tickets that have expired as reported by -\fIklist(1)\fP may sometimes be renewed using this option, +klist(1) may sometimes be renewed using this option, because the KDC applies a grace period to account for client\-KDC -clock skew. See \fIkrb5.conf(5)\fP \fBclockskew\fP setting. +clock skew. See krb5.conf(5) \fBclockskew\fP setting. .TP -.B \fB\-k\fP [\fB\-i\fP | \fB\-t\fP \fIkeytab_file\fP] +\fB\-k\fP [\fB\-i\fP | \fB\-t\fP \fIkeytab_file\fP] requests a ticket, obtained from a key in the local host\(aqs keytab. The location of the keytab may be specified with the \fB\-t\fP \fIkeytab_file\fP option, or with the \fB\-i\fP option to specify the use @@ -144,12 +144,12 @@ the KDC database and look up the key directly. This permits an administrator to obtain tickets as any principal that supports authentication based on the key. .TP -.B \fB\-n\fP +\fB\-n\fP Requests anonymous processing. Two types of anonymous principals are supported. .sp For fully anonymous Kerberos, configure pkinit on the KDC and -configure \fBpkinit_anchors\fP in the client\(aqs \fIkrb5.conf(5)\fP\&. +configure \fBpkinit_anchors\fP in the client\(aqs krb5.conf(5)\&. Then use the \fB\-n\fP option with a principal of the form \fB@REALM\fP (an empty principal name followed by the at\-sign and a realm name). If permitted by the KDC, an anonymous ticket will be @@ -177,7 +177,7 @@ preselecting the same methods of authenticating to the KDC. .UNINDENT .INDENT 0.0 .TP -.B \fB\-T\fP \fIarmor_ccache\fP +\fB\-T\fP \fIarmor_ccache\fP Specifies the name of a credentials cache that already contains a ticket. If supported by the KDC, this cache will be used to armor the request, preventing offline dictionary attacks and allowing @@ -185,7 +185,7 @@ the use of additional preauthentication mechanisms. Armoring also makes sure that the response from the KDC is not modified in transit. .TP -.B \fB\-c\fP \fIcache_name\fP +\fB\-c\fP \fIcache_name\fP use \fIcache_name\fP as the Kerberos 5 credentials (ticket) cache location. If this option is not used, the default cache location is used. @@ -199,11 +199,11 @@ principal is selected or a new one is created and becomes the new primary cache. Otherwise, any existing contents of the default cache are destroyed by kinit. .TP -.B \fB\-S\fP \fIservice_name\fP +\fB\-S\fP \fIservice_name\fP specify an alternate service name to use when getting initial tickets. .TP -.B \fB\-X\fP \fIattribute\fP[=\fIvalue\fP] +\fB\-X\fP \fIattribute\fP[=\fIvalue\fP] specify a pre\-authentication \fIattribute\fP and \fIvalue\fP to be interpreted by pre\-authentication modules. The acceptable attribute and value values vary from module to module. This @@ -214,30 +214,24 @@ The following attributes are recognized by the PKINIT pre\-authentication mechanism: .INDENT 7.0 .TP -.B \fBX509_user_identity\fP=\fIvalue\fP +\fBX509_user_identity\fP=\fIvalue\fP specify where to find user\(aqs X509 identity information .TP -.B \fBX509_anchors\fP=\fIvalue\fP +\fBX509_anchors\fP=\fIvalue\fP specify where to find trusted X509 anchor information .TP -.B \fBflag_RSA_PROTOCOL\fP[\fB=yes\fP] +\fBflag_RSA_PROTOCOL\fP[\fB=yes\fP] specify use of RSA, rather than the default Diffie\-Hellman protocol +.TP +\fBdisable_freshness\fP[\fB=yes\fP] +disable sending freshness tokens (for testing purposes only) .UNINDENT .UNINDENT .SH ENVIRONMENT .sp -kinit uses the following environment variables: -.INDENT 0.0 -.TP -.B \fBKRB5CCNAME\fP -Location of the default Kerberos 5 credentials cache, in the form -\fItype\fP:\fIresidual\fP\&. If no \fItype\fP prefix is present, the \fBFILE\fP -type is assumed. The type of the default cache may determine the -availability of a cache collection; for instance, a default cache -of type \fBDIR\fP causes caches within the directory to be present -in the collection. -.UNINDENT +See kerberos(7) for a description of Kerberos environment +variables. .SH FILES .INDENT 0.0 .TP @@ -249,10 +243,10 @@ default location for the local host\(aqs keytab. .UNINDENT .SH SEE ALSO .sp -\fIklist(1)\fP, \fIkdestroy(1)\fP, kerberos(1) +klist(1), kdestroy(1), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/klist.man b/src/man/klist.man index c73a88d..8f3b4df 100644 --- a/src/man/klist.man +++ b/src/man/klist.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KLIST" "1" " " "1.16" "MIT Kerberos" +.TH "KLIST" "1" " " "1.17" "MIT Kerberos" .SH NAME klist \- list cached Kerberos tickets . @@ -46,24 +46,24 @@ credentials cache, or the keys held in a keytab file. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-e\fP +\fB\-e\fP Displays the encryption types of the session key and the ticket for each credential in the credential cache, or each key in the keytab file. .TP -.B \fB\-l\fP +\fB\-l\fP If a cache collection is available, displays a table summarizing the caches present in the collection. .TP -.B \fB\-A\fP +\fB\-A\fP If a cache collection is available, displays the contents of all of the caches in the collection. .TP -.B \fB\-c\fP +\fB\-c\fP List tickets held in a credentials cache. This is the default if neither \fB\-c\fP nor \fB\-k\fP is specified. .TP -.B \fB\-f\fP +\fB\-f\fP Shows the flags present in the credentials, using the following abbreviations: .INDENT 7.0 @@ -90,39 +90,39 @@ a anonymous .UNINDENT .UNINDENT .TP -.B \fB\-s\fP +\fB\-s\fP Causes klist to run silently (produce no output). klist will exit with status 1 if the credentials cache cannot be read or is expired, and with status 0 otherwise. .TP -.B \fB\-a\fP +\fB\-a\fP Display list of addresses in credentials. .TP -.B \fB\-n\fP +\fB\-n\fP Show numeric addresses instead of reverse\-resolving addresses. .TP -.B \fB\-C\fP +\fB\-C\fP List configuration data that has been stored in the credentials cache when klist encounters it. By default, configuration data is not listed. .TP -.B \fB\-k\fP +\fB\-k\fP List keys held in a keytab file. .TP -.B \fB\-i\fP +\fB\-i\fP In combination with \fB\-k\fP, defaults to using the default client keytab instead of the default acceptor keytab, if no name is given. .TP -.B \fB\-t\fP +\fB\-t\fP Display the time entry timestamps for each keytab entry in the keytab file. .TP -.B \fB\-K\fP +\fB\-K\fP Display the value of the encryption key in each keytab entry in the keytab file. .TP -.B \fB\-V\fP +\fB\-V\fP Display the Kerberos version number and exit. .UNINDENT .sp @@ -132,17 +132,8 @@ appropriate. If the \fBKRB5CCNAME\fP environment variable is set, its value is used to locate the default ticket cache. .SH ENVIRONMENT .sp -klist uses the following environment variable: -.INDENT 0.0 -.TP -.B \fBKRB5CCNAME\fP -Location of the default Kerberos 5 credentials (ticket) cache, in -the form \fItype\fP:\fIresidual\fP\&. If no \fItype\fP prefix is present, the -\fBFILE\fP type is assumed. The type of the default cache may -determine the availability of a cache collection; for instance, a -default cache of type \fBDIR\fP causes caches within the directory -to be present in the collection. -.UNINDENT +See kerberos(7) for a description of Kerberos environment +variables. .SH FILES .INDENT 0.0 .TP @@ -154,10 +145,10 @@ Default location for the local host\(aqs keytab file. .UNINDENT .SH SEE ALSO .sp -\fIkinit(1)\fP, \fIkdestroy(1)\fP +kinit(1), kdestroy(1), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kpasswd.man b/src/man/kpasswd.man index 89bdc96..ef12654 100644 --- a/src/man/kpasswd.man +++ b/src/man/kpasswd.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KPASSWD" "1" " " "1.16" "MIT Kerberos" +.TH "KPASSWD" "1" " " "1.17" "MIT Kerberos" .SH NAME kpasswd \- change a user's Kerberos password . @@ -53,12 +53,16 @@ Otherwise, kpasswd uses the principal name from an existing ccache if there is one; if not, the principal is derived from the identity of the user invoking the kpasswd command. .UNINDENT +.SH ENVIRONMENT +.sp +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkadmin(1)\fP, \fIkadmind(8)\fP +kadmin(1), kadmind(8), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kprop.man b/src/man/kprop.man index 45ceaaf..7bbc5c1 100644 --- a/src/man/kprop.man +++ b/src/man/kprop.man @@ -1,8 +1,8 @@ .\" Man page generated from reStructuredText. . -.TH "KPROP" "8" " " "1.16" "MIT Kerberos" +.TH "KPROP" "8" " " "1.17" "MIT Kerberos" .SH NAME -kprop \- propagate a Kerberos V5 principal database to a slave server +kprop \- propagate a Kerberos V5 principal database to a replica server . .nr rst2man-indent-level 0 . @@ -38,47 +38,45 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] [\fB\-d\fP] [\fB\-P\fP \fIport\fP] [\fB\-s\fP \fIkeytab\fP] -\fIslave_host\fP +\fIreplica_host\fP .SH DESCRIPTION .sp kprop is used to securely propagate a Kerberos V5 database dump file -from the master Kerberos server to a slave Kerberos server, which is -specified by \fIslave_host\fP\&. The dump file must be created by -\fIkdb5_util(8)\fP\&. +from the master Kerberos server to a replica Kerberos server, which is +specified by \fIreplica_host\fP\&. The dump file must be created by +kdb5_util(8)\&. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP Specifies the realm of the master server. .TP -.B \fB\-f\fP \fIfile\fP +\fB\-f\fP \fIfile\fP Specifies the filename where the dumped principal database file is to be found; by default the dumped database file is normally -\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/slave_datatrans\fP\&. +\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/replica_datatrans\fP\&. .TP -.B \fB\-P\fP \fIport\fP -Specifies the port to use to contact the \fIkpropd(8)\fP server +\fB\-P\fP \fIport\fP +Specifies the port to use to contact the kpropd(8) server on the remote host. .TP -.B \fB\-d\fP +\fB\-d\fP Prints debugging information. .TP -.B \fB\-s\fP \fIkeytab\fP +\fB\-s\fP \fIkeytab\fP Specifies the location of the keytab file. .UNINDENT .SH ENVIRONMENT .sp -\fIkprop\fP uses the following environment variable: -.INDENT 0.0 -.IP \(bu 2 -\fBKRB5_CONFIG\fP -.UNINDENT +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkpropd(8)\fP, \fIkdb5_util(8)\fP, \fIkrb5kdc(8)\fP +kpropd(8), kdb5_util(8), krb5kdc(8), +kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kpropd.man b/src/man/kpropd.man index a40e542..262a8ef 100644 --- a/src/man/kpropd.man +++ b/src/man/kpropd.man @@ -1,8 +1,8 @@ .\" Man page generated from reStructuredText. . -.TH "KPROPD" "8" " " "1.16" "MIT Kerberos" +.TH "KPROPD" "8" " " "1.17" "MIT Kerberos" .SH NAME -kpropd \- Kerberos V5 slave KDC update server +kpropd \- Kerberos V5 replica KDC update server . .nr rst2man-indent-level 0 . @@ -36,7 +36,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] [\fB\-r\fP \fIrealm\fP] [\fB\-A\fP \fIadmin_server\fP] [\fB\-a\fP \fIacl_file\fP] -[\fB\-f\fP \fIslave_dumpfile\fP] +[\fB\-f\fP \fIreplica_dumpfile\fP] [\fB\-F\fP \fIprincipal_database\fP] [\fB\-p\fP \fIkdb5_util_prog\fP] [\fB\-P\fP \fIport\fP] @@ -45,18 +45,19 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] [\fB\-t\fP] .SH DESCRIPTION .sp -The \fIkpropd\fP command runs on the slave KDC server. It listens for -update requests made by the \fIkprop(8)\fP program. If incremental +The \fIkpropd\fP command runs on the replica KDC server. It listens for +update requests made by the kprop(8) program. If incremental propagation is enabled, it periodically requests incremental updates from the master KDC. .sp -When the slave receives a kprop request from the master, kpropd +When the replica receives a kprop request from the master, kpropd accepts the dumped KDC database and places it in a file, and then runs -\fIkdb5_util(8)\fP to load the dumped database into the active -database which is used by \fIkrb5kdc(8)\fP\&. This allows the master -Kerberos server to use \fIkprop(8)\fP to propagate its database to -the slave servers. Upon a successful download of the KDC database -file, the slave Kerberos server will have an up\-to\-date KDC database. +kdb5_util(8) to load the dumped database into the active +database which is used by krb5kdc(8)\&. This allows the master +Kerberos server to use kprop(8) to propagate its database to +the replica servers. Upon a successful download of the KDC database +file, the replica Kerberos server will have an up\-to\-date KDC +database. .sp Where incremental propagation is not used, kpropd is commonly invoked out of inetd(8) as a nowait service. This is done by adding a line to @@ -82,58 +83,58 @@ kpropd in standalone mode; this option is now accepted for backward compatibility but does nothing. .sp Incremental propagation may be enabled with the \fBiprop_enable\fP -variable in \fIkdc.conf(5)\fP\&. If incremental propagation is -enabled, the slave periodically polls the master KDC for updates, at -an interval determined by the \fBiprop_slave_poll\fP variable. If the -slave receives updates, kpropd updates its log file with any updates -from the master. \fIkproplog(8)\fP can be used to view a summary of -the update entry log on the slave KDC. If incremental propagation is -enabled, the principal \fBkiprop/slavehostname@REALM\fP (where -\fIslavehostname\fP is the name of the slave KDC host, and \fIREALM\fP is the -name of the Kerberos realm) must be present in the slave\(aqs keytab -file. +variable in kdc.conf(5)\&. If incremental propagation is +enabled, the replica periodically polls the master KDC for updates, at +an interval determined by the \fBiprop_replica_poll\fP variable. If the +replica receives updates, kpropd updates its log file with any updates +from the master. kproplog(8) can be used to view a summary of +the update entry log on the replica KDC. If incremental propagation +is enabled, the principal \fBkiprop/replicahostname@REALM\fP (where +\fIreplicahostname\fP is the name of the replica KDC host, and \fIREALM\fP is +the name of the Kerberos realm) must be present in the replica\(aqs +keytab file. .sp -\fIkproplog(8)\fP can be used to force full replication when iprop is +kproplog(8) can be used to force full replication when iprop is enabled. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-r\fP \fIrealm\fP +\fB\-r\fP \fIrealm\fP Specifies the realm of the master server. .TP -.B \fB\-A\fP \fIadmin_server\fP +\fB\-A\fP \fIadmin_server\fP Specifies the server to be contacted for incremental updates; by default, the master admin server is contacted. .TP -.B \fB\-f\fP \fIfile\fP +\fB\-f\fP \fIfile\fP Specifies the filename where the dumped principal database file is to be stored; by default the dumped database file is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/from_master\fP\&. .TP -.B \fB\-p\fP -Allows the user to specify the pathname to the \fIkdb5_util(8)\fP +\fB\-p\fP +Allows the user to specify the pathname to the kdb5_util(8) program; by default the pathname used is \fB@SBINDIR@\fP\fB/kdb5_util\fP\&. .TP -.B \fB\-d\fP +\fB\-d\fP Turn on debug mode. In this mode, kpropd will not detach itself from the current job and run in the background. Instead, it will run in the foreground and print out debugging messages during the database propagation. .TP -.B \fB\-t\fP +\fB\-t\fP In standalone mode without incremental propagation, exit after one dump file is received. In incremental propagation mode, exit as soon as the database is up to date, or if the master returns an error. .TP -.B \fB\-P\fP +\fB\-P\fP Allow for an alternate port number for kpropd to listen on. This is only useful in combination with the \fB\-S\fP option. .TP -.B \fB\-a\fP \fIacl_file\fP +\fB\-a\fP \fIacl_file\fP Allows the user to specify the path to the kpropd.acl file; by default the path used is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kpropd.acl\fP\&. .TP -.B \fB\-\-pid\-file\fP=\fIpid_file\fP +\fB\-\-pid\-file\fP=\fIpid_file\fP In standalone mode, write the process ID of the daemon into \fIpid_file\fP\&. .UNINDENT @@ -153,14 +154,19 @@ kpropd uses the following environment variables: Access file for kpropd; the default location is \fB/usr/local/var/krb5kdc/kpropd.acl\fP\&. Each entry is a line containing the principal of a host from which the local machine -will allow Kerberos database propagation via \fIkprop(8)\fP\&. +will allow Kerberos database propagation via kprop(8)\&. .UNINDENT +.SH ENVIRONMENT +.sp +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkprop(8)\fP, \fIkdb5_util(8)\fP, \fIkrb5kdc(8)\fP, inetd(8) +kprop(8), kdb5_util(8), krb5kdc(8), +kerberos(7), inetd(8) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kproplog.man b/src/man/kproplog.man index 7bdf17d..88d089c 100644 --- a/src/man/kproplog.man +++ b/src/man/kproplog.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KPROPLOG" "8" " " "1.16" "MIT Kerberos" +.TH "KPROPLOG" "8" " " "1.17" "MIT Kerberos" .SH NAME kproplog \- display the contents of the Kerberos principal update log . @@ -39,40 +39,40 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] The kproplog command displays the contents of the KDC database update log to standard output. It can be used to keep track of incremental updates to the principal database. The update log file contains the -update log maintained by the \fIkadmind(8)\fP process on the master -KDC server and the \fIkpropd(8)\fP process on the slave KDC servers. -When updates occur, they are logged to this file. Subsequently any -KDC slave configured for incremental updates will request the current -data from the master KDC and update their log file with any updates -returned. +update log maintained by the kadmind(8) process on the master +KDC server and the kpropd(8) process on the replica KDC +servers. When updates occur, they are logged to this file. +Subsequently any KDC replica configured for incremental updates will +request the current data from the master KDC and update their log file +with any updates returned. .sp The kproplog command requires read access to the update log file. It will display update entries only for the KDC it runs on. .sp If no options are specified, kproplog displays a summary of the update log. If invoked on the master, kproplog also displays all of the -update entries. If invoked on a slave KDC server, kproplog displays +update entries. If invoked on a replica KDC server, kproplog displays only a summary of the updates, which includes the serial number of the last update received and the associated time stamp of the last update. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-R\fP -Reset the update log. This forces full resynchronization. If used -on a slave then that slave will request a full resync. If used on -the master then all slaves will request full resyncs. +\fB\-R\fP +Reset the update log. This forces full resynchronization. If +used on a replica then that replica will request a full resync. +If used on the master then all replicas will request full resyncs. .TP -.B \fB\-h\fP +\fB\-h\fP Display a summary of the update log. This information includes the database version number, state of the database, the number of updates in the log, the time stamp of the first and last update, and the version number of the first and last update entry. .TP -.B \fB\-e\fP \fInum\fP +\fB\-e\fP \fInum\fP Display the last \fInum\fP update entries in the log. This is useful when debugging synchronization between KDC servers. .TP -.B \fB\-v\fP +\fB\-v\fP Display individual attributes per update. An example of the output generated for one entry: .INDENT 7.0 @@ -101,17 +101,14 @@ Update Entry .UNINDENT .SH ENVIRONMENT .sp -kproplog uses the following environment variables: -.INDENT 0.0 -.IP \(bu 2 -\fBKRB5_KDC_PROFILE\fP -.UNINDENT +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkpropd(8)\fP +kpropd(8), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/krb5-config.man b/src/man/krb5-config.man index 2899808..59a151f 100644 --- a/src/man/krb5-config.man +++ b/src/man/krb5-config.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KRB5-CONFIG" "1" " " "1.16" "MIT Kerberos" +.TH "KRB5-CONFIG" "1" " " "1.17" "MIT Kerberos" .SH NAME krb5-config \- tool for linking against MIT Kerberos libraries . @@ -41,39 +41,39 @@ and link programs against the installed Kerberos libraries. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-\fP\fB\-help\fP +\fB\-\fP\fB\-help\fP prints a usage message. This is the default behavior when no options are specified. .TP -.B \fB\-\fP\fB\-all\fP +\fB\-\fP\fB\-all\fP prints the version, vendor, prefix, and exec\-prefix. .TP -.B \fB\-\fP\fB\-version\fP +\fB\-\fP\fB\-version\fP prints the version number of the Kerberos installation. .TP -.B \fB\-\fP\fB\-vendor\fP +\fB\-\fP\fB\-vendor\fP prints the name of the vendor of the Kerberos installation. .TP -.B \fB\-\fP\fB\-prefix\fP +\fB\-\fP\fB\-prefix\fP prints the prefix for which the Kerberos installation was built. .TP -.B \fB\-\fP\fB\-exec\-prefix\fP +\fB\-\fP\fB\-exec\-prefix\fP prints the prefix for executables for which the Kerberos installation was built. .TP -.B \fB\-\fP\fB\-defccname\fP +\fB\-\fP\fB\-defccname\fP prints the built\-in default credentials cache location. .TP -.B \fB\-\fP\fB\-defktname\fP +\fB\-\fP\fB\-defktname\fP prints the built\-in default keytab location. .TP -.B \fB\-\fP\fB\-defcktname\fP +\fB\-\fP\fB\-defcktname\fP prints the built\-in default client (initiator) keytab location. .TP -.B \fB\-\fP\fB\-cflags\fP +\fB\-\fP\fB\-cflags\fP prints the compilation flags used to build the Kerberos installation. .TP -.B \fB\-\fP\fB\-libs\fP [\fIlibrary\fP] +\fB\-\fP\fB\-libs\fP [\fIlibrary\fP] prints the compiler options needed to link against \fIlibrary\fP\&. Allowed values for \fIlibrary\fP are: .TS @@ -132,10 +132,10 @@ shell% krb5\-config \-\-libs krb5 .UNINDENT .SH SEE ALSO .sp -kerberos(1), cc(1) +kerberos(7), cc(1) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man index 1f69378..c7f8002 100644 --- a/src/man/krb5.conf.man +++ b/src/man/krb5.conf.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KRB5.CONF" "5" " " "1.16" "MIT Kerberos" +.TH "KRB5.CONF" "5" " " "1.17" "MIT Kerberos" .SH NAME krb5.conf \- Kerberos configuration file . @@ -46,8 +46,10 @@ underscores will be read. .SH STRUCTURE .sp The krb5.conf file is set up in the style of a Windows INI file. -Sections are headed by the section name, in square brackets. Each -section may contain zero or more relations, of the form: +Lines beginning with \(aq#\(aq or \(aq;\(aq (possibly after initial whitespace) +are ignored as comments. Sections are headed by the section name, in +square brackets. Each section may contain zero or more relations, of +the form: .INDENT 0.0 .INDENT 3.5 .sp @@ -115,7 +117,9 @@ alphanumeric characters, dashes, or underscores. Starting in release 1.15, files with names ending in ".conf" are also included, unless the name begins with ".". Included profile files are syntactically independent of their parents, so each included file must begin with a -section header. +section header. Starting in release 1.17, files are read in +alphanumeric order; in previous releases, they may be read in any +order. .sp The krb5.conf file can specify that configuration should be obtained from a loadable module, rather than the file itself, using the @@ -135,7 +139,7 @@ module MODULEPATH:RESIDUAL \fIMODULEPATH\fP may be relative to the library path of the krb5 installation, or it may be an absolute path. \fIRESIDUAL\fP is provided to the module at initialization time. If krb5.conf uses a module -directive, \fIkdc.conf(5)\fP should also use one if it exists. +directive, kdc.conf(5) should also use one if it exists. .SH SECTIONS .sp The krb5.conf file may contain the following sections: @@ -182,15 +186,15 @@ _ .TE .sp Additionally, krb5.conf may include any of the relations described in -\fIkdc.conf(5)\fP, but it is not a recommended practice. +kdc.conf(5), but it is not a recommended practice. .SS [libdefaults] .sp The libdefaults section may contain any of the following relations: .INDENT 0.0 .TP -.B \fBallow_weak_crypto\fP +\fBallow_weak_crypto\fP If this flag is set to false, then weak encryption types (as noted -in \fIEncryption_types\fP in \fIkdc.conf(5)\fP) will be filtered +in Encryption_types in kdc.conf(5)) will be filtered out of the lists \fBdefault_tgs_enctypes\fP, \fBdefault_tkt_enctypes\fP, and \fBpermitted_enctypes\fP\&. The default value for this tag is false, which may cause authentication @@ -198,7 +202,7 @@ failures in existing Kerberos infrastructures that do not support strong crypto. Users in affected environments should set this tag to true until their infrastructure adopts stronger ciphers. .TP -.B \fBap_req_checksum_type\fP +\fBap_req_checksum_type\fP An integer which specifies the type of AP\-REQ checksum to use in authenticators. This variable should be unset so the appropriate checksum for the encryption key in use will be used. This can be @@ -206,20 +210,20 @@ set if backward compatibility requires a specific checksum type. See the \fBkdc_req_checksum_type\fP configuration option for the possible values and their meanings. .TP -.B \fBcanonicalize\fP +\fBcanonicalize\fP If this flag is set to true, initial ticket requests to the KDC will request canonicalization of the client principal name, and answers with different client principals than the requested principal will be accepted. The default value is false. .TP -.B \fBccache_type\fP +\fBccache_type\fP This parameter determines the format of credential cache types -created by \fIkinit(1)\fP or other programs. The default value +created by kinit(1) or other programs. The default value is 4, which represents the most current format. Smaller values can be used for compatibility with very old implementations of Kerberos which interact with credential caches on the same host. .TP -.B \fBclockskew\fP +\fBclockskew\fP Sets the maximum allowable amount of clockskew in seconds that the library will tolerate before assuming that a Kerberos message is invalid. The default value is 300 seconds, or five minutes. @@ -230,35 +234,35 @@ their expiration time can still be used (and renewed if they are renewable tickets) if they have been expired for a shorter duration than the \fBclockskew\fP setting. .TP -.B \fBdefault_ccache_name\fP +\fBdefault_ccache_name\fP This relation specifies the name of the default credential cache. The default is \fB@CCNAME@\fP\&. This relation is subject to parameter expansion (see below). New in release 1.11. .TP -.B \fBdefault_client_keytab_name\fP +\fBdefault_client_keytab_name\fP This relation specifies the name of the default keytab for obtaining client credentials. The default is \fB@CKTNAME@\fP\&. This relation is subject to parameter expansion (see below). New in release 1.11. .TP -.B \fBdefault_keytab_name\fP +\fBdefault_keytab_name\fP This relation specifies the default keytab name to be used by application servers such as sshd. The default is \fB@KTNAME@\fP\&. This relation is subject to parameter expansion (see below). .TP -.B \fBdefault_realm\fP +\fBdefault_realm\fP Identifies the default Kerberos realm for the client. Set its value to your Kerberos realm. If this value is not set, then a realm must be specified with every Kerberos principal when -invoking programs such as \fIkinit(1)\fP\&. +invoking programs such as kinit(1)\&. .TP -.B \fBdefault_tgs_enctypes\fP +\fBdefault_tgs_enctypes\fP Identifies the supported list of session key encryption types that the client should request when making a TGS\-REQ, in order of preference from highest to lowest. The list may be delimited with -commas or whitespace. See \fIEncryption_types\fP in -\fIkdc.conf(5)\fP for a list of the accepted values for this tag. -The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha256\-128 aes256\-cts\-hmac\-sha384\-192 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types +commas or whitespace. See Encryption_types in +kdc.conf(5) for a list of the accepted values for this tag. +The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly removed from this list if the value of \fBallow_weak_crypto\fP is false. .sp @@ -267,12 +271,12 @@ compatibility purposes; stale values of this setting can prevent clients from taking advantage of new stronger enctypes when the libraries are upgraded. .TP -.B \fBdefault_tkt_enctypes\fP +\fBdefault_tkt_enctypes\fP Identifies the supported list of session key encryption types that the client should request when making an AS\-REQ, in order of preference from highest to lowest. The format is the same as for default_tgs_enctypes. The default value for this tag is -\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha256\-128 aes256\-cts\-hmac\-sha384\-192 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly +\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly removed from this list if the value of \fBallow_weak_crypto\fP is false. .sp @@ -281,14 +285,14 @@ compatibility purposes; stale values of this setting can prevent clients from taking advantage of new stronger enctypes when the libraries are upgraded. .TP -.B \fBdns_canonicalize_hostname\fP +\fBdns_canonicalize_hostname\fP Indicate whether name lookups will be used to canonicalize hostnames for use in service principal names. Setting this flag to false can improve security by reducing reliance on DNS, but means that short hostnames will not be canonicalized to fully\-qualified hostnames. The default value is true. .TP -.B \fBdns_lookup_kdc\fP +\fBdns_lookup_kdc\fP Indicate whether DNS SRV records should be used to locate the KDCs and other servers for a realm, if they are not listed in the krb5.conf information for the realm. (Note that the admin_server @@ -304,30 +308,30 @@ it (besides the initial ticket request, which has no encrypted data), and anything the fake KDC sends will not be trusted without verification using some secret that it won\(aqt know. .TP -.B \fBdns_uri_lookup\fP +\fBdns_uri_lookup\fP Indicate whether DNS URI records should be used to locate the KDCs and other servers for a realm, if they are not listed in the krb5.conf information for the realm. SRV records are used as a fallback if no URI records were found. The default value is true. New in release 1.15. .TP -.B \fBerr_fmt\fP +\fBerr_fmt\fP This relation allows for custom error message formatting. If a value is set, error messages will be formatted by substituting a normal error message for %M and an error code for %C in the value. .TP -.B \fBextra_addresses\fP +\fBextra_addresses\fP This allows a computer to use multiple local addresses, in order to allow Kerberos to work in a network that uses NATs while still using address\-restricted tickets. The addresses should be in a comma\-separated list. This option has no effect if \fBnoaddresses\fP is true. .TP -.B \fBforwardable\fP +\fBforwardable\fP If this flag is true, initial tickets will be forwardable by default, if allowed by the KDC. The default value is false. .TP -.B \fBignore_acceptor_hostname\fP +\fBignore_acceptor_hostname\fP When accepting GSSAPI or krb5 security contexts for host\-based service principals, ignore any hostname passed by the calling application, and allow clients to authenticate to any service @@ -337,15 +341,15 @@ flexibility of server applications on multihomed hosts, but could compromise the security of virtual hosting environments. The default value is false. New in release 1.10. .TP -.B \fBk5login_authoritative\fP +\fBk5login_authoritative\fP If this flag is true, principals must be listed in a local user\(aqs -k5login file to be granted login access, if a \fI\&.k5login(5)\fP +k5login file to be granted login access, if a \&.k5login(5) file exists. If this flag is false, a principal may still be granted login access through other mechanisms even if a k5login file exists but does not list the principal. The default value is true. .TP -.B \fBk5login_directory\fP +\fBk5login_directory\fP If set, the library will look for a local user\(aqs k5login file within the named directory, with a filename corresponding to the local username. If not set, the library will look for k5login @@ -353,25 +357,25 @@ files in the user\(aqs home directory, with the filename .k5login. For security reasons, .k5login files must be owned by the local user or by root. .TP -.B \fBkcm_mach_service\fP +\fBkcm_mach_service\fP On macOS only, determines the name of the bootstrap service used to contact the KCM daemon for the KCM credential cache type. If the value is \fB\-\fP, Mach RPC will not be used to contact the KCM daemon. The default value is \fBorg.h5l.kcm\fP\&. .TP -.B \fBkcm_socket\fP +\fBkcm_socket\fP Determines the path to the Unix domain socket used to access the KCM daemon for the KCM credential cache type. If the value is \fB\-\fP, Unix domain sockets will not be used to contact the KCM daemon. The default value is \fB/var/run/.heim_org.h5l.kcm\-socket\fP\&. .TP -.B \fBkdc_default_options\fP +\fBkdc_default_options\fP Default KDC options (Xored for multiple values) when requesting initial tickets. By default it is set to 0x00000010 (KDC_OPT_RENEWABLE_OK). .TP -.B \fBkdc_timesync\fP +\fBkdc_timesync\fP Accepted values for this relation are 1 or 0. If it is nonzero, client machines will compute the difference between their time and the time returned by the KDC in the timestamps in the tickets and @@ -380,7 +384,7 @@ requesting service tickets or authenticating to services. This corrective factor is only used by the Kerberos library; it is not used to change the system clock. The default value is 1. .TP -.B \fBkdc_req_checksum_type\fP +\fBkdc_req_checksum_type\fP An integer which specifies the type of checksum to use for the KDC requests, for compatibility with very old KDC implementations. This value is only used for DES keys; other keys use the preferred @@ -447,40 +451,41 @@ T} _ .TE .TP -.B \fBnoaddresses\fP +\fBnoaddresses\fP If this flag is true, requests for initial tickets will not be made with address restrictions set, allowing the tickets to be used across NATs. The default value is true. .TP -.B \fBpermitted_enctypes\fP +\fBpermitted_enctypes\fP Identifies all encryption types that are permitted for use in session key encryption. The default value for this tag is -\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha256\-128 aes256\-cts\-hmac\-sha384\-192 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly +\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly removed from this list if the value of \fBallow_weak_crypto\fP is false. .TP -.B \fBplugin_base_dir\fP +\fBplugin_base_dir\fP If set, determines the base directory where krb5 plugins are located. The default value is the \fBkrb5/plugins\fP subdirectory -of the krb5 library directory. +of the krb5 library directory. This relation is subject to +parameter expansion (see below) in release 1.17 and later. .TP -.B \fBpreferred_preauth_types\fP +\fBpreferred_preauth_types\fP This allows you to set the preferred preauthentication types which the client will attempt before others which may be advertised by a KDC. The default value for this setting is "17, 16, 15, 14", which forces libkrb5 to attempt to use PKINIT if it is supported. .TP -.B \fBproxiable\fP +\fBproxiable\fP If this flag is true, initial tickets will be proxiable by default, if allowed by the KDC. The default value is false. .TP -.B \fBrdns\fP +\fBrdns\fP If this flag is true, reverse name lookup will be used in addition to forward name lookup to canonicalizing hostnames for use in service principal names. If \fBdns_canonicalize_hostname\fP is set to false, this flag has no effect. The default value is true. .TP -.B \fBrealm_try_domains\fP +\fBrealm_try_domains\fP Indicate whether a host\(aqs domain components should be used to determine the Kerberos realm of the host. The value of this variable is an integer: \-1 means not to search, 0 means to try the @@ -490,11 +495,11 @@ Kerberos realms is used to determine whether a domain is a valid realm, which may involve consulting DNS if \fBdns_lookup_kdc\fP is set. The default is not to search domain components. .TP -.B \fBrenew_lifetime\fP -(\fIduration\fP string.) Sets the default renewable lifetime +\fBrenew_lifetime\fP +(duration string.) Sets the default renewable lifetime for initial ticket requests. The default value is 0. .TP -.B \fBsafe_checksum_type\fP +\fBsafe_checksum_type\fP An integer which specifies the type of checksum to use for the KRB\-SAFE requests. By default it is set to 8 (RSA MD5 DES). For compatibility with applications linked against DCE version 1.1 or @@ -503,11 +508,48 @@ DES instead. This field is ignored when its value is incompatible with the session key type. See the \fBkdc_req_checksum_type\fP configuration option for the possible values and their meanings. .TP -.B \fBticket_lifetime\fP -(\fIduration\fP string.) Sets the default lifetime for initial +\fBspake_preauth_groups\fP +A whitespace or comma\-separated list of words which specifies the +groups allowed for SPAKE preauthentication. The possible values +are: +.TS +center; +|l|l|. +_ +T{ +edwards25519 +T} T{ +Edwards25519 curve (\fI\%RFC 7748\fP) +T} +_ +T{ +P\-256 +T} T{ +NIST P\-256 curve (\fI\%RFC 5480\fP) +T} +_ +T{ +P\-384 +T} T{ +NIST P\-384 curve (\fI\%RFC 5480\fP) +T} +_ +T{ +P\-521 +T} T{ +NIST P\-521 curve (\fI\%RFC 5480\fP) +T} +_ +.TE +.sp +The default value for the client is \fBedwards25519\fP\&. The default +value for the KDC is empty. New in release 1.17. +.TP +\fBticket_lifetime\fP +(duration string.) Sets the default lifetime for initial ticket requests. The default value is 1 day. .TP -.B \fBudp_preference_limit\fP +\fBudp_preference_limit\fP When sending a message to the KDC, the library will try using TCP before UDP if the size of the message is above \fBudp_preference_limit\fP\&. If the message is smaller than @@ -515,7 +557,7 @@ before UDP if the size of the message is above Regardless of the size, both protocols will be tried if the first attempt fails. .TP -.B \fBverify_ap_req_nofail\fP +\fBverify_ap_req_nofail\fP If this flag is true, then an attempt to verify initial credentials will fail if the client machine does not have a keytab. The default value is false. @@ -528,20 +570,20 @@ define the properties of that particular realm. For each realm, the following tags may be specified in the realm\(aqs subsection: .INDENT 0.0 .TP -.B \fBadmin_server\fP +\fBadmin_server\fP Identifies the host where the administration server is running. Typically, this is the master Kerberos server. This tag must be -given a value in order to communicate with the \fIkadmind(8)\fP +given a value in order to communicate with the kadmind(8) server for the realm. .TP -.B \fBauth_to_local\fP +\fBauth_to_local\fP This tag allows you to set a general rule for mapping principal names to local user names. It will be used if there is not an explicit mapping for the principal name that is being translated. The possible values are: .INDENT 7.0 .TP -.B \fBRULE:\fP\fIexp\fP +\fBRULE:\fP\fIexp\fP The local name will be formulated from \fIexp\fP\&. .sp The format for \fIexp\fP is \fB[\fP\fIn\fP\fB:\fP\fIstring\fP\fB](\fP\fIregexp\fP\fB)s/\fP\fIpattern\fP\fB/\fP\fIreplacement\fP\fB/g\fP\&. @@ -557,7 +599,7 @@ string. The optional \fBg\fP will cause the substitution to be global over the \fIstring\fP, instead of replacing only the first match in the \fIstring\fP\&. .TP -.B \fBDEFAULT\fP +\fBDEFAULT\fP The principal name will be used as the local user name. If the principal has more than one component or is not in the default realm, this rule is not applicable and the conversion @@ -590,18 +632,28 @@ principal with a second component of \fBroot\fP\&. The exception to these two rules are any principals \fBjohndoe/*\fP, which will always get the local name \fBguest\fP\&. .TP -.B \fBauth_to_local_names\fP +\fBauth_to_local_names\fP This subsection allows you to set explicit mappings from principal names to local user names. The tag is the mapping name, and the value is the corresponding local user name. .TP -.B \fBdefault_domain\fP +\fBdefault_domain\fP This tag specifies the domain used to expand hostnames when translating Kerberos 4 service principals to Kerberos 5 principals (for example, when converting \fBrcmd.hostname\fP to \fBhost/hostname.domain\fP). .TP -.B \fBhttp_anchors\fP +\fBdisable_encrypted_timestamp\fP +If this flag is true, the client will not perform encrypted +timestamp preauthentication if requested by the KDC. Setting this +flag can help to prevent dictionary attacks by active attackers, +if the realm\(aqs KDCs support SPAKE preauthentication or if initial +authentication always uses another mechanism or always uses FAST. +This flag persists across client referrals during initial +authentication. This flag does not prevent the KDC from offering +encrypted timestamp. New in release 1.17. +.TP +\fBhttp_anchors\fP When KDCs and kpasswd servers are accessed through HTTPS proxies, this tag can be used to specify the location of the CA certificate which should be trusted to issue the certificate for a proxy server. If left unspecified, @@ -627,7 +679,7 @@ to a value conforming to one of the previous values. For example, \fBENV:X509_PROXY_CA\fP, where environment variable \fBX509_PROXY_CA\fP has been set to \fBFILE:/tmp/my_proxy.pem\fP\&. .TP -.B \fBkdc\fP +\fBkdc\fP The name or address of a host running a KDC for that realm. An optional port number, separated from the hostname by a colon, may be included. If the name or address contains colons (for example, @@ -637,27 +689,28 @@ be able to communicate with the KDC for each realm, this tag must be given a value in each realm subsection in the configuration file, or there must be DNS SRV records specifying the KDCs. .TP -.B \fBkpasswd_server\fP +\fBkpasswd_server\fP Points to the server where all the password changes are performed. -If there is no such entry, the port 464 on the \fBadmin_server\fP +If there is no such entry, DNS will be queried (unless forbidden +by \fBdns_lookup_kdc\fP). Finally, port 464 on the \fBadmin_server\fP host will be tried. .TP -.B \fBmaster_kdc\fP +\fBmaster_kdc\fP Identifies the master KDC(s). Currently, this tag is used in only one case: If an attempt to get credentials fails because of an invalid password, the client software will attempt to contact the master KDC, in case the user\(aqs password has just been changed, and -the updated database has not been propagated to the slave servers -yet. +the updated database has not been propagated to the replica +servers yet. .TP -.B \fBv4_instance_convert\fP +\fBv4_instance_convert\fP This subsection allows the administrator to configure exceptions to the \fBdefault_domain\fP mapping rule. It contains V4 instances (the tag name) which should be translated to some specific hostname (the tag value) as the second component in a Kerberos V5 principal name. .TP -.B \fBv4_realm\fP +\fBv4_realm\fP This relation is used by the krb524 library routines when converting a V5 principal name to a V4 principal name. It is used when the V4 realm name and the V5 realm name are not the same, but @@ -867,17 +920,17 @@ Each pluggable interface corresponds to a subsection of [plugins]. All subsections support the same tags: .INDENT 0.0 .TP -.B \fBdisable\fP +\fBdisable\fP This tag may have multiple values. If there are values for this tag, then the named modules will be disabled for the pluggable interface. .TP -.B \fBenable_only\fP +\fBenable_only\fP This tag may have multiple values. If there are values for this tag, then only the named modules will be enabled for the pluggable interface. .TP -.B \fBmodule\fP +\fBmodule\fP This tag may have multiple values. Each value is a string of the form \fBmodulename:pathname\fP, which causes the shared object located at \fIpathname\fP to be registered as a dynamic module named @@ -902,15 +955,15 @@ dynamic modules, the following built\-in modules exist (and may be disabled with the disable tag): .INDENT 0.0 .TP -.B \fBk5identity\fP +\fBk5identity\fP Uses a .k5identity file in the user\(aqs home directory to select a client principal .TP -.B \fBrealm\fP +\fBrealm\fP Uses the service realm to guess an appropriate cache from the collection .TP -.B \fBhostname\fP +\fBhostname\fP If the service principal is host\-based, uses the service hostname to guess an appropriate cache from the collection .UNINDENT @@ -921,17 +974,17 @@ interface, which is used to reject weak passwords when passwords are changed. The following built\-in modules exist for this interface: .INDENT 0.0 .TP -.B \fBdict\fP +\fBdict\fP Checks against the realm dictionary file .TP -.B \fBempty\fP +\fBempty\fP Rejects empty passwords .TP -.B \fBhesiod\fP +\fBhesiod\fP Checks against user information stored in Hesiod (only if Kerberos was built with Hesiod support) .TP -.B \fBprinc\fP +\fBprinc\fP Checks against components of the principal name .UNINDENT .SS kadm5_hook interface @@ -949,11 +1002,11 @@ client principal is allowed to perform a kadmin operation. The following built\-in modules exist for this interface: .INDENT 0.0 .TP -.B \fBacl\fP -This module reads the \fIkadm5.acl(5)\fP file, and authorizes +\fBacl\fP +This module reads the kadm5.acl(5) file, and authorizes operations which are allowed according to the rules in the file. .TP -.B \fBself\fP +\fBself\fP This module authorizes self\-service operations including password changes, creation of new random keys, fetching the client\(aqs principal record or string attributes, and fetching the policy @@ -966,13 +1019,13 @@ provide client and KDC preauthentication mechanisms. The following built\-in modules exist for these interfaces: .INDENT 0.0 .TP -.B \fBpkinit\fP +\fBpkinit\fP This module implements the PKINIT preauthentication mechanism. .TP -.B \fBencrypted_challenge\fP +\fBencrypted_challenge\fP This module implements the encrypted challenge FAST factor. .TP -.B \fBencrypted_timestamp\fP +\fBencrypted_timestamp\fP This module implements the encrypted timestamp mechanism. .UNINDENT .SS hostrealm interface @@ -983,17 +1036,17 @@ hostnames to realm names and the choice of default realm. The following built\-in modules exist for this interface: .INDENT 0.0 .TP -.B \fBprofile\fP +\fBprofile\fP This module consults the [domain_realm] section of the profile for authoritative host\-to\-realm mappings, and the \fBdefault_realm\fP variable for the default realm. .TP -.B \fBdns\fP +\fBdns\fP This module looks for DNS records for fallback host\-to\-realm mappings and the default realm. It only operates if the \fBdns_lookup_realm\fP variable is set to true. .TP -.B \fBdomain\fP +\fBdomain\fP This module applies heuristics for fallback host\-to\-realm mappings. It implements the \fBrealm_try_domains\fP variable, and uses the uppercased parent domain of the hostname if that does not @@ -1007,28 +1060,28 @@ between Kerberos principals and local system accounts. The following built\-in modules exist for this interface: .INDENT 0.0 .TP -.B \fBdefault\fP +\fBdefault\fP This module implements the \fBDEFAULT\fP type for \fBauth_to_local\fP values. .TP -.B \fBrule\fP +\fBrule\fP This module implements the \fBRULE\fP type for \fBauth_to_local\fP values. .TP -.B \fBnames\fP +\fBnames\fP This module looks for an \fBauth_to_local_names\fP mapping for the principal name. .TP -.B \fBauth_to_local\fP +\fBauth_to_local\fP This module processes \fBauth_to_local\fP values in the default realm\(aqs section, and applies the default method if no \fBauth_to_local\fP values exist. .TP -.B \fBk5login\fP +\fBk5login\fP This module authorizes a principal to a local account according to -the account\(aqs \fI\&.k5login(5)\fP file. +the account\(aqs \&.k5login(5) file. .TP -.B \fBan2ln\fP +\fBan2ln\fP This module authorizes a principal to a local account if the principal name maps to the local account name. .UNINDENT @@ -1040,18 +1093,18 @@ certificate is allowed to preauthenticate a user via PKINIT. The following built\-in modules exist for this interface: .INDENT 0.0 .TP -.B \fBpkinit_san\fP +\fBpkinit_san\fP This module authorizes the certificate if it contains a PKINIT Subject Alternative Name for the requested client principal, or a Microsoft UPN SAN matching the principal if \fBpkinit_allow_upn\fP is set to true for the realm. .TP -.B \fBpkinit_eku\fP +\fBpkinit_eku\fP This module rejects the certificate if it does not contain an Extended Key Usage attribute consistent with the \fBpkinit_eku_checking\fP value for the realm. .TP -.B \fBdbmatch\fP +\fBdbmatch\fP This module authorizes or rejects the certificate according to whether it matches the \fBpkinit_cert_match\fP string attribute on the client principal, if that attribute is present. @@ -1120,7 +1173,7 @@ The syntax for specifying Public Key identity, trust, and revocation information for PKINIT is as follows: .INDENT 0.0 .TP -.B \fBFILE:\fP\fIfilename\fP[\fB,\fP\fIkeyfilename\fP] +\fBFILE:\fP\fIfilename\fP[\fB,\fP\fIkeyfilename\fP] This option has context\-specific behavior. .sp In \fBpkinit_identity\fP or \fBpkinit_identities\fP, \fIfilename\fP @@ -1132,7 +1185,7 @@ private key is expected to be in \fIfilename\fP as well. Otherwise, In \fBpkinit_anchors\fP or \fBpkinit_pool\fP, \fIfilename\fP is assumed to be the name of an OpenSSL\-style ca\-bundle file. .TP -.B \fBDIR:\fP\fIdirname\fP +\fBDIR:\fP\fIdirname\fP This option has context\-specific behavior. .sp In \fBpkinit_identity\fP or \fBpkinit_identities\fP, \fIdirname\fP @@ -1155,11 +1208,11 @@ named \fBhash\-of\-ca\-cert.r#\fP\&. This infrastructure is encouraged, but all files in the directory will be examined and if they contain a revocation list (in PEM format), they will be used. .TP -.B \fBPKCS12:\fP\fIfilename\fP +\fBPKCS12:\fP\fIfilename\fP \fIfilename\fP is the name of a PKCS #12 format file, containing the user\(aqs certificate and private key. .TP -.B \fBPKCS11:\fP[\fBmodule_name=\fP]\fImodname\fP[\fB:slotid=\fP\fIslot\-id\fP][\fB:token=\fP\fItoken\-label\fP][\fB:certid=\fP\fIcert\-id\fP][\fB:certlabel=\fP\fIcert\-label\fP] +\fBPKCS11:\fP[\fBmodule_name=\fP]\fImodname\fP[\fB:slotid=\fP\fIslot\-id\fP][\fB:token=\fP\fItoken\-label\fP][\fB:certid=\fP\fIcert\-id\fP][\fB:certlabel=\fP\fIcert\-label\fP] All keyword/values are optional. \fImodname\fP specifies the location of a library implementing PKCS #11. If a value is encountered with no keyword, it is assumed to be the \fImodname\fP\&. If no @@ -1171,7 +1224,7 @@ force the selection of a particular certificate on the device. See the \fBpkinit_cert_match\fP configuration option for more ways to select a particular certificate to use for PKINIT. .TP -.B \fBENV:\fP\fIenvvar\fP +\fBENV:\fP\fIenvvar\fP \fIenvvar\fP specifies the name of an environment variable which has been set to a value conforming to one of the previous values. For example, \fBENV:X509_PROXY\fP, where environment variable @@ -1180,13 +1233,13 @@ example, \fBENV:X509_PROXY\fP, where environment variable .SS PKINIT krb5.conf options .INDENT 0.0 .TP -.B \fBpkinit_anchors\fP +\fBpkinit_anchors\fP Specifies the location of trusted anchor (root) certificates which the client trusts to sign KDC certificates. This option may be specified multiple times. These values from the config file are not used if the user specifies X509_anchors on the command line. .TP -.B \fBpkinit_cert_match\fP +\fBpkinit_cert_match\fP Specifies matching rules that the client certificate must match before it is used to attempt PKINIT authentication. If a user has multiple certificates available (on a smart card, or via other @@ -1271,7 +1324,7 @@ pkinit_cert_match = <EKU>msScLogin,clientAuth<KU>digitalSignature .UNINDENT .UNINDENT .TP -.B \fBpkinit_eku_checking\fP +\fBpkinit_eku_checking\fP This option specifies what Extended Key Usage value the KDC certificate presented to the client must contain. (Note that if the KDC certificate has the pkinit SubjectAlternativeName encoded @@ -1280,35 +1333,35 @@ issuing CA has certified this as a KDC certificate.) The values recognized in the krb5.conf file are: .INDENT 7.0 .TP -.B \fBkpKDC\fP +\fBkpKDC\fP This is the default value and specifies that the KDC must have the id\-pkinit\-KPKdc EKU as defined in \fI\%RFC 4556\fP\&. .TP -.B \fBkpServerAuth\fP +\fBkpServerAuth\fP If \fBkpServerAuth\fP is specified, a KDC certificate with the id\-kp\-serverAuth EKU will be accepted. This key usage value is used in most commercially issued server certificates. .TP -.B \fBnone\fP +\fBnone\fP If \fBnone\fP is specified, then the KDC certificate will not be checked to verify it has an acceptable EKU. The use of this option is not recommended. .UNINDENT .TP -.B \fBpkinit_dh_min_bits\fP +\fBpkinit_dh_min_bits\fP Specifies the size of the Diffie\-Hellman key the client will attempt to use. The acceptable values are 1024, 2048, and 4096. The default is 2048. .TP -.B \fBpkinit_identities\fP +\fBpkinit_identities\fP Specifies the location(s) to be used to find the user\(aqs X.509 -identity information. This option may be specified multiple -times. Each value is attempted in order until identity -information is found and authentication is attempted. Note that -these values are not used if the user specifies -\fBX509_user_identity\fP on the command line. +identity information. If this option is specified multiple times, +the first valid value is used; this can be used to specify an +environment variable (with \fBENV:\fP\fIenvvar\fP) followed by a +default value. Note that these values are not used if the user +specifies \fBX509_user_identity\fP on the command line. .TP -.B \fBpkinit_kdc_hostname\fP +\fBpkinit_kdc_hostname\fP The presense of this option indicates that the client is willing to accept a KDC certificate with a dNSName SAN (Subject Alternative Name) rather than requiring the id\-pkinit\-san as @@ -1316,13 +1369,13 @@ defined in \fI\%RFC 4556\fP\&. This option may be specified multiple times. Its value should contain the acceptable hostname for the KDC (as contained in its certificate). .TP -.B \fBpkinit_pool\fP +\fBpkinit_pool\fP Specifies the location of intermediate certificates which may be used by the client to complete the trust chain between a KDC certificate and a trusted anchor. This option may be specified multiple times. .TP -.B \fBpkinit_require_crl_checking\fP +\fBpkinit_require_crl_checking\fP The default certificate verification process will always check the available revocation information to see if a certificate has been revoked. If a match is found for the certificate in a CRL, @@ -1338,7 +1391,7 @@ fails. \fBpkinit_require_crl_checking\fP should be set to true if the policy is such that up\-to\-date CRLs must be present for every CA. .TP -.B \fBpkinit_revoke\fP +\fBpkinit_revoke\fP Specifies the location of Certificate Revocation List (CRL) information to be used by the client when verifying the validity of the KDC certificate presented. This option may be specified @@ -1504,6 +1557,6 @@ syslog(3) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/krb5kdc.man b/src/man/krb5kdc.man index cf3de31..b573e64 100644 --- a/src/man/krb5kdc.man +++ b/src/man/krb5kdc.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KRB5KDC" "8" " " "1.16" "MIT Kerberos" +.TH "KRB5KDC" "8" " " "1.17" "MIT Kerberos" .SH NAME krb5kdc \- Kerberos V5 KDC . @@ -77,12 +77,12 @@ The \fB\-P\fP \fIpid_file\fP option tells the KDC to write its PID into the KDC is still running and to allow init scripts to stop the correct process. .sp -The \fB\-p\fP \fIportnum\fP option specifies the default UDP port numbers -which the KDC should listen on for Kerberos version 5 requests, as a -comma\-separated list. This value overrides the UDP port numbers -specified in the \fIkdcdefaults\fP section of \fIkdc.conf(5)\fP, but -may be overridden by realm\-specific values. If no value is given from -any source, the default port is 88. +The \fB\-p\fP \fIportnum\fP option specifies the default UDP and TCP port +numbers which the KDC should listen on for Kerberos version 5 +requests, as a comma\-separated list. This value overrides the port +numbers specified in the kdcdefaults section of +kdc.conf(5), but may be overridden by realm\-specific values. +If no value is given from any source, the default port is 88. .sp The \fB\-w\fP \fInumworkers\fP option tells the KDC to fork \fInumworkers\fP processes to listen to the KDC ports and process requests in parallel. @@ -92,18 +92,8 @@ will relay SIGHUP signals to the worker subprocesses, and will terminate the worker subprocess if the it is itself terminated or if any other worker process exits. .sp -\fBNOTE:\fP -.INDENT 0.0 -.INDENT 3.5 -On operating systems which do not have \fIpktinfo\fP support, -using worker processes will prevent the KDC from listening -for UDP packets on network interfaces created after the KDC -starts. -.UNINDENT -.UNINDENT -.sp The \fB\-x\fP \fIdb_args\fP option specifies database\-specific arguments. -See \fIDatabase Options\fP in \fIkadmin(1)\fP for +See Database Options in kadmin(1) for supported arguments. .sp The \fB\-T\fP \fIoffset\fP option specifies a time offset, in seconds, which @@ -129,27 +119,22 @@ krb5kdc \-p 2001 \-r REALM1 \-p 2002 \-r REALM2 \-r REALM3 .sp specifies that the KDC listen on port 2001 for REALM1 and on port 2002 for REALM2 and REALM3. Additionally, per\-realm parameters may be -specified in the \fIkdc.conf(5)\fP file. The location of this file +specified in the kdc.conf(5) file. The location of this file may be specified by the \fBKRB5_KDC_PROFILE\fP environment variable. Per\-realm parameters specified in this file take precedence over -options specified on the command line. See the \fIkdc.conf(5)\fP +options specified on the command line. See the kdc.conf(5) description for further details. .SH ENVIRONMENT .sp -krb5kdc uses the following environment variables: -.INDENT 0.0 -.IP \(bu 2 -\fBKRB5_CONFIG\fP -.IP \(bu 2 -\fBKRB5_KDC_PROFILE\fP -.UNINDENT +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkdb5_util(8)\fP, \fIkdc.conf(5)\fP, \fIkrb5.conf(5)\fP, -\fIkdb5_ldap_util(8)\fP +kdb5_util(8), kdc.conf(5), krb5.conf(5), +kdb5_ldap_util(8), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/ksu.man b/src/man/ksu.man index d885b8f..a35e53a 100644 --- a/src/man/ksu.man +++ b/src/man/ksu.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KSU" "1" " " "1.16" "MIT Kerberos" +.TH "KSU" "1" " " "1.17" "MIT Kerberos" .SH NAME ksu \- Kerberized super-user . @@ -99,7 +99,7 @@ option, see the OPTIONS section. Upon successful authentication, ksu checks whether the target principal is authorized to access the target account. In the target user\(aqs home directory, ksu attempts to access two authorization files: -\fI\&.k5login(5)\fP and .k5users. In the .k5login file each line +\&.k5login(5) and .k5users. In the .k5login file each line contains the name of a principal that is authorized to access the account. .sp @@ -182,7 +182,7 @@ source cache. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-n\fP \fItarget_principal_name\fP +\fB\-n\fP \fItarget_principal_name\fP Specify a Kerberos target principal name. Used in authentication and authorization phases of ksu. .sp @@ -263,33 +263,33 @@ krb5cc_1984.2 .UNINDENT .INDENT 0.0 .TP -.B \fB\-k\fP +\fB\-k\fP Do not delete the target cache upon termination of the target shell or a command (\fB\-e\fP command). Without \fB\-k\fP, ksu deletes the target cache. .TP -.B \fB\-z\fP +\fB\-z\fP Restrict the copy of tickets from the source cache to the target cache to only the tickets where client == the target principal name. Use the \fB\-n\fP option if you want the tickets for other then the default principal. Note that the \fB\-z\fP option is mutually exclusive with the \fB\-Z\fP option. .TP -.B \fB\-Z\fP +\fB\-Z\fP Don\(aqt copy any tickets from the source cache to the target cache. Just create a fresh target cache, where the default principal name of the cache is initialized to the target principal name. Note that the \fB\-Z\fP option is mutually exclusive with the \fB\-z\fP option. .TP -.B \fB\-q\fP +\fB\-q\fP Suppress the printing of status messages. .UNINDENT .sp Ticket granting ticket options: .INDENT 0.0 .TP -.B \fB\-l\fP \fIlifetime\fP \fB\-r\fP \fItime\fP \fB\-pf\fP +\fB\-l\fP \fIlifetime\fP \fB\-r\fP \fItime\fP \fB\-pf\fP The ticket granting ticket options only apply to the case where there are no appropriate tickets in the cache to authenticate the source user. In this case if ksu is configured to prompt users @@ -297,25 +297,25 @@ for a Kerberos password (\fBGET_TGT_VIA_PASSWD\fP is defined), the ticket granting ticket options that are specified will be used when getting a ticket granting ticket from the Kerberos server. .TP -.B \fB\-l\fP \fIlifetime\fP -(\fIduration\fP string.) Specifies the lifetime to be requested +\fB\-l\fP \fIlifetime\fP +(duration string.) Specifies the lifetime to be requested for the ticket; if this option is not specified, the default ticket lifetime (12 hours) is used instead. .TP -.B \fB\-r\fP \fItime\fP -(\fIduration\fP string.) Specifies that the \fBrenewable\fP option +\fB\-r\fP \fItime\fP +(duration string.) Specifies that the \fBrenewable\fP option should be requested for the ticket, and specifies the desired total lifetime of the ticket. .TP -.B \fB\-p\fP +\fB\-p\fP specifies that the \fBproxiable\fP option should be requested for the ticket. .TP -.B \fB\-f\fP +\fB\-f\fP option specifies that the \fBforwardable\fP option should be requested for the ticket. .TP -.B \fB\-e\fP \fIcommand\fP [\fIargs\fP ...] +\fB\-e\fP \fIcommand\fP [\fIargs\fP ...] ksu proceeds exactly the same as if it was invoked without the \fB\-e\fP option, except instead of executing the target shell, ksu executes the specified command. Example of usage: @@ -379,7 +379,7 @@ then command can be either a full or a relative path leading to the target program. Otherwise, the user must specify either a full path or just the program name. .TP -.B \fB\-a\fP \fIargs\fP +\fB\-a\fP \fIargs\fP Specify arguments to be passed to the target shell. Note that all flags and parameters following \-a will be passed to the shell, thus all options intended for ksu must precede \fB\-a\fP\&. @@ -404,7 +404,7 @@ used as follows: ksu can be compiled with the following four flags: .INDENT 0.0 .TP -.B \fBGET_TGT_VIA_PASSWD\fP +\fBGET_TGT_VIA_PASSWD\fP In case no appropriate tickets are found in the source cache, the user will be prompted for a Kerberos password. The password is then used to get a ticket granting ticket from the Kerberos @@ -412,17 +412,17 @@ server. The danger of configuring ksu with this macro is if the source user is logged in remotely and does not have a secure channel, the password may get exposed. .TP -.B \fBPRINC_LOOK_AHEAD\fP +\fBPRINC_LOOK_AHEAD\fP During the resolution of the default principal name, \fBPRINC_LOOK_AHEAD\fP enables ksu to find principal names in the .k5users file as described in the OPTIONS section (see \fB\-n\fP option). .TP -.B \fBCMD_PATH\fP +\fBCMD_PATH\fP Specifies a list of directories containing programs that users are authorized to execute (via .k5users file). .TP -.B \fBHAVE_GETUSERSHELL\fP +\fBHAVE_GETUSERSHELL\fP If the source user is non\-root, ksu insists that the target user\(aqs shell to be invoked is a "legal shell". \fIgetusershell(3)\fP is called to obtain the names of "legal shells". Note that the @@ -453,9 +453,16 @@ ksu deletes all expired tickets from the source cache. .SH AUTHOR OF KSU .sp GENNADY (ARI) MEDVINSKY +.SH ENVIRONMENT +.sp +See kerberos(7) for a description of Kerberos environment +variables. +.SH SEE ALSO +.sp +kerberos(7), kinit(1) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kswitch.man b/src/man/kswitch.man index 0c38aff..9632522 100644 --- a/src/man/kswitch.man +++ b/src/man/kswitch.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KSWITCH" "1" " " "1.16" "MIT Kerberos" +.TH "KSWITCH" "1" " " "1.17" "MIT Kerberos" .SH NAME kswitch \- switch primary ticket cache . @@ -41,27 +41,18 @@ collection, if a cache collection is available. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-c\fP \fIcachename\fP +\fB\-c\fP \fIcachename\fP Directly specifies the credential cache to be made primary. .TP -.B \fB\-p\fP \fIprincipal\fP +\fB\-p\fP \fIprincipal\fP Causes the cache collection to be searched for a cache containing credentials for \fIprincipal\fP\&. If one is found, that collection is made primary. .UNINDENT .SH ENVIRONMENT .sp -kswitch uses the following environment variables: -.INDENT 0.0 -.TP -.B \fBKRB5CCNAME\fP -Location of the default Kerberos 5 credentials (ticket) cache, in -the form \fItype\fP:\fIresidual\fP\&. If no \fItype\fP prefix is present, the -\fBFILE\fP type is assumed. The type of the default cache may -determine the availability of a cache collection; for instance, a -default cache of type \fBDIR\fP causes caches within the directory -to be present in the collection. -.UNINDENT +See kerberos(7) for a description of Kerberos environment +variables. .SH FILES .INDENT 0.0 .TP @@ -70,10 +61,11 @@ Default location of Kerberos 5 credentials cache .UNINDENT .SH SEE ALSO .sp -\fIkinit(1)\fP, \fIkdestroy(1)\fP, \fIklist(1)\fP), kerberos(1) +kinit(1), kdestroy(1), klist(1), +kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/ktutil.man b/src/man/ktutil.man index 3498b65..800ae36 100644 --- a/src/man/ktutil.man +++ b/src/man/ktutil.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KTUTIL" "1" " " "1.16" "MIT Kerberos" +.TH "KTUTIL" "1" " " "1.17" "MIT Kerberos" .SH NAME ktutil \- Kerberos keytab file maintenance utility . @@ -113,11 +113,16 @@ Alias: \fBdelent\fP .INDENT 0.0 .INDENT 3.5 \fBadd_entry\fP {\fB\-key\fP|\fB\-password\fP} \fB\-p\fP \fIprincipal\fP -\fB\-k\fP \fIkvno\fP \fB\-e\fP \fIenctype\fP [\fB\-s\fP \fIsalt\fP] +\fB\-k\fP \fIkvno\fP [\fB\-e\fP \fIenctype\fP] [\fB\-f\fP|\fB\-s\fP \fIsalt\fP] .UNINDENT .UNINDENT .sp -Add \fIprincipal\fP to keylist using key or password. +Add \fIprincipal\fP to keylist using key or password. If the \fB\-f\fP flag +is specified, salt information will be fetched from the KDC; in this +case the \fB\-e\fP flag may be omitted, or it may be supplied to force a +particular enctype. If the \fB\-f\fP flag is not specified, the \fB\-e\fP +flag must be specified, and the default salt will be used unless +overridden with the \fB\-s\fP option. .sp Alias: \fBaddent\fP .SS list_requests @@ -162,12 +167,16 @@ ktutil: .UNINDENT .UNINDENT .UNINDENT +.SH ENVIRONMENT +.sp +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkadmin(1)\fP, \fIkdb5_util(8)\fP +kadmin(1), kdb5_util(8), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/kvno.man b/src/man/kvno.man index a62a733..ad4bfd5 100644 --- a/src/man/kvno.man +++ b/src/man/kvno.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KVNO" "1" " " "1.16" "MIT Kerberos" +.TH "KVNO" "1" " " "1.17" "MIT Kerberos" .SH NAME kvno \- print key version numbers of Kerberos principals . @@ -40,6 +40,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] [\fB\-P\fP] [\fB\-S\fP \fIsname\fP] [\fB\-U\fP \fIfor_user\fP] +[\fB\-\-u2u\fP \fIccache\fP] \fIservice1 service2\fP ... .SH DESCRIPTION .sp @@ -48,50 +49,52 @@ and prints out the key version numbers of each. .SH OPTIONS .INDENT 0.0 .TP -.B \fB\-c\fP \fIccache\fP +\fB\-c\fP \fIccache\fP Specifies the name of a credentials cache to use (if not the default) .TP -.B \fB\-e\fP \fIetype\fP +\fB\-e\fP \fIetype\fP Specifies the enctype which will be requested for the session key of all the services named on the command line. This is useful in certain backward compatibility situations. .TP -.B \fB\-q\fP +\fB\-q\fP Suppress printing output when successful. If a service ticket cannot be obtained, an error message will still be printed and kvno will exit with nonzero status. .TP -.B \fB\-h\fP +\fB\-h\fP Prints a usage statement and exits. .TP -.B \fB\-P\fP +\fB\-P\fP Specifies that the \fIservice1 service2\fP ... arguments are to be treated as services for which credentials should be acquired using constrained delegation. This option is only valid when used in conjunction with protocol transition. .TP -.B \fB\-S\fP \fIsname\fP +\fB\-S\fP \fIsname\fP Specifies that the \fIservice1 service2\fP ... arguments are interpreted as hostnames, and the service principals are to be constructed from those hostnames and the service name \fIsname\fP\&. The service hostnames will be canonicalized according to the usual rules for constructing service principals. .TP -.B \fB\-U\fP \fIfor_user\fP +\fB\-U\fP \fIfor_user\fP Specifies that protocol transition (S4U2Self) is to be used to acquire a ticket on behalf of \fIfor_user\fP\&. If constrained delegation is not requested, the service name must match the credentials cache client principal. +.TP +\fB\-\-u2u\fP \fIccache\fP +Requests a user\-to\-user ticket. \fIccache\fP must contain a local +krbtgt ticket for the server principal. The reported version +number will typically be 0, as the resulting ticket is not +encrypted in the server\(aqs long\-term key. .UNINDENT .SH ENVIRONMENT .sp -kvno uses the following environment variable: -.INDENT 0.0 -.TP -.B \fBKRB5CCNAME\fP -Location of the credentials (ticket) cache. -.UNINDENT +See kerberos(7) for a description of Kerberos environment +variables. .SH FILES .INDENT 0.0 .TP @@ -100,10 +103,10 @@ Default location of the credentials cache .UNINDENT .SH SEE ALSO .sp -\fIkinit(1)\fP, \fIkdestroy(1)\fP +kinit(1), kdestroy(1), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/sclient.man b/src/man/sclient.man index c8228ad..f042918 100644 --- a/src/man/sclient.man +++ b/src/man/sclient.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SCLIENT" "1" " " "1.16" "MIT Kerberos" +.TH "SCLIENT" "1" " " "1.17" "MIT Kerberos" .SH NAME sclient \- sample Kerberos version 5 client . @@ -36,15 +36,19 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH DESCRIPTION .sp sclient is a sample application, primarily useful for testing -purposes. It contacts a sample server \fIsserver(8)\fP and +purposes. It contacts a sample server sserver(8) and authenticates to it using Kerberos version 5 tickets, then displays the server\(aqs response. +.SH ENVIRONMENT +.sp +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIkinit(1)\fP, \fIsserver(8)\fP +kinit(1), sserver(8), kerberos(7) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/man/sserver.man b/src/man/sserver.man index f871e4e..6fa92a8 100644 --- a/src/man/sserver.man +++ b/src/man/sserver.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SSERVER" "8" " " "1.16" "MIT Kerberos" +.TH "SSERVER" "8" " " "1.17" "MIT Kerberos" .SH NAME sserver \- sample Kerberos version 5 server . @@ -38,7 +38,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] [ \fIserver_port\fP ] .SH DESCRIPTION .sp -sserver and \fIsclient(1)\fP are a simple demonstration client/server +sserver and sclient(1) are a simple demonstration client/server application. When sclient connects to sserver, it performs a Kerberos authentication, and then sserver returns to sclient the Kerberos principal which was used for the Kerberos authentication. It makes a @@ -47,7 +47,7 @@ good test that Kerberos has been successfully installed on a machine. The service name used by sserver and sclient is sample. Hence, sserver will require that there be a keytab entry for the service \fBsample/hostname.domain.name@REALM.NAME\fP\&. This keytab is generated -using the \fIkadmin(1)\fP program. The keytab file is usually +using the kadmin(1) program. The keytab file is usually installed as \fB@KTNAME@\fP\&. .sp The \fB\-S\fP option allows for a different keytab than the default. @@ -80,8 +80,8 @@ sample 13135/tcp .UNINDENT .sp When using sclient, you will first have to have an entry in the -Kerberos database, by using \fIkadmin(1)\fP, and then you have to get -Kerberos tickets, by using \fIkinit(1)\fP\&. Also, if you are running +Kerberos database, by using kadmin(1), and then you have to get +Kerberos tickets, by using kinit(1)\&. Also, if you are running the sclient program on a different host than the sserver it will be connecting to, be sure that both hosts have an entry in /etc/services for the sample tcp port, and that the same port number is in both @@ -164,7 +164,7 @@ sclient: Server not found in Kerberos database while using .sp This means that the \fBsample/hostname@LOCAL.REALM\fP service was not defined in the Kerberos database; it should be created using -\fIkadmin(1)\fP, and a keytab file needs to be generated to make +kadmin(1), and a keytab file needs to be generated to make the key for that service principal available for sclient. .IP 5. 3 sclient returns the error: @@ -183,12 +183,16 @@ sendauth rejected, error reply is: This probably means sserver couldn\(aqt find the keytab file. It was probably not installed in the proper directory. .UNINDENT +.SH ENVIRONMENT +.sp +See kerberos(7) for a description of Kerberos environment +variables. .SH SEE ALSO .sp -\fIsclient(1)\fP, services(5), inetd(8) +sclient(1), kerberos(7), services(5), inetd(8) .SH AUTHOR MIT .SH COPYRIGHT -1985-2017, MIT +1985-2018, MIT .\" Generated by docutils manpage writer. . diff --git a/src/plugins/kdb/ldap/ldap_util/deps b/src/plugins/kdb/ldap/ldap_util/deps index be0194c..a641fe8 100644 --- a/src/plugins/kdb/ldap/ldap_util/deps +++ b/src/plugins/kdb/ldap/ldap_util/deps @@ -37,8 +37,9 @@ $(OUTPRE)kdb5_ldap_list.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ kdb5_ldap_list.h $(OUTPRE)kdb5_ldap_realm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(srcdir)/../libkdb_ldap/kdb_ldap.h \ $(srcdir)/../libkdb_ldap/ldap_krbcontainer.h $(srcdir)/../libkdb_ldap/ldap_misc.h \ diff --git a/src/plugins/preauth/pkinit/deps b/src/plugins/preauth/pkinit/deps index 57116db..c54aa42 100644 --- a/src/plugins/preauth/pkinit/deps +++ b/src/plugins/preauth/pkinit/deps @@ -101,10 +101,15 @@ pkinit_matching.so pkinit_matching.po $(OUTPRE)pkinit_matching.$(OBJEXT): \ pkinit_trace.h pkinit_crypto_openssl.so pkinit_crypto_openssl.po $(OUTPRE)pkinit_crypto_openssl.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-platform.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hex.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \ pkinit_crypto_openssl.c pkinit_crypto_openssl.h pkinit_trace.h diff --git a/src/po/mit-krb5.pot b/src/po/mit-krb5.pot index d086a73..593f326 100644 --- a/src/po/mit-krb5.pot +++ b/src/po/mit-krb5.pot @@ -1,14 +1,14 @@ # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR MIT -# This file is distributed under the same license as the PACKAGE package. +# This file is distributed under the same license as the mit-krb5 package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # #, fuzzy msgid "" msgstr "" -"Project-Id-Version: mit-krb5 1.16-prerelease\n" +"Project-Id-Version: mit-krb5 1.17-prerelease\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2017-09-25 11:26-0400\n" +"POT-Creation-Date: 2018-10-26 19:09-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -18,86 +18,114 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" -#: ../../src/clients/kdestroy/kdestroy.c:55 +#: ../../src/clients/kdestroy/kdestroy.c:52 #, c-format -msgid "Usage: %s [-A] [-q] [-c cache_name]\n" +msgid "Usage: %s [-A] [-q] [-c cache_name] [-p princ_name]\n" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:56 +#: ../../src/clients/kdestroy/kdestroy.c:54 #, c-format msgid "\t-A destroy all credential caches in collection\n" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:57 +#: ../../src/clients/kdestroy/kdestroy.c:55 #, c-format msgid "\t-q quiet mode\n" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:58 -#: ../../src/clients/kswitch/kswitch.c:45 +#: ../../src/clients/kdestroy/kdestroy.c:56 +#: ../../src/clients/kswitch/kswitch.c:42 #, c-format msgid "\t-c specify name of credentials cache\n" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:72 -#: ../../src/clients/kdestroy/kdestroy.c:151 +#: ../../src/clients/kdestroy/kdestroy.c:57 +#, c-format +msgid "\t-p specify principal name within collection\n" +msgstr "" + +#: ../../src/clients/kdestroy/kdestroy.c:71 +#: ../../src/clients/kdestroy/kdestroy.c:165 msgid "while listing credential caches" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:79 +#: ../../src/clients/kdestroy/kdestroy.c:78 #, c-format msgid "Other credential caches present, use -A to destroy all\n" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:109 -#: ../../src/clients/kinit/kinit.c:346 ../../src/clients/ksu/main.c:285 +#: ../../src/clients/kdestroy/kdestroy.c:110 +#: ../../src/clients/kinit/kinit.c:346 ../../src/clients/ksu/main.c:288 #, c-format msgid "Only one -c option allowed\n" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:116 -#: ../../src/clients/kinit/kinit.c:374 ../../src/clients/klist/klist.c:178 +#: ../../src/clients/kdestroy/kdestroy.c:118 +#, c-format +msgid "Only one -p option allowed\n" +msgstr "" + +#: ../../src/clients/kdestroy/kdestroy.c:125 +#: ../../src/clients/kinit/kinit.c:374 ../../src/clients/klist/klist.c:176 #, c-format msgid "Kerberos 4 is no longer supported\n" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:136 -#: ../../src/clients/klist/klist.c:241 ../../src/clients/ksu/main.c:131 -#: ../../src/clients/ksu/main.c:137 ../../src/clients/kswitch/kswitch.c:97 -#: ../../src/kadmin/ktutil/ktutil.c:52 ../../src/kdc/main.c:954 -#: ../../src/slave/kprop.c:102 ../../src/slave/kpropd.c:1058 +#: ../../src/clients/kdestroy/kdestroy.c:138 +#, c-format +msgid "-A option is exclusive with -p option\n" +msgstr "" + +#: ../../src/clients/kdestroy/kdestroy.c:150 +#: ../../src/clients/klist/klist.c:239 ../../src/clients/ksu/main.c:134 +#: ../../src/clients/ksu/main.c:140 ../../src/clients/kswitch/kswitch.c:94 +#: ../../src/kadmin/ktutil/ktutil.c:52 ../../src/kdc/main.c:939 +#: ../../src/kprop/kprop.c:102 ../../src/kprop/kpropd.c:1058 msgid "while initializing krb5" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:143 -#: ../../src/clients/klist/klist.c:248 +#: ../../src/clients/kdestroy/kdestroy.c:157 +#: ../../src/clients/klist/klist.c:246 msgid "while setting default cache name" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:158 +#: ../../src/clients/kdestroy/kdestroy.c:172 msgid "composing ccache name" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:163 +#: ../../src/clients/kdestroy/kdestroy.c:177 #, c-format msgid "while destroying cache %s" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:175 -#: ../../src/clients/klist/klist.c:462 +#: ../../src/clients/kdestroy/kdestroy.c:190 +#: ../../src/clients/kswitch/kswitch.c:107 ../../src/clients/kvno/kvno.c:189 +#: ../../src/clients/kvno/kvno.c:373 ../../src/kadmin/cli/keytab.c:373 +#: ../../src/kadmin/dbutil/kdb5_util.c:547 +#, c-format +msgid "while parsing principal name %s" +msgstr "" + +#: ../../src/clients/kdestroy/kdestroy.c:196 +#, c-format +msgid "while finding cache for %s" +msgstr "" + +#: ../../src/clients/kdestroy/kdestroy.c:204 +#: ../../src/clients/klist/klist.c:460 msgid "while resolving ccache" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:181 ../../src/clients/ksu/main.c:977 +#: ../../src/clients/kdestroy/kdestroy.c:211 ../../src/clients/ksu/main.c:990 msgid "while destroying cache" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:184 +#: ../../src/clients/kdestroy/kdestroy.c:214 #, c-format msgid "Ticket cache NOT destroyed!\n" msgstr "" -#: ../../src/clients/kdestroy/kdestroy.c:186 +#: ../../src/clients/kdestroy/kdestroy.c:216 #, c-format msgid "Ticket cache %cNOT%c destroyed!\n" msgstr "" @@ -271,7 +299,7 @@ msgstr "" msgid "keytab specified, forcing -k\n" msgstr "" -#: ../../src/clients/kinit/kinit.c:415 ../../src/clients/klist/klist.c:216 +#: ../../src/clients/kinit/kinit.c:415 ../../src/clients/klist/klist.c:214 #, c-format msgid "Extra arguments (starting with \"%s\").\n" msgstr "" @@ -295,14 +323,14 @@ msgid "while getting default ccache" msgstr "" #: ../../src/clients/kinit/kinit.c:476 ../../src/clients/kinit/kinit.c:555 -#: ../../src/clients/kpasswd/kpasswd.c:30 ../../src/clients/ksu/main.c:238 +#: ../../src/clients/kpasswd/kpasswd.c:30 ../../src/clients/ksu/main.c:241 #, c-format msgid "when parsing name %s" msgstr "" -#: ../../src/clients/kinit/kinit.c:484 ../../src/kadmin/dbutil/kdb5_util.c:310 +#: ../../src/clients/kinit/kinit.c:484 ../../src/kadmin/dbutil/kdb5_util.c:311 +#: ../../src/kprop/kprop.c:156 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:391 -#: ../../src/slave/kprop.c:156 msgid "while getting default realm" msgstr "" @@ -336,7 +364,7 @@ msgstr "" msgid "Unable to identify user\n" msgstr "" -#: ../../src/clients/kinit/kinit.c:564 ../../src/clients/kswitch/kswitch.c:116 +#: ../../src/clients/kinit/kinit.c:564 ../../src/clients/kswitch/kswitch.c:113 #, c-format msgid "while searching for ccache for %s" msgstr "" @@ -378,226 +406,226 @@ msgstr "" msgid "getting local addresses" msgstr "" -#: ../../src/clients/kinit/kinit.c:723 +#: ../../src/clients/kinit/kinit.c:724 #, c-format msgid "while setting up KDB keytab for realm %s" msgstr "" -#: ../../src/clients/kinit/kinit.c:732 ../../src/clients/kvno/kvno.c:308 +#: ../../src/clients/kinit/kinit.c:733 ../../src/clients/kvno/kvno.c:363 #, c-format msgid "resolving keytab %s" msgstr "" -#: ../../src/clients/kinit/kinit.c:737 +#: ../../src/clients/kinit/kinit.c:738 #, c-format msgid "Using keytab: %s\n" msgstr "" -#: ../../src/clients/kinit/kinit.c:741 +#: ../../src/clients/kinit/kinit.c:742 msgid "resolving default client keytab" msgstr "" -#: ../../src/clients/kinit/kinit.c:751 +#: ../../src/clients/kinit/kinit.c:752 #, c-format msgid "while setting '%s'='%s'" msgstr "" -#: ../../src/clients/kinit/kinit.c:756 +#: ../../src/clients/kinit/kinit.c:757 #, c-format msgid "PA Option %s = %s\n" msgstr "" -#: ../../src/clients/kinit/kinit.c:797 +#: ../../src/clients/kinit/kinit.c:798 msgid "getting initial credentials" msgstr "" -#: ../../src/clients/kinit/kinit.c:800 +#: ../../src/clients/kinit/kinit.c:801 msgid "validating credentials" msgstr "" -#: ../../src/clients/kinit/kinit.c:803 +#: ../../src/clients/kinit/kinit.c:804 msgid "renewing credentials" msgstr "" -#: ../../src/clients/kinit/kinit.c:811 +#: ../../src/clients/kinit/kinit.c:812 #, c-format msgid "%s: Password incorrect while %s\n" msgstr "" -#: ../../src/clients/kinit/kinit.c:814 +#: ../../src/clients/kinit/kinit.c:815 #, c-format msgid "while %s" msgstr "" -#: ../../src/clients/kinit/kinit.c:823 +#: ../../src/clients/kinit/kinit.c:824 #, c-format msgid "when initializing cache %s" msgstr "" -#: ../../src/clients/kinit/kinit.c:828 +#: ../../src/clients/kinit/kinit.c:829 #, c-format msgid "Initialized cache\n" msgstr "" -#: ../../src/clients/kinit/kinit.c:832 +#: ../../src/clients/kinit/kinit.c:833 msgid "while storing credentials" msgstr "" -#: ../../src/clients/kinit/kinit.c:836 +#: ../../src/clients/kinit/kinit.c:837 #, c-format msgid "Stored credentials\n" msgstr "" -#: ../../src/clients/kinit/kinit.c:842 +#: ../../src/clients/kinit/kinit.c:843 msgid "while switching to new ccache" msgstr "" -#: ../../src/clients/kinit/kinit.c:897 +#: ../../src/clients/kinit/kinit.c:898 #, c-format msgid "Authenticated to Kerberos v5\n" msgstr "" -#: ../../src/clients/klist/klist.c:87 +#: ../../src/clients/klist/klist.c:85 #, c-format msgid "" "Usage: %s [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] [-a [-n]]] [-k [-t] [-K]] " "[name]\n" msgstr "" -#: ../../src/clients/klist/klist.c:89 +#: ../../src/clients/klist/klist.c:87 #, c-format msgid "\t-c specifies credentials cache\n" msgstr "" -#: ../../src/clients/klist/klist.c:90 +#: ../../src/clients/klist/klist.c:88 #, c-format msgid "\t-k specifies keytab\n" msgstr "" -#: ../../src/clients/klist/klist.c:91 +#: ../../src/clients/klist/klist.c:89 #, c-format msgid "\t (Default is credentials cache)\n" msgstr "" -#: ../../src/clients/klist/klist.c:92 +#: ../../src/clients/klist/klist.c:90 #, c-format msgid "\t-i uses default client keytab if no name given\n" msgstr "" -#: ../../src/clients/klist/klist.c:93 +#: ../../src/clients/klist/klist.c:91 #, c-format msgid "\t-l lists credential caches in collection\n" msgstr "" -#: ../../src/clients/klist/klist.c:94 +#: ../../src/clients/klist/klist.c:92 #, c-format msgid "\t-A shows content of all credential caches\n" msgstr "" -#: ../../src/clients/klist/klist.c:95 +#: ../../src/clients/klist/klist.c:93 #, c-format msgid "\t-e shows the encryption type\n" msgstr "" -#: ../../src/clients/klist/klist.c:96 +#: ../../src/clients/klist/klist.c:94 #, c-format msgid "\t-V shows the Kerberos version and exits\n" msgstr "" -#: ../../src/clients/klist/klist.c:97 +#: ../../src/clients/klist/klist.c:95 #, c-format msgid "\toptions for credential caches:\n" msgstr "" -#: ../../src/clients/klist/klist.c:98 +#: ../../src/clients/klist/klist.c:96 #, c-format msgid "\t\t-d shows the submitted authorization data types\n" msgstr "" -#: ../../src/clients/klist/klist.c:100 +#: ../../src/clients/klist/klist.c:98 #, c-format msgid "\t\t-f shows credentials flags\n" msgstr "" -#: ../../src/clients/klist/klist.c:101 +#: ../../src/clients/klist/klist.c:99 #, c-format msgid "\t\t-s sets exit status based on valid tgt existence\n" msgstr "" -#: ../../src/clients/klist/klist.c:103 +#: ../../src/clients/klist/klist.c:101 #, c-format msgid "\t\t-a displays the address list\n" msgstr "" -#: ../../src/clients/klist/klist.c:104 +#: ../../src/clients/klist/klist.c:102 #, c-format msgid "\t\t\t-n do not reverse-resolve\n" msgstr "" -#: ../../src/clients/klist/klist.c:105 +#: ../../src/clients/klist/klist.c:103 #, c-format msgid "\toptions for keytabs:\n" msgstr "" -#: ../../src/clients/klist/klist.c:106 +#: ../../src/clients/klist/klist.c:104 #, c-format msgid "\t\t-t shows keytab entry timestamps\n" msgstr "" -#: ../../src/clients/klist/klist.c:107 +#: ../../src/clients/klist/klist.c:105 #, c-format msgid "\t\t-K shows keytab entry keys\n" msgstr "" -#: ../../src/clients/klist/klist.c:225 +#: ../../src/clients/klist/klist.c:223 #, c-format msgid "%s version %s\n" msgstr "" -#: ../../src/clients/klist/klist.c:278 +#: ../../src/clients/klist/klist.c:276 msgid "while getting default client keytab" msgstr "" -#: ../../src/clients/klist/klist.c:284 +#: ../../src/clients/klist/klist.c:282 msgid "while getting default keytab" msgstr "" -#: ../../src/clients/klist/klist.c:290 ../../src/kadmin/cli/keytab.c:103 +#: ../../src/clients/klist/klist.c:288 ../../src/kadmin/cli/keytab.c:103 #, c-format msgid "while resolving keytab %s" msgstr "" -#: ../../src/clients/klist/klist.c:297 ../../src/kadmin/cli/keytab.c:87 +#: ../../src/clients/klist/klist.c:295 ../../src/kadmin/cli/keytab.c:87 msgid "while getting keytab name" msgstr "" -#: ../../src/clients/klist/klist.c:305 ../../src/kadmin/cli/keytab.c:422 +#: ../../src/clients/klist/klist.c:303 ../../src/kadmin/cli/keytab.c:422 msgid "while starting keytab scan" msgstr "" -#: ../../src/clients/klist/klist.c:328 ../../src/clients/klist/klist.c:484 -#: ../../src/clients/ksu/ccache.c:455 ../../src/kadmin/dbutil/dump.c:554 -#: ../../src/kadmin/dbutil/tabdump.c:552 +#: ../../src/clients/klist/klist.c:326 ../../src/clients/klist/klist.c:482 +#: ../../src/clients/ksu/ccache.c:455 ../../src/kadmin/dbutil/dump.c:564 +#: ../../src/kadmin/dbutil/tabdump.c:549 msgid "while unparsing principal name" msgstr "" -#: ../../src/clients/klist/klist.c:350 ../../src/kadmin/cli/keytab.c:466 +#: ../../src/clients/klist/klist.c:348 ../../src/kadmin/cli/keytab.c:466 msgid "while scanning keytab" msgstr "" -#: ../../src/clients/klist/klist.c:355 ../../src/kadmin/cli/keytab.c:471 +#: ../../src/clients/klist/klist.c:353 ../../src/kadmin/cli/keytab.c:471 msgid "while ending keytab scan" msgstr "" -#: ../../src/clients/klist/klist.c:372 ../../src/clients/klist/klist.c:435 +#: ../../src/clients/klist/klist.c:370 ../../src/clients/klist/klist.c:433 msgid "while listing ccache collection" msgstr "" -#: ../../src/clients/klist/klist.c:411 +#: ../../src/clients/klist/klist.c:409 msgid "(Expired)" msgstr "" -#: ../../src/clients/klist/klist.c:488 +#: ../../src/clients/klist/klist.c:486 #, c-format msgid "" "Ticket cache: %s:%s\n" @@ -605,73 +633,73 @@ msgid "" "\n" msgstr "" -#: ../../src/clients/klist/klist.c:500 +#: ../../src/clients/klist/klist.c:498 msgid "while starting to retrieve tickets" msgstr "" -#: ../../src/clients/klist/klist.c:514 +#: ../../src/clients/klist/klist.c:512 msgid "while finishing ticket retrieval" msgstr "" -#: ../../src/clients/klist/klist.c:519 +#: ../../src/clients/klist/klist.c:517 msgid "while retrieving a ticket" msgstr "" -#: ../../src/clients/klist/klist.c:667 ../../src/clients/ksu/ccache.c:440 -#: ../../src/slave/kpropd.c:1209 ../../src/slave/kpropd.c:1269 +#: ../../src/clients/klist/klist.c:665 ../../src/clients/ksu/ccache.c:440 +#: ../../src/kprop/kpropd.c:1209 ../../src/kprop/kpropd.c:1269 msgid "while unparsing client name" msgstr "" -#: ../../src/clients/klist/klist.c:672 ../../src/clients/ksu/ccache.c:445 -#: ../../src/slave/kprop.c:190 +#: ../../src/clients/klist/klist.c:670 ../../src/clients/ksu/ccache.c:445 +#: ../../src/kprop/kprop.c:190 msgid "while unparsing server name" msgstr "" -#: ../../src/clients/klist/klist.c:702 ../../src/clients/ksu/ccache.c:470 +#: ../../src/clients/klist/klist.c:700 ../../src/clients/ksu/ccache.c:470 #, c-format msgid "\tfor client %s" msgstr "" -#: ../../src/clients/klist/klist.c:714 ../../src/clients/ksu/ccache.c:479 +#: ../../src/clients/klist/klist.c:712 ../../src/clients/ksu/ccache.c:479 msgid "renew until " msgstr "" -#: ../../src/clients/klist/klist.c:731 ../../src/clients/ksu/ccache.c:489 +#: ../../src/clients/klist/klist.c:729 ../../src/clients/ksu/ccache.c:489 #, c-format msgid "Flags: %s" msgstr "" -#: ../../src/clients/klist/klist.c:750 +#: ../../src/clients/klist/klist.c:748 #, c-format msgid "Etype (skey, tkt): %s, " msgstr "" -#: ../../src/clients/klist/klist.c:766 +#: ../../src/clients/klist/klist.c:764 #, c-format msgid "AD types: " msgstr "" -#: ../../src/clients/klist/klist.c:782 +#: ../../src/clients/klist/klist.c:780 #, c-format msgid "\tAddresses: (none)\n" msgstr "" -#: ../../src/clients/klist/klist.c:784 +#: ../../src/clients/klist/klist.c:782 #, c-format msgid "\tAddresses: " msgstr "" -#: ../../src/clients/klist/klist.c:818 ../../src/clients/klist/klist.c:828 +#: ../../src/clients/klist/klist.c:816 ../../src/clients/klist/klist.c:826 #, c-format msgid "broken address (type %d length %d)" msgstr "" -#: ../../src/clients/klist/klist.c:837 +#: ../../src/clients/klist/klist.c:835 #, c-format msgid "unknown addrtype %d" msgstr "" -#: ../../src/clients/klist/klist.c:846 +#: ../../src/clients/klist/klist.c:844 #, c-format msgid "unprintable address (type %d, error %d %s)" msgstr "" @@ -744,35 +772,35 @@ msgstr "" msgid "Password changed.\n" msgstr "" -#: ../../src/clients/ksu/authorization.c:369 +#: ../../src/clients/ksu/authorization.c:352 #, c-format msgid "" "Error: bad entry - %s in %s file, must be either full path or just the cmd " "name\n" msgstr "" -#: ../../src/clients/ksu/authorization.c:377 +#: ../../src/clients/ksu/authorization.c:360 #, c-format msgid "" "Error: bad entry - %s in %s file, since %s is just the cmd name, CMD_PATH " "must be defined \n" msgstr "" -#: ../../src/clients/ksu/authorization.c:392 +#: ../../src/clients/ksu/authorization.c:375 #, c-format msgid "Error: bad entry - %s in %s file, CMD_PATH contains no paths \n" msgstr "" -#: ../../src/clients/ksu/authorization.c:401 +#: ../../src/clients/ksu/authorization.c:384 #, c-format msgid "Error: bad path %s in CMD_PATH for %s must start with '/' \n" msgstr "" -#: ../../src/clients/ksu/authorization.c:517 +#: ../../src/clients/ksu/authorization.c:500 msgid "Error: not found -> " msgstr "" -#: ../../src/clients/ksu/authorization.c:723 +#: ../../src/clients/ksu/authorization.c:706 #, c-format msgid "home directory name `%s' too long, can't search for .k5login\n" msgstr "" @@ -814,7 +842,7 @@ msgstr "" msgid " in remotely using an unsecure (non-encrypted) channel. \n" msgstr "" -#: ../../src/clients/ksu/krb_auth_su.c:114 ../../src/clients/ksu/main.c:460 +#: ../../src/clients/ksu/krb_auth_su.c:114 ../../src/clients/ksu/main.c:473 msgid "while reclaiming root uid" msgstr "" @@ -873,396 +901,399 @@ msgid "" "[-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n" msgstr "" -#: ../../src/clients/ksu/main.c:147 +#: ../../src/clients/ksu/main.c:150 msgid "" "program name too long - quitting to avoid triggering system logging bugs" msgstr "" -#: ../../src/clients/ksu/main.c:173 +#: ../../src/clients/ksu/main.c:176 msgid "while allocating memory" msgstr "" -#: ../../src/clients/ksu/main.c:186 +#: ../../src/clients/ksu/main.c:189 msgid "while setting euid to source user" msgstr "" -#: ../../src/clients/ksu/main.c:196 ../../src/clients/ksu/main.c:231 +#: ../../src/clients/ksu/main.c:199 ../../src/clients/ksu/main.c:234 #, c-format msgid "Bad lifetime value (%s hours?)\n" msgstr "" -#: ../../src/clients/ksu/main.c:208 ../../src/clients/ksu/main.c:293 +#: ../../src/clients/ksu/main.c:211 ../../src/clients/ksu/main.c:296 msgid "when gathering parameters" msgstr "" -#: ../../src/clients/ksu/main.c:252 +#: ../../src/clients/ksu/main.c:255 #, c-format msgid "-z option is mutually exclusive with -Z.\n" msgstr "" -#: ../../src/clients/ksu/main.c:260 +#: ../../src/clients/ksu/main.c:263 #, c-format msgid "-Z option is mutually exclusive with -z.\n" msgstr "" -#: ../../src/clients/ksu/main.c:273 +#: ../../src/clients/ksu/main.c:276 #, c-format msgid "while looking for credentials cache %s" msgstr "" -#: ../../src/clients/ksu/main.c:279 +#: ../../src/clients/ksu/main.c:282 #, c-format msgid "malformed credential cache name %s\n" msgstr "" -#: ../../src/clients/ksu/main.c:337 +#: ../../src/clients/ksu/main.c:340 #, c-format msgid "ksu: who are you?\n" msgstr "" -#: ../../src/clients/ksu/main.c:341 +#: ../../src/clients/ksu/main.c:344 #, c-format msgid "Your uid doesn't match your passwd entry?!\n" msgstr "" -#: ../../src/clients/ksu/main.c:356 +#: ../../src/clients/ksu/main.c:359 #, c-format msgid "ksu: unknown login %s\n" msgstr "" -#: ../../src/clients/ksu/main.c:376 +#: ../../src/clients/ksu/main.c:379 msgid "while getting source cache" msgstr "" -#: ../../src/clients/ksu/main.c:385 +#: ../../src/clients/ksu/main.c:388 msgid "while selecting the best principal" msgstr "" -#: ../../src/clients/ksu/main.c:393 +#: ../../src/clients/ksu/main.c:396 msgid "while returning to source uid after finding best principal" msgstr "" -#: ../../src/clients/ksu/main.c:413 +#: ../../src/clients/ksu/main.c:416 #, c-format msgid "account %s: authorization failed\n" msgstr "" -#: ../../src/clients/ksu/main.c:438 +#: ../../src/clients/ksu/main.c:451 msgid "while parsing temporary name" msgstr "" -#: ../../src/clients/ksu/main.c:443 +#: ../../src/clients/ksu/main.c:456 msgid "while creating temporary cache" msgstr "" -#: ../../src/clients/ksu/main.c:449 ../../src/clients/ksu/main.c:689 +#: ../../src/clients/ksu/main.c:462 ../../src/clients/ksu/main.c:702 #, c-format msgid "while copying cache %s to %s" msgstr "" -#: ../../src/clients/ksu/main.c:467 +#: ../../src/clients/ksu/main.c:480 #, c-format msgid "" "WARNING: Your password may be exposed if you enter it here and are logged\n" msgstr "" -#: ../../src/clients/ksu/main.c:469 +#: ../../src/clients/ksu/main.c:482 #, c-format msgid " in remotely using an unsecure (non-encrypted) channel.\n" msgstr "" -#: ../../src/clients/ksu/main.c:475 +#: ../../src/clients/ksu/main.c:488 #, c-format msgid "Goodbye\n" msgstr "" -#: ../../src/clients/ksu/main.c:479 +#: ../../src/clients/ksu/main.c:492 #, c-format msgid "Could not get a tgt for " msgstr "" -#: ../../src/clients/ksu/main.c:501 +#: ../../src/clients/ksu/main.c:514 #, c-format msgid "Authentication failed.\n" msgstr "" -#: ../../src/clients/ksu/main.c:509 +#: ../../src/clients/ksu/main.c:522 msgid "When unparsing name" msgstr "" -#: ../../src/clients/ksu/main.c:513 +#: ../../src/clients/ksu/main.c:526 #, c-format msgid "Authenticated %s\n" msgstr "" -#: ../../src/clients/ksu/main.c:520 +#: ../../src/clients/ksu/main.c:533 msgid "while switching to target for authorization check" msgstr "" -#: ../../src/clients/ksu/main.c:527 +#: ../../src/clients/ksu/main.c:540 msgid "while checking authorization" msgstr "" -#: ../../src/clients/ksu/main.c:533 +#: ../../src/clients/ksu/main.c:546 msgid "while switching back from target after authorization check" msgstr "" -#: ../../src/clients/ksu/main.c:540 +#: ../../src/clients/ksu/main.c:553 #, c-format msgid "Account %s: authorization for %s for execution of\n" msgstr "" -#: ../../src/clients/ksu/main.c:542 +#: ../../src/clients/ksu/main.c:555 #, c-format msgid " %s successful\n" msgstr "" -#: ../../src/clients/ksu/main.c:548 +#: ../../src/clients/ksu/main.c:561 #, c-format msgid "Account %s: authorization for %s successful\n" msgstr "" -#: ../../src/clients/ksu/main.c:560 +#: ../../src/clients/ksu/main.c:573 #, c-format msgid "Account %s: authorization for %s for execution of %s failed\n" msgstr "" -#: ../../src/clients/ksu/main.c:568 +#: ../../src/clients/ksu/main.c:581 #, c-format msgid "Account %s: authorization of %s failed\n" msgstr "" -#: ../../src/clients/ksu/main.c:583 +#: ../../src/clients/ksu/main.c:596 msgid "while calling cc_filter" msgstr "" -#: ../../src/clients/ksu/main.c:591 +#: ../../src/clients/ksu/main.c:604 msgid "while erasing target cache" msgstr "" -#: ../../src/clients/ksu/main.c:611 +#: ../../src/clients/ksu/main.c:624 #, c-format msgid "ksu: permission denied (shell).\n" msgstr "" -#: ../../src/clients/ksu/main.c:620 +#: ../../src/clients/ksu/main.c:633 #, c-format msgid "ksu: couldn't set environment variable USER\n" msgstr "" -#: ../../src/clients/ksu/main.c:626 +#: ../../src/clients/ksu/main.c:639 #, c-format msgid "ksu: couldn't set environment variable HOME\n" msgstr "" -#: ../../src/clients/ksu/main.c:631 +#: ../../src/clients/ksu/main.c:644 #, c-format msgid "ksu: couldn't set environment variable SHELL\n" msgstr "" -#: ../../src/clients/ksu/main.c:642 +#: ../../src/clients/ksu/main.c:655 #, c-format msgid "ksu: initgroups failed.\n" msgstr "" -#: ../../src/clients/ksu/main.c:647 +#: ../../src/clients/ksu/main.c:660 #, c-format msgid "Leaving uid as %s (%ld)\n" msgstr "" -#: ../../src/clients/ksu/main.c:650 +#: ../../src/clients/ksu/main.c:663 #, c-format msgid "Changing uid to %s (%ld)\n" msgstr "" -#: ../../src/clients/ksu/main.c:676 +#: ../../src/clients/ksu/main.c:689 msgid "while getting name of target ccache" msgstr "" -#: ../../src/clients/ksu/main.c:696 +#: ../../src/clients/ksu/main.c:709 #, c-format msgid "%s does not have correct permissions for %s, %s aborted" msgstr "" -#: ../../src/clients/ksu/main.c:717 +#: ../../src/clients/ksu/main.c:730 #, c-format msgid "Internal error: command %s did not get resolved\n" msgstr "" -#: ../../src/clients/ksu/main.c:734 ../../src/clients/ksu/main.c:770 +#: ../../src/clients/ksu/main.c:747 ../../src/clients/ksu/main.c:783 #, c-format msgid "while trying to execv %s" msgstr "" -#: ../../src/clients/ksu/main.c:760 +#: ../../src/clients/ksu/main.c:773 msgid "while calling waitpid" msgstr "" -#: ../../src/clients/ksu/main.c:765 +#: ../../src/clients/ksu/main.c:778 msgid "while trying to fork." msgstr "" -#: ../../src/clients/ksu/main.c:787 +#: ../../src/clients/ksu/main.c:800 msgid "while reading cache name from ccache" msgstr "" -#: ../../src/clients/ksu/main.c:793 +#: ../../src/clients/ksu/main.c:806 #, c-format msgid "ksu: couldn't set environment variable %s\n" msgstr "" -#: ../../src/clients/ksu/main.c:819 +#: ../../src/clients/ksu/main.c:832 msgid "while resetting target ccache name" msgstr "" -#: ../../src/clients/ksu/main.c:833 +#: ../../src/clients/ksu/main.c:846 msgid "while determining target ccache name" msgstr "" -#: ../../src/clients/ksu/main.c:872 +#: ../../src/clients/ksu/main.c:885 msgid "while generating part of the target ccache name" msgstr "" -#: ../../src/clients/ksu/main.c:878 +#: ../../src/clients/ksu/main.c:891 msgid "while allocating memory for the target ccache name" msgstr "" -#: ../../src/clients/ksu/main.c:897 +#: ../../src/clients/ksu/main.c:910 msgid "while creating new target ccache" msgstr "" -#: ../../src/clients/ksu/main.c:903 +#: ../../src/clients/ksu/main.c:916 msgid "while initializing target cache" msgstr "" -#: ../../src/clients/ksu/main.c:943 +#: ../../src/clients/ksu/main.c:956 #, c-format msgid "terminal name %s too long\n" msgstr "" -#: ../../src/clients/ksu/main.c:971 +#: ../../src/clients/ksu/main.c:984 msgid "while changing to target uid for destroying ccache" msgstr "" -#: ../../src/clients/kswitch/kswitch.c:44 +#: ../../src/clients/kswitch/kswitch.c:41 #, c-format msgid "Usage: %s {-c cache_name | -p principal}\n" msgstr "" -#: ../../src/clients/kswitch/kswitch.c:46 +#: ../../src/clients/kswitch/kswitch.c:43 #, c-format msgid "\t-p specify name of principal\n" msgstr "" -#: ../../src/clients/kswitch/kswitch.c:69 +#: ../../src/clients/kswitch/kswitch.c:66 #, c-format msgid "Only one -c or -p option allowed\n" msgstr "" -#: ../../src/clients/kswitch/kswitch.c:88 +#: ../../src/clients/kswitch/kswitch.c:85 #, c-format msgid "One of -c or -p must be specified\n" msgstr "" -#: ../../src/clients/kswitch/kswitch.c:104 +#: ../../src/clients/kswitch/kswitch.c:101 #, c-format msgid "while resolving %s" msgstr "" -#: ../../src/clients/kswitch/kswitch.c:110 ../../src/clients/kvno/kvno.c:177 -#: ../../src/clients/kvno/kvno.c:318 ../../src/kadmin/cli/keytab.c:373 -#: ../../src/kadmin/dbutil/kdb5_util.c:584 -#, c-format -msgid "while parsing principal name %s" -msgstr "" - -#: ../../src/clients/kswitch/kswitch.c:125 +#: ../../src/clients/kswitch/kswitch.c:122 msgid "while switching to credential cache" msgstr "" -#: ../../src/clients/kvno/kvno.c:44 +#: ../../src/clients/kvno/kvno.c:41 #, c-format msgid "usage: %s [-C] [-u] [-c ccache] [-e etype]\n" msgstr "" -#: ../../src/clients/kvno/kvno.c:45 +#: ../../src/clients/kvno/kvno.c:42 #, c-format msgid "\t[-k keytab] [-S sname] [-U for_user [-P]]\n" msgstr "" -#: ../../src/clients/kvno/kvno.c:46 +#: ../../src/clients/kvno/kvno.c:43 #, c-format -msgid "\tservice1 service2 ...\n" +msgid "\t[--u2u ccache] service1 service2 ...\n" msgstr "" -#: ../../src/clients/kvno/kvno.c:99 ../../src/clients/kvno/kvno.c:107 +#: ../../src/clients/kvno/kvno.c:102 ../../src/clients/kvno/kvno.c:110 #, c-format msgid "Options -u and -S are mutually exclusive\n" msgstr "" -#: ../../src/clients/kvno/kvno.c:122 +#: ../../src/clients/kvno/kvno.c:127 +#, c-format +msgid "Options --u2u and -P are mutually exclusive\n" +msgstr "" + +#: ../../src/clients/kvno/kvno.c:133 #, c-format msgid "Option -P (constrained delegation) requires keytab to be specified\n" msgstr "" -#: ../../src/clients/kvno/kvno.c:126 +#: ../../src/clients/kvno/kvno.c:137 #, c-format msgid "" "Option -P (constrained delegation) requires option -U (protocol transition)\n" msgstr "" -#: ../../src/clients/kvno/kvno.c:185 +#: ../../src/clients/kvno/kvno.c:197 #, c-format msgid "while formatting parsed principal name for '%s'" msgstr "" -#: ../../src/clients/kvno/kvno.c:196 +#: ../../src/clients/kvno/kvno.c:211 msgid "client and server principal names must match" msgstr "" -#: ../../src/clients/kvno/kvno.c:212 +#: ../../src/clients/kvno/kvno.c:227 #, c-format msgid "while getting credentials for %s" msgstr "" -#: ../../src/clients/kvno/kvno.c:219 +#: ../../src/clients/kvno/kvno.c:234 #, c-format msgid "while decoding ticket for %s" msgstr "" -#: ../../src/clients/kvno/kvno.c:230 +#: ../../src/clients/kvno/kvno.c:245 #, c-format msgid "while decrypting ticket for %s" msgstr "" -#: ../../src/clients/kvno/kvno.c:234 +#: ../../src/clients/kvno/kvno.c:249 #, c-format msgid "%s: kvno = %d, keytab entry valid\n" msgstr "" -#: ../../src/clients/kvno/kvno.c:248 +#: ../../src/clients/kvno/kvno.c:263 #, c-format msgid "%s: constrained delegation failed" msgstr "" -#: ../../src/clients/kvno/kvno.c:255 +#: ../../src/clients/kvno/kvno.c:270 #, c-format msgid "%s: kvno = %d\n" msgstr "" -#: ../../src/clients/kvno/kvno.c:282 ../../src/kadmin/cli/kadmin.c:309 +#: ../../src/clients/kvno/kvno.c:337 ../../src/kadmin/cli/kadmin.c:311 msgid "while initializing krb5 library" msgstr "" -#: ../../src/clients/kvno/kvno.c:289 +#: ../../src/clients/kvno/kvno.c:344 msgid "while converting etype" msgstr "" -#: ../../src/clients/kvno/kvno.c:301 +#: ../../src/clients/kvno/kvno.c:356 msgid "while opening ccache" msgstr "" -#: ../../src/clients/kvno/kvno.c:325 +#: ../../src/clients/kvno/kvno.c:381 +#, c-format +msgid "while getting user-to-user ticket from %s" +msgstr "" + +#: ../../src/clients/kvno/kvno.c:390 msgid "while getting client principal name" msgstr "" @@ -1277,298 +1308,298 @@ msgid "" "\t\t\tLook at each database documentation for supported arguments\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:162 +#: ../../src/kadmin/cli/kadmin.c:164 #, c-format msgid "Invalid date specification \"%s\".\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:190 +#: ../../src/kadmin/cli/kadmin.c:192 #, c-format msgid "Interval specification \"%s\" is in the past.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:320 ../../src/kadmin/cli/kadmin.c:359 +#: ../../src/kadmin/cli/kadmin.c:322 ../../src/kadmin/cli/kadmin.c:361 #, c-format msgid "%s: Cannot initialize. Not enough memory\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:378 ../../src/kadmin/cli/kadmin.c:838 -#: ../../src/kadmin/cli/kadmin.c:1103 ../../src/kadmin/cli/kadmin.c:1618 -#: ../../src/kadmin/cli/keytab.c:148 ../../src/kadmin/dbutil/kdb5_util.c:599 +#: ../../src/kadmin/cli/kadmin.c:380 ../../src/kadmin/cli/kadmin.c:840 +#: ../../src/kadmin/cli/kadmin.c:1105 ../../src/kadmin/cli/kadmin.c:1620 +#: ../../src/kadmin/cli/keytab.c:148 ../../src/kadmin/dbutil/kdb5_util.c:562 #, c-format msgid "while parsing keysalts %s" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:401 +#: ../../src/kadmin/cli/kadmin.c:403 #, c-format msgid "%s: -q is exclusive with command-line query" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:409 +#: ../../src/kadmin/cli/kadmin.c:411 #, c-format msgid "%s: unable to get default realm\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:429 +#: ../../src/kadmin/cli/kadmin.c:431 msgid "while opening default credentials cache" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:435 +#: ../../src/kadmin/cli/kadmin.c:437 #, c-format msgid "while opening credentials cache %s" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:457 ../../src/kadmin/cli/kadmin.c:511 -#: ../../src/kadmin/cli/kadmin.c:519 ../../src/kadmin/cli/kadmin.c:526 +#: ../../src/kadmin/cli/kadmin.c:459 ../../src/kadmin/cli/kadmin.c:513 +#: ../../src/kadmin/cli/kadmin.c:521 ../../src/kadmin/cli/kadmin.c:528 #, c-format msgid "%s: out of memory\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:466 ../../src/kadmin/cli/kadmin.c:481 -#: ../../src/slave/kpropd.c:680 +#: ../../src/kadmin/cli/kadmin.c:468 ../../src/kadmin/cli/kadmin.c:483 +#: ../../src/kprop/kpropd.c:680 msgid "while canonicalizing principal name" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:475 +#: ../../src/kadmin/cli/kadmin.c:477 msgid "creating host service principal" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:488 +#: ../../src/kadmin/cli/kadmin.c:490 #, c-format msgid "%s: unable to canonicalize principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:531 +#: ../../src/kadmin/cli/kadmin.c:533 #, c-format msgid "%s: unable to figure out a principal name\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:538 +#: ../../src/kadmin/cli/kadmin.c:540 msgid "while setting up logging" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:547 +#: ../../src/kadmin/cli/kadmin.c:549 #, c-format msgid "Authenticating as principal %s with existing credentials.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:553 +#: ../../src/kadmin/cli/kadmin.c:555 #, c-format msgid "Authenticating as principal %s with password; anonymous requested.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:560 +#: ../../src/kadmin/cli/kadmin.c:562 #, c-format msgid "Authenticating as principal %s with keytab %s.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:563 +#: ../../src/kadmin/cli/kadmin.c:565 #, c-format msgid "Authenticating as principal %s with default keytab.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:570 +#: ../../src/kadmin/cli/kadmin.c:572 #, c-format msgid "Authenticating as principal %s with password.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:578 ../../src/slave/kpropd.c:727 +#: ../../src/kadmin/cli/kadmin.c:580 ../../src/kprop/kpropd.c:727 #, c-format msgid "while initializing %s interface" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:593 +#: ../../src/kadmin/cli/kadmin.c:595 #, c-format msgid "while closing ccache %s" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:599 +#: ../../src/kadmin/cli/kadmin.c:601 msgid "while mapping update log" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:615 +#: ../../src/kadmin/cli/kadmin.c:617 msgid "while unlocking locked database" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:624 +#: ../../src/kadmin/cli/kadmin.c:626 msgid "Administration credentials NOT DESTROYED.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:673 +#: ../../src/kadmin/cli/kadmin.c:675 msgid "usage: delete_principal [-force] principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:678 ../../src/kadmin/cli/kadmin.c:853 +#: ../../src/kadmin/cli/kadmin.c:680 ../../src/kadmin/cli/kadmin.c:855 msgid "while parsing principal name" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:684 ../../src/kadmin/cli/kadmin.c:859 -#: ../../src/kadmin/cli/kadmin.c:1212 ../../src/kadmin/cli/kadmin.c:1337 -#: ../../src/kadmin/cli/kadmin.c:1407 ../../src/kadmin/cli/kadmin.c:1841 -#: ../../src/kadmin/cli/kadmin.c:1885 ../../src/kadmin/cli/kadmin.c:1931 -#: ../../src/kadmin/cli/kadmin.c:1971 +#: ../../src/kadmin/cli/kadmin.c:686 ../../src/kadmin/cli/kadmin.c:861 +#: ../../src/kadmin/cli/kadmin.c:1214 ../../src/kadmin/cli/kadmin.c:1339 +#: ../../src/kadmin/cli/kadmin.c:1409 ../../src/kadmin/cli/kadmin.c:1843 +#: ../../src/kadmin/cli/kadmin.c:1887 ../../src/kadmin/cli/kadmin.c:1933 +#: ../../src/kadmin/cli/kadmin.c:1973 msgid "while canonicalizing principal" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:688 +#: ../../src/kadmin/cli/kadmin.c:690 #, c-format msgid "Are you sure you want to delete the principal \"%s\"? (yes/no): " msgstr "" -#: ../../src/kadmin/cli/kadmin.c:692 +#: ../../src/kadmin/cli/kadmin.c:694 #, c-format msgid "Principal \"%s\" not deleted\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:699 +#: ../../src/kadmin/cli/kadmin.c:701 #, c-format msgid "while deleting principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:702 +#: ../../src/kadmin/cli/kadmin.c:704 #, c-format msgid "Principal \"%s\" deleted.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:703 +#: ../../src/kadmin/cli/kadmin.c:705 msgid "" "Make sure that you have removed this principal from all ACLs before " "reusing.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:720 +#: ../../src/kadmin/cli/kadmin.c:722 msgid "usage: rename_principal [-force] old_principal new_principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:727 +#: ../../src/kadmin/cli/kadmin.c:729 msgid "while parsing old principal name" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:733 +#: ../../src/kadmin/cli/kadmin.c:735 msgid "while parsing new principal name" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:739 +#: ../../src/kadmin/cli/kadmin.c:741 msgid "while canonicalizing old principal" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:745 +#: ../../src/kadmin/cli/kadmin.c:747 msgid "while canonicalizing new principal" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:749 +#: ../../src/kadmin/cli/kadmin.c:751 #, c-format msgid "" "Are you sure you want to rename the principal \"%s\" to \"%s\"? (yes/no): " msgstr "" -#: ../../src/kadmin/cli/kadmin.c:753 +#: ../../src/kadmin/cli/kadmin.c:755 #, c-format msgid "Principal \"%s\" not renamed\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:760 +#: ../../src/kadmin/cli/kadmin.c:762 #, c-format msgid "while renaming principal \"%s\" to \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:764 +#: ../../src/kadmin/cli/kadmin.c:766 #, c-format msgid "Principal \"%s\" renamed to \"%s\".\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:765 +#: ../../src/kadmin/cli/kadmin.c:767 msgid "" "Make sure that you have removed the old principal from all ACLs before " "reusing.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:780 +#: ../../src/kadmin/cli/kadmin.c:782 msgid "" "usage: change_password [-randkey] [-keepold] [-e keysaltlist] [-pw password] " "principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:806 +#: ../../src/kadmin/cli/kadmin.c:808 msgid "change_password: missing db argument" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:812 +#: ../../src/kadmin/cli/kadmin.c:814 msgid "change_password: Not enough memory\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:820 +#: ../../src/kadmin/cli/kadmin.c:822 msgid "change_password: missing password arg" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:831 +#: ../../src/kadmin/cli/kadmin.c:833 msgid "change_password: missing keysaltlist arg" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:847 +#: ../../src/kadmin/cli/kadmin.c:849 msgid "missing principal name" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:871 ../../src/kadmin/cli/kadmin.c:908 +#: ../../src/kadmin/cli/kadmin.c:873 ../../src/kadmin/cli/kadmin.c:910 #, c-format msgid "while changing password for \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:874 ../../src/kadmin/cli/kadmin.c:911 +#: ../../src/kadmin/cli/kadmin.c:876 ../../src/kadmin/cli/kadmin.c:913 #, c-format msgid "Password for \"%s\" changed.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:880 ../../src/kadmin/cli/kadmin.c:1288 +#: ../../src/kadmin/cli/kadmin.c:882 ../../src/kadmin/cli/kadmin.c:1290 #, c-format msgid "while randomizing key for \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:883 +#: ../../src/kadmin/cli/kadmin.c:885 #, c-format msgid "Key for \"%s\" randomized.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:888 ../../src/kadmin/cli/kadmin.c:1248 +#: ../../src/kadmin/cli/kadmin.c:890 ../../src/kadmin/cli/kadmin.c:1250 #, c-format msgid "Enter password for principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:890 ../../src/kadmin/cli/kadmin.c:1250 +#: ../../src/kadmin/cli/kadmin.c:892 ../../src/kadmin/cli/kadmin.c:1252 #, c-format msgid "Re-enter password for principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:895 ../../src/kadmin/cli/kadmin.c:1254 +#: ../../src/kadmin/cli/kadmin.c:897 ../../src/kadmin/cli/kadmin.c:1256 #, c-format msgid "while reading password for \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:949 +#: ../../src/kadmin/cli/kadmin.c:951 msgid "Not enough memory\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:979 ../../src/kadmin/dbutil/kdb5_util.c:631 +#: ../../src/kadmin/cli/kadmin.c:981 ../../src/kadmin/dbutil/kdb5_util.c:594 msgid "while getting time" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1120 ../../src/kadmin/cli/kadmin.c:1331 -#: ../../src/kadmin/cli/kadmin.c:1402 ../../src/kadmin/cli/kadmin.c:1835 -#: ../../src/kadmin/cli/kadmin.c:1879 ../../src/kadmin/cli/kadmin.c:1925 -#: ../../src/kadmin/cli/kadmin.c:1965 +#: ../../src/kadmin/cli/kadmin.c:1122 ../../src/kadmin/cli/kadmin.c:1333 +#: ../../src/kadmin/cli/kadmin.c:1404 ../../src/kadmin/cli/kadmin.c:1837 +#: ../../src/kadmin/cli/kadmin.c:1881 ../../src/kadmin/cli/kadmin.c:1927 +#: ../../src/kadmin/cli/kadmin.c:1967 msgid "while parsing principal" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1129 +#: ../../src/kadmin/cli/kadmin.c:1131 msgid "usage: add_principal [options] principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1130 ../../src/kadmin/cli/kadmin.c:1154 -#: ../../src/kadmin/cli/kadmin.c:1641 +#: ../../src/kadmin/cli/kadmin.c:1132 ../../src/kadmin/cli/kadmin.c:1156 +#: ../../src/kadmin/cli/kadmin.c:1643 msgid "\toptions are:\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1131 +#: ../../src/kadmin/cli/kadmin.c:1133 msgid "" "\t\t[-randkey|-nokey] [-x db_princ_args]* [-expire expdate] [-pwexpire " "pwexpdate] [-maxlife maxtixlife]\n" @@ -1578,11 +1609,11 @@ msgid "" "\t\t[{+|-}attribute]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1136 ../../src/kadmin/cli/kadmin.c:1159 +#: ../../src/kadmin/cli/kadmin.c:1138 ../../src/kadmin/cli/kadmin.c:1161 msgid "\tattributes are:\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1137 ../../src/kadmin/cli/kadmin.c:1160 +#: ../../src/kadmin/cli/kadmin.c:1139 ../../src/kadmin/cli/kadmin.c:1162 msgid "" "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n" "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n" @@ -1595,11 +1626,11 @@ msgid "" "\t\t\tLook at each database documentation for supported arguments\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1153 +#: ../../src/kadmin/cli/kadmin.c:1155 msgid "usage: modify_principal [options] principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1155 +#: ../../src/kadmin/cli/kadmin.c:1157 msgid "" "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife " "maxtixlife]\n" @@ -1607,170 +1638,170 @@ msgid "" "\t\t[-maxrenewlife maxrenewlife] [-unlock] [{+|-}attribute]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1219 ../../src/kadmin/cli/kadmin.c:1360 +#: ../../src/kadmin/cli/kadmin.c:1221 ../../src/kadmin/cli/kadmin.c:1362 #, c-format msgid "WARNING: policy \"%s\" does not exist\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1226 +#: ../../src/kadmin/cli/kadmin.c:1228 #, c-format msgid "NOTICE: no policy specified for %s; assigning \"default\"\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1232 +#: ../../src/kadmin/cli/kadmin.c:1234 #, c-format msgid "WARNING: no policy specified for %s; defaulting to no policy\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1274 +#: ../../src/kadmin/cli/kadmin.c:1276 #, c-format msgid "Admin server does not support -nokey while creating \"%s\"\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1296 +#: ../../src/kadmin/cli/kadmin.c:1298 #, c-format msgid "while clearing DISALLOW_ALL_TIX for \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1343 +#: ../../src/kadmin/cli/kadmin.c:1345 #, c-format msgid "while getting \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1369 +#: ../../src/kadmin/cli/kadmin.c:1371 #, c-format msgid "while modifying \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1373 +#: ../../src/kadmin/cli/kadmin.c:1375 #, c-format msgid "Principal \"%s\" modified.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1394 +#: ../../src/kadmin/cli/kadmin.c:1396 msgid "usage: get_principal [-terse] principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1413 +#: ../../src/kadmin/cli/kadmin.c:1415 #, c-format msgid "while retrieving \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1418 ../../src/kadmin/cli/kadmin.c:1423 +#: ../../src/kadmin/cli/kadmin.c:1420 ../../src/kadmin/cli/kadmin.c:1425 msgid "while unparsing principal" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1427 +#: ../../src/kadmin/cli/kadmin.c:1429 #, c-format msgid "Principal: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1428 +#: ../../src/kadmin/cli/kadmin.c:1430 #, c-format msgid "Expiration date: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1429 ../../src/kadmin/cli/kadmin.c:1431 -#: ../../src/kadmin/cli/kadmin.c:1434 ../../src/kadmin/cli/kadmin.c:1442 +#: ../../src/kadmin/cli/kadmin.c:1431 ../../src/kadmin/cli/kadmin.c:1433 +#: ../../src/kadmin/cli/kadmin.c:1436 ../../src/kadmin/cli/kadmin.c:1444 msgid "[never]" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1430 +#: ../../src/kadmin/cli/kadmin.c:1432 #, c-format msgid "Last password change: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1432 +#: ../../src/kadmin/cli/kadmin.c:1434 #, c-format msgid "Password expiration date: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1435 +#: ../../src/kadmin/cli/kadmin.c:1437 #, c-format msgid "Maximum ticket life: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1436 +#: ../../src/kadmin/cli/kadmin.c:1438 #, c-format msgid "Maximum renewable life: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1438 +#: ../../src/kadmin/cli/kadmin.c:1440 #, c-format msgid "Last modified: %s (%s)\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1440 +#: ../../src/kadmin/cli/kadmin.c:1442 #, c-format msgid "Last successful authentication: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1446 +#: ../../src/kadmin/cli/kadmin.c:1448 #, c-format msgid "Failed password attempts: %d\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1448 +#: ../../src/kadmin/cli/kadmin.c:1450 #, c-format msgid "Number of keys: %d\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1455 +#: ../../src/kadmin/cli/kadmin.c:1457 #, c-format msgid "<Encryption type 0x%x>" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1462 +#: ../../src/kadmin/cli/kadmin.c:1464 #, c-format msgid "<Salt type 0x%x>" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1468 +#: ../../src/kadmin/cli/kadmin.c:1470 #, c-format msgid "MKey: vno %d\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1470 +#: ../../src/kadmin/cli/kadmin.c:1472 #, c-format msgid "Attributes:" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1473 +#: ../../src/kadmin/cli/kadmin.c:1475 msgid "while printing flags" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1482 +#: ../../src/kadmin/cli/kadmin.c:1484 msgid "[none]" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1484 +#: ../../src/kadmin/cli/kadmin.c:1486 msgid " [does not exist]" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1485 +#: ../../src/kadmin/cli/kadmin.c:1487 #, c-format msgid "Policy: %s%s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1521 +#: ../../src/kadmin/cli/kadmin.c:1523 msgid "usage: get_principals [expression]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1526 ../../src/kadmin/cli/kadmin.c:1777 +#: ../../src/kadmin/cli/kadmin.c:1528 ../../src/kadmin/cli/kadmin.c:1779 msgid "while retrieving list." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1631 +#: ../../src/kadmin/cli/kadmin.c:1633 #, c-format msgid "%s: parser lost count!\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1640 +#: ../../src/kadmin/cli/kadmin.c:1642 #, c-format msgid "usage; %s [options] policy\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1642 +#: ../../src/kadmin/cli/kadmin.c:1644 msgid "" "\t\t[-maxlife time] [-minlife time] [-minlength length]\n" "\t\t[-minclasses number] [-history number]\n" @@ -1778,172 +1809,172 @@ msgid "" "\t\t[-allowedkeysalts keysalts]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1646 +#: ../../src/kadmin/cli/kadmin.c:1648 msgid "\t\t[-lockoutduration time]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1665 +#: ../../src/kadmin/cli/kadmin.c:1667 #, c-format msgid "while creating policy \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1686 +#: ../../src/kadmin/cli/kadmin.c:1688 #, c-format msgid "while modifying policy \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1698 +#: ../../src/kadmin/cli/kadmin.c:1700 msgid "usage: delete_policy [-force] policy\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1702 +#: ../../src/kadmin/cli/kadmin.c:1704 #, c-format msgid "Are you sure you want to delete the policy \"%s\"? (yes/no): " msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1706 +#: ../../src/kadmin/cli/kadmin.c:1708 #, c-format msgid "Policy \"%s\" not deleted.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1712 +#: ../../src/kadmin/cli/kadmin.c:1714 #, c-format msgid "while deleting policy \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1724 +#: ../../src/kadmin/cli/kadmin.c:1726 msgid "usage: get_policy [-terse] policy\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1729 +#: ../../src/kadmin/cli/kadmin.c:1731 #, c-format msgid "while retrieving policy \"%s\"." msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1734 +#: ../../src/kadmin/cli/kadmin.c:1736 #, c-format msgid "Policy: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1735 +#: ../../src/kadmin/cli/kadmin.c:1737 #, c-format msgid "Maximum password life: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1736 +#: ../../src/kadmin/cli/kadmin.c:1738 #, c-format msgid "Minimum password life: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1737 +#: ../../src/kadmin/cli/kadmin.c:1739 #, c-format msgid "Minimum password length: %ld\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1738 +#: ../../src/kadmin/cli/kadmin.c:1740 #, c-format msgid "Minimum number of password character classes: %ld\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1740 +#: ../../src/kadmin/cli/kadmin.c:1742 #, c-format msgid "Number of old keys kept: %ld\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1741 +#: ../../src/kadmin/cli/kadmin.c:1743 #, c-format msgid "Maximum password failures before lockout: %lu\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1743 +#: ../../src/kadmin/cli/kadmin.c:1745 #, c-format msgid "Password failure count reset interval: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1745 +#: ../../src/kadmin/cli/kadmin.c:1747 #, c-format msgid "Password lockout duration: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1748 +#: ../../src/kadmin/cli/kadmin.c:1750 #, c-format msgid "Allowed key/salt types: %s\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1772 +#: ../../src/kadmin/cli/kadmin.c:1774 msgid "usage: get_policies [expression]\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1794 +#: ../../src/kadmin/cli/kadmin.c:1796 msgid "usage: get_privs\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1799 +#: ../../src/kadmin/cli/kadmin.c:1801 msgid "while retrieving privileges" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1802 +#: ../../src/kadmin/cli/kadmin.c:1804 #, c-format msgid "current privileges:" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1828 +#: ../../src/kadmin/cli/kadmin.c:1830 msgid "usage: purgekeys [-all|-keepkvno oldest_kvno_to_keep] principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1848 +#: ../../src/kadmin/cli/kadmin.c:1850 #, c-format msgid "while purging keys for principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1853 +#: ../../src/kadmin/cli/kadmin.c:1855 #, c-format msgid "All keys for principal \"%s\" removed.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1855 +#: ../../src/kadmin/cli/kadmin.c:1857 #, c-format msgid "Old keys for principal \"%s\" purged.\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1872 +#: ../../src/kadmin/cli/kadmin.c:1874 msgid "usage: get_strings principal\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1892 +#: ../../src/kadmin/cli/kadmin.c:1894 #, c-format msgid "while getting attributes for principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1897 +#: ../../src/kadmin/cli/kadmin.c:1899 #, c-format msgid "(No string attributes.)\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1916 +#: ../../src/kadmin/cli/kadmin.c:1918 msgid "usage: set_string principal key value\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1938 +#: ../../src/kadmin/cli/kadmin.c:1940 #, c-format msgid "while setting attribute on principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1942 +#: ../../src/kadmin/cli/kadmin.c:1944 #, c-format msgid "Attribute set for principal \"%s\".\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1957 +#: ../../src/kadmin/cli/kadmin.c:1959 msgid "usage: del_string principal key\n" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1978 +#: ../../src/kadmin/cli/kadmin.c:1980 #, c-format msgid "while deleting attribute from principal \"%s\"" msgstr "" -#: ../../src/kadmin/cli/kadmin.c:1982 +#: ../../src/kadmin/cli/kadmin.c:1984 #, c-format msgid "Attribute removed from principal \"%s\".\n" msgstr "" @@ -2061,399 +2092,392 @@ msgstr "" msgid "while renaming dump file into place" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:192 +#: ../../src/kadmin/dbutil/dump.c:196 msgid "while allocating dump_ok filename" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:199 +#: ../../src/kadmin/dbutil/dump.c:202 #, c-format msgid "while creating 'ok' file, '%s'" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:206 +#: ../../src/kadmin/dbutil/dump.c:207 #, c-format msgid "while locking 'ok' file, '%s'" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:250 ../../src/kadmin/dbutil/dump.c:279 +#: ../../src/kadmin/dbutil/dump.c:260 ../../src/kadmin/dbutil/dump.c:289 #, c-format msgid "%s: regular expression error: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:262 +#: ../../src/kadmin/dbutil/dump.c:272 #, c-format msgid "%s: regular expression match error: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:363 +#: ../../src/kadmin/dbutil/dump.c:373 #, c-format msgid "%s: tagged data list inconsistency for %s (counted %d, stored %d)\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:522 +#: ../../src/kadmin/dbutil/dump.c:532 #, c-format msgid "" "Warning! Multiple DES-CBC-CRC keys for principal %s; skipping duplicates.\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:533 +#: ../../src/kadmin/dbutil/dump.c:543 #, c-format msgid "" "Warning! No DES-CBC-CRC key for principal %s, cannot generate OV-compatible " "record; skipping\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:562 +#: ../../src/kadmin/dbutil/dump.c:572 #, c-format msgid "while converting %s to new master key" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:583 +#: ../../src/kadmin/dbutil/dump.c:593 #, c-format msgid "%s(%d): %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:626 +#: ../../src/kadmin/dbutil/dump.c:636 #, c-format msgid "%s(%d): ignoring trash at end of line: " msgstr "" -#: ../../src/kadmin/dbutil/dump.c:689 +#: ../../src/kadmin/dbutil/dump.c:699 msgid "cannot read tagged data type and length" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:693 +#: ../../src/kadmin/dbutil/dump.c:703 msgid "data type or length overflowed" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:700 +#: ../../src/kadmin/dbutil/dump.c:710 msgid "cannot read tagged data contents" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:733 +#: ../../src/kadmin/dbutil/dump.c:743 msgid "cannot match size tokens" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:744 +#: ../../src/kadmin/dbutil/dump.c:754 msgid "cannot allocate tl_data (too large)" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:766 +#: ../../src/kadmin/dbutil/dump.c:776 msgid "cannot read name string" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:771 +#: ../../src/kadmin/dbutil/dump.c:781 #, c-format msgid "while parsing name %s" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:779 +#: ../../src/kadmin/dbutil/dump.c:789 msgid "cannot read principal attributes" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:832 +#: ../../src/kadmin/dbutil/dump.c:842 msgid "cannot read key size and version" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:836 +#: ../../src/kadmin/dbutil/dump.c:846 msgid "unsupported key_data_ver version" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:847 +#: ../../src/kadmin/dbutil/dump.c:857 msgid "cannot read key type and length" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:853 +#: ../../src/kadmin/dbutil/dump.c:863 msgid "cannot read key data" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:863 +#: ../../src/kadmin/dbutil/dump.c:873 msgid "cannot read extra data" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:872 +#: ../../src/kadmin/dbutil/dump.c:882 #, c-format msgid "while storing %s" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:911 ../../src/kadmin/dbutil/dump.c:950 -#: ../../src/kadmin/dbutil/dump.c:996 ../../src/kadmin/dbutil/dump.c:1015 +#: ../../src/kadmin/dbutil/dump.c:921 ../../src/kadmin/dbutil/dump.c:960 +#: ../../src/kadmin/dbutil/dump.c:1006 ../../src/kadmin/dbutil/dump.c:1025 #, c-format msgid "cannot parse policy (%d read)\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:919 ../../src/kadmin/dbutil/dump.c:958 -#: ../../src/kadmin/dbutil/dump.c:1036 +#: ../../src/kadmin/dbutil/dump.c:929 ../../src/kadmin/dbutil/dump.c:968 +#: ../../src/kadmin/dbutil/dump.c:1046 msgid "while creating policy" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:923 +#: ../../src/kadmin/dbutil/dump.c:933 #, c-format msgid "created policy %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1073 +#: ../../src/kadmin/dbutil/dump.c:1083 #, c-format msgid "unknown record type \"%s\"\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1202 +#: ../../src/kadmin/dbutil/dump.c:1212 #, c-format msgid "%s: Unknown iprop dump version %d\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1305 ../../src/kadmin/dbutil/dump.c:1532 +#: ../../src/kadmin/dbutil/dump.c:1316 ../../src/kadmin/dbutil/dump.c:1544 #, c-format msgid "Iprop not enabled\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1342 +#: ../../src/kadmin/dbutil/dump.c:1353 msgid "Conditional dump is an undocumented option for use only for iprop dumps" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1355 +#: ../../src/kadmin/dbutil/dump.c:1366 msgid "Database not currently opened!" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1369 -#: ../../src/kadmin/dbutil/kdb5_stash.c:116 -#: ../../src/kadmin/dbutil/kdb5_util.c:485 +#: ../../src/kadmin/dbutil/dump.c:1380 ../../src/kadmin/dbutil/kdb5_stash.c:116 +#: ../../src/kadmin/dbutil/kdb5_util.c:448 msgid "while reading master key" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1375 +#: ../../src/kadmin/dbutil/dump.c:1386 msgid "while verifying master key" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1394 ../../src/kadmin/dbutil/dump.c:1404 +#: ../../src/kadmin/dbutil/dump.c:1405 ../../src/kadmin/dbutil/dump.c:1415 msgid "while reading new master key" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1398 +#: ../../src/kadmin/dbutil/dump.c:1409 #, c-format msgid "Please enter new master key....\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1422 +#: ../../src/kadmin/dbutil/dump.c:1433 #, c-format msgid "while opening %s for writing" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1437 +#: ../../src/kadmin/dbutil/dump.c:1448 msgid "while reading update log header" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1452 ../../src/kadmin/dbutil/dump.c:1459 +#: ../../src/kadmin/dbutil/dump.c:1463 ../../src/kadmin/dbutil/dump.c:1471 #, c-format msgid "performing %s dump" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1489 +#: ../../src/kadmin/dbutil/dump.c:1501 #, c-format msgid "%s: error processing line %d of %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1541 +#: ../../src/kadmin/dbutil/dump.c:1553 msgid "while parsing options" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1556 +#: ../../src/kadmin/dbutil/dump.c:1568 #, c-format msgid "while opening %s" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1561 ../../src/kadmin/dbutil/dump.c:1660 +#: ../../src/kadmin/dbutil/dump.c:1573 ../../src/kadmin/dbutil/dump.c:1672 msgid "standard input" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1566 +#: ../../src/kadmin/dbutil/dump.c:1578 #, c-format msgid "%s: can't read dump header in %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1574 ../../src/kadmin/dbutil/dump.c:1591 +#: ../../src/kadmin/dbutil/dump.c:1586 ../../src/kadmin/dbutil/dump.c:1603 #, c-format msgid "%s: dump header bad in %s\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1600 +#: ../../src/kadmin/dbutil/dump.c:1612 #, c-format msgid "Could not open iprop ulog\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1605 +#: ../../src/kadmin/dbutil/dump.c:1617 #, c-format msgid "%s: dump version %s can only be loaded with the -update flag\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1614 ../../src/kadmin/dbutil/dump.c:1619 +#: ../../src/kadmin/dbutil/dump.c:1626 ../../src/kadmin/dbutil/dump.c:1631 msgid "computing parameters for database" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1625 +#: ../../src/kadmin/dbutil/dump.c:1637 msgid "while creating database" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1634 +#: ../../src/kadmin/dbutil/dump.c:1646 msgid "while opening database" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1644 +#: ../../src/kadmin/dbutil/dump.c:1656 msgid "while permanently locking database" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1662 +#: ../../src/kadmin/dbutil/dump.c:1674 #, c-format msgid "%s: %s restore failed\n" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1667 +#: ../../src/kadmin/dbutil/dump.c:1679 msgid "while unlocking database" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1677 ../../src/kadmin/dbutil/dump.c:1696 +#: ../../src/kadmin/dbutil/dump.c:1689 ../../src/kadmin/dbutil/dump.c:1708 msgid "while reinitializing update log" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1687 +#: ../../src/kadmin/dbutil/dump.c:1699 msgid "while making newly loaded database live" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1703 +#: ../../src/kadmin/dbutil/dump.c:1715 msgid "while writing update log header" msgstr "" -#: ../../src/kadmin/dbutil/dump.c:1717 +#: ../../src/kadmin/dbutil/dump.c:1729 #, c-format msgid "while deleting bad database %s" msgstr "" -#: ../../src/kadmin/dbutil/kadm5_create.c:84 +#: ../../src/kadmin/dbutil/kadm5_create.c:79 msgid "while looking up the Kerberos configuration" msgstr "" -#: ../../src/kadmin/dbutil/kadm5_create.c:111 +#: ../../src/kadmin/dbutil/kadm5_create.c:105 msgid "while initializing the Kerberos admin interface" msgstr "" -#: ../../src/kadmin/dbutil/kadm5_create.c:158 +#: ../../src/kadmin/dbutil/kadm5_create.c:152 msgid "while canonicalizing local hostname" msgstr "" -#: ../../src/kadmin/dbutil/kadm5_create.c:163 -#: ../../src/kadmin/dbutil/kadm5_create.c:168 +#: ../../src/kadmin/dbutil/kadm5_create.c:157 +#: ../../src/kadmin/dbutil/kadm5_create.c:162 #, c-format msgid "Out of memory\n" msgstr "" -#: ../../src/kadmin/dbutil/kadm5_create.c:244 +#: ../../src/kadmin/dbutil/kadm5_create.c:238 msgid "while appending realm to principal" msgstr "" -#: ../../src/kadmin/dbutil/kadm5_create.c:249 +#: ../../src/kadmin/dbutil/kadm5_create.c:243 msgid "while parsing admin principal name" msgstr "" -#: ../../src/kadmin/dbutil/kadm5_create.c:260 +#: ../../src/kadmin/dbutil/kadm5_create.c:254 #, c-format msgid "while creating principal %s" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:175 -#: ../../src/kadmin/dbutil/kdb5_util.c:244 -#: ../../src/kadmin/dbutil/kdb5_util.c:251 -msgid "while parsing command arguments\n" -msgstr "" - -#: ../../src/kadmin/dbutil/kdb5_create.c:198 +#: ../../src/kadmin/dbutil/kdb5_create.c:191 #, c-format msgid "Loading random data\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:201 +#: ../../src/kadmin/dbutil/kdb5_create.c:194 msgid "Loading random data" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:211 -#: ../../src/kadmin/dbutil/kdb5_util.c:429 +#: ../../src/kadmin/dbutil/kdb5_create.c:204 +#: ../../src/kadmin/dbutil/kdb5_util.c:392 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:608 msgid "while setting up master key name" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:222 +#: ../../src/kadmin/dbutil/kdb5_create.c:215 #, c-format msgid "" "Initializing database '%s' for realm '%s',\n" "master key name '%s'\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:227 +#: ../../src/kadmin/dbutil/kdb5_create.c:220 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:517 #, c-format msgid "You will be prompted for the database Master Password.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:228 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:252 +#: ../../src/kadmin/dbutil/kdb5_create.c:221 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:255 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:518 #, c-format msgid "It is important that you NOT FORGET this password.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:234 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:258 +#: ../../src/kadmin/dbutil/kdb5_create.c:227 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:261 msgid "while creating new master key" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:242 +#: ../../src/kadmin/dbutil/kdb5_create.c:235 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:528 msgid "while reading master key from keyboard" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:252 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:277 +#: ../../src/kadmin/dbutil/kdb5_create.c:245 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:280 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:620 msgid "while calculating master key salt" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:260 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:286 -#: ../../src/kadmin/dbutil/kdb5_util.c:471 +#: ../../src/kadmin/dbutil/kdb5_create.c:253 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:289 +#: ../../src/kadmin/dbutil/kdb5_util.c:434 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:632 msgid "while transforming master key from password" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:270 +#: ../../src/kadmin/dbutil/kdb5_create.c:263 msgid "while initializing random key generator" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:275 +#: ../../src/kadmin/dbutil/kdb5_create.c:268 #, c-format msgid "while creating database '%s'" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:293 +#: ../../src/kadmin/dbutil/kdb5_create.c:286 msgid "while creating update log" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:304 +#: ../../src/kadmin/dbutil/kdb5_create.c:297 msgid "while initializing update log" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:319 +#: ../../src/kadmin/dbutil/kdb5_create.c:312 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:644 msgid "while adding entries to the database" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:347 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:330 +#: ../../src/kadmin/dbutil/kdb5_create.c:340 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:333 #: ../../src/kadmin/dbutil/kdb5_stash.c:133 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:669 msgid "while storing key" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_create.c:348 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:331 +#: ../../src/kadmin/dbutil/kdb5_create.c:341 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:334 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:670 #, c-format msgid "Warning: couldn't stash master key.\n" @@ -2465,7 +2489,7 @@ msgid "Deleting KDC database stored in '%s', are you sure?\n" msgstr "" #: ../../src/kadmin/dbutil/kdb5_destroy.c:71 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1108 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1111 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:360 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1476 #, c-format @@ -2487,292 +2511,292 @@ msgstr "" msgid "** Database '%s' destroyed.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:220 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:223 #, c-format msgid "%s is an invalid enctype" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:242 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:418 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:561 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:938 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1099 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:245 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:421 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:564 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:941 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1102 #, c-format msgid "while getting master key principal %s" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:248 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:251 #, c-format msgid "Creating new master key for master key principal '%s'\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:251 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:254 #, c-format msgid "You will be prompted for a new database Master Password.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:267 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:270 msgid "while reading new master key from keyboard" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:296 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:299 msgid "adding new master key to master principal" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:302 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:387 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:803 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1304 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:305 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:390 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:806 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1307 msgid "while getting current time" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:309 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:519 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1311 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:312 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:522 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1314 msgid "while updating the master key principal modification time" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:316 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:527 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1321 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:319 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:530 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1324 msgid "while adding master key entry to the database" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:368 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:371 msgid "0 is an invalid KVNO value" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:379 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:382 #, c-format msgid "%d is an invalid KVNO value" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:395 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:398 #, c-format msgid "could not parse date-time string '%s'" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:427 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:430 msgid "while looking up active version of master key" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:466 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:469 msgid "while adding new master key" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:504 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:507 msgid "there must be one master key currently active" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:512 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1290 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:515 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1293 msgid "while updating actkvno data for master principal entry" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:553 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:900 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1069 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:556 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:903 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1072 msgid "master keylist not initialized" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:569 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:946 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1196 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:572 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:949 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1199 msgid "while looking up active kvno list" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:577 -#: ../../src/kadmin/dbutil/kdb5_mkey.c:954 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:580 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:957 msgid "while looking up active master key" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:589 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:592 msgid "while getting enctype description" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:606 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:609 #, c-format msgid "KVNO: %d, Enctype: %s, Active on: %s *\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:611 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:614 #, c-format msgid "KVNO: %d, Enctype: %s, Active on: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:615 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:618 #, c-format msgid "KVNO: %d, Enctype: %s, No activate time set\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:620 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:623 msgid "asprintf could not allocate enough memory to hold output" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:753 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:756 msgid "getting string representation of principal name" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:777 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:780 #, c-format msgid "determining master key used for principal '%s'" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:783 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:786 #, c-format msgid "would skip: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:785 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:788 #, c-format msgid "skipping: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:791 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:794 #, c-format msgid "would update: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:795 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:798 #, c-format msgid "updating: %s\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:799 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:802 #, c-format msgid "error re-encrypting key for principal '%s'" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:810 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:813 #, c-format msgid "while updating principal '%s' modification time" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:817 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:820 #, c-format msgid "while updating principal '%s' key data in the database" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:849 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:852 #, c-format msgid "" "\n" "(type 'yes' to confirm)? " msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:911 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:914 #, c-format msgid "converting glob pattern '%s' to regular expression" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:929 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:932 #, c-format msgid "error compiling converted regexp '%s'" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:962 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:965 #, c-format msgid "Re-encrypt all keys not using master key vno %u?" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:964 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:967 #, c-format msgid "OK, doing nothing.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:970 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:973 #, c-format msgid "Principals whose keys WOULD BE re-encrypted to master key vno %u:\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:973 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:976 #, c-format msgid "" "Principals whose keys are being re-encrypted to master key vno %u if " "necessary:\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:989 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:992 msgid "trying to process principal database" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:993 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:996 #, c-format msgid "%u principals processed: %u would be updated, %u already current\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:997 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1000 #, c-format msgid "%u principals processed: %u updated, %u already current\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1106 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1109 #, c-format msgid "" "Will purge all unused master keys stored in the '%s' principal, are you " "sure?\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1117 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1120 #, c-format msgid "OK, purging unused master keys from '%s'...\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1125 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1128 #, c-format msgid "There is only one master key which can not be purged.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1134 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1137 msgid "while allocating args.kvnos" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1150 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1153 msgid "while finding master keys in use" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1159 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1162 #, c-format msgid "Would purge the following master key(s) from %s:\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1162 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1165 #, c-format msgid "Purging the following master key(s) from %s:\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1174 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1177 msgid "master key stash file needs updating, command aborting" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1180 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1183 #, c-format msgid "KVNO: %d\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1185 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1188 #, c-format msgid "All keys in use, nothing purged.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1190 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1193 #, c-format msgid "%d key(s) would be purged.\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1203 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1206 msgid "while looking up mkey aux data list" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1211 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1214 msgid "while allocating key_data" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1298 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1301 msgid "while updating mkey_aux data for master principal entry" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_mkey.c:1325 +#: ../../src/kadmin/dbutil/kdb5_mkey.c:1328 #, c-format msgid "%d key(s) purged.\n" msgstr "" @@ -2795,9 +2819,9 @@ msgstr "" #: ../../src/kadmin/dbutil/kdb5_util.c:80 #, c-format msgid "" -"Usage: kdb5_util [-x db_args]* [-r realm] [-d dbname] [-k mkeytype] [-M " -"mkeyname]\n" -"\t [-kv mkeyVNO] [-sf stashfilename] [-m] cmd [cmd_options]\n" +"Usage: kdb5_util [-r realm] [-d dbname] [-k mkeytype] [-kv mkeyVNO]\n" +"\t [-M mkeyname] [-m] [-sf stashfilename] [-P password]\n" +"\t [-x db_args]* cmd [cmd_options]\n" "\tcreate [-s]\n" "\tdestroy [-f]\n" "\tstash [-f keyfile]\n" @@ -2811,7 +2835,7 @@ msgid "" "\tlist_mkeys\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:98 +#: ../../src/kadmin/dbutil/kdb5_util.c:99 #, c-format msgid "" "\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n" @@ -2823,116 +2847,108 @@ msgid "" "\t\t\tLook at each database documentation for supported arguments\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:214 +#: ../../src/kadmin/dbutil/kdb5_util.c:215 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:260 msgid "while initializing Kerberos code" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:220 +#: ../../src/kadmin/dbutil/kdb5_util.c:221 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:267 msgid "while creating sub-command arguments" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:238 +#: ../../src/kadmin/dbutil/kdb5_util.c:239 msgid "while parsing command arguments" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:262 +#: ../../src/kadmin/dbutil/kdb5_util.c:245 +#: ../../src/kadmin/dbutil/kdb5_util.c:252 +msgid "while parsing command arguments\n" +msgstr "" + +#: ../../src/kadmin/dbutil/kdb5_util.c:263 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:291 msgid "while setting default realm name" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:267 +#: ../../src/kadmin/dbutil/kdb5_util.c:268 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:298 #, c-format msgid ": %s is an invalid enctype" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:275 +#: ../../src/kadmin/dbutil/kdb5_util.c:276 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:307 #, c-format msgid ": %s is an invalid mkeyVNO" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:320 +#: ../../src/kadmin/dbutil/kdb5_util.c:321 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:431 msgid "while retreiving configuration parameters" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:373 -msgid "Too few arguments" -msgstr "" - -#: ../../src/kadmin/dbutil/kdb5_util.c:374 -#, c-format -msgid "Usage: %s dbpathname realmname" -msgstr "" - -#: ../../src/kadmin/dbutil/kdb5_util.c:380 -msgid "while closing previous database" -msgstr "" - -#: ../../src/kadmin/dbutil/kdb5_util.c:418 +#: ../../src/kadmin/dbutil/kdb5_util.c:381 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:883 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1491 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:564 msgid "while initializing database" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:435 +#: ../../src/kadmin/dbutil/kdb5_util.c:398 msgid "while retrieving master entry" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:454 +#: ../../src/kadmin/dbutil/kdb5_util.c:417 msgid "while calculated master key salt" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:486 +#: ../../src/kadmin/dbutil/kdb5_util.c:449 msgid "Warning: proceeding without master key" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:504 +#: ../../src/kadmin/dbutil/kdb5_util.c:467 msgid "while seeding random number generator" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:514 +#: ../../src/kadmin/dbutil/kdb5_util.c:477 #, c-format msgid "%s: Could not map log\n" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:543 +#: ../../src/kadmin/dbutil/kdb5_util.c:506 msgid "while closing database" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:590 +#: ../../src/kadmin/dbutil/kdb5_util.c:553 #, c-format msgid "while fetching principal %s" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:613 +#: ../../src/kadmin/dbutil/kdb5_util.c:576 msgid "while finding mkey" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:638 +#: ../../src/kadmin/dbutil/kdb5_util.c:601 msgid "while setting changetime" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:646 +#: ../../src/kadmin/dbutil/kdb5_util.c:609 #, c-format msgid "while saving principal %s" msgstr "" -#: ../../src/kadmin/dbutil/kdb5_util.c:650 +#: ../../src/kadmin/dbutil/kdb5_util.c:613 #, c-format msgid "%s changed\n" msgstr "" -#: ../../src/kadmin/dbutil/tabdump.c:576 +#: ../../src/kadmin/dbutil/tabdump.c:573 #, c-format msgid "opening %s for writing" msgstr "" -#: ../../src/kadmin/dbutil/tabdump.c:662 +#: ../../src/kadmin/dbutil/tabdump.c:659 msgid "performing tabular dump" msgstr "" @@ -2980,51 +2996,56 @@ msgstr "" msgid "%s: writing srvtabs is no longer supported\n" msgstr "" -#: ../../src/kadmin/ktutil/ktutil.c:177 +#: ../../src/kadmin/ktutil/ktutil.c:178 #, c-format msgid "" -"usage: %s (-key | -password) -p principal -k kvno -e enctype [-s salt]\n" +"usage: %s (-key | -password) -p principal -k kvno [-e enctype] [-f|-s salt]\n" msgstr "" -#: ../../src/kadmin/ktutil/ktutil.c:185 +#: ../../src/kadmin/ktutil/ktutil.c:183 +#, c-format +msgid "enctype must be specified if not using -f\n" +msgstr "" + +#: ../../src/kadmin/ktutil/ktutil.c:190 msgid "while adding new entry" msgstr "" -#: ../../src/kadmin/ktutil/ktutil.c:195 +#: ../../src/kadmin/ktutil/ktutil.c:200 #, c-format msgid "%s: must specify entry to delete\n" msgstr "" -#: ../../src/kadmin/ktutil/ktutil.c:200 +#: ../../src/kadmin/ktutil/ktutil.c:205 #, c-format msgid "while deleting entry %d" msgstr "" -#: ../../src/kadmin/ktutil/ktutil.c:228 +#: ../../src/kadmin/ktutil/ktutil.c:233 #, c-format msgid "%s: usage: %s [-t] [-k] [-e]\n" msgstr "" -#: ../../src/kadmin/ktutil/ktutil.c:268 +#: ../../src/kadmin/ktutil/ktutil.c:272 msgid "While converting enctype to string" msgstr "" -#: ../../src/kadmin/ktutil/ktutil_funcs.c:163 +#: ../../src/kadmin/ktutil/ktutil_funcs.c:196 #, c-format msgid "Password for %.1000s" msgstr "" -#: ../../src/kadmin/ktutil/ktutil_funcs.c:185 +#: ../../src/kadmin/ktutil/ktutil_funcs.c:214 #, c-format msgid "Key for %s (hex): " msgstr "" -#: ../../src/kadmin/ktutil/ktutil_funcs.c:197 +#: ../../src/kadmin/ktutil/ktutil_funcs.c:226 #, c-format msgid "addent: Error reading key.\n" msgstr "" -#: ../../src/kadmin/ktutil/ktutil_funcs.c:212 +#: ../../src/kadmin/ktutil/ktutil_funcs.c:234 #, c-format msgid "addent: Illegal character in key.\n" msgstr "" @@ -3181,7 +3202,7 @@ msgstr "" msgid "gss_to_krb5_name: failed display_name status %d" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:87 +#: ../../src/kadmin/server/ovsec_kadmd.c:86 #, c-format msgid "" "Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] [-port port-number]\n" @@ -3193,85 +3214,89 @@ msgid "" "\t\t\tLook at each database documentation for supported arguments\n" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:112 +#: ../../src/kadmin/server/ovsec_kadmd.c:110 #, c-format msgid "%s: %s while %s, aborting\n" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:114 +#: ../../src/kadmin/server/ovsec_kadmd.c:112 #, c-format msgid "%s while %s, aborting\n" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:116 +#: ../../src/kadmin/server/ovsec_kadmd.c:114 #, c-format msgid "%s: %s, aborting\n" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:117 +#: ../../src/kadmin/server/ovsec_kadmd.c:115 #, c-format msgid "%s, aborting" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:286 +#: ../../src/kadmin/server/ovsec_kadmd.c:282 #, c-format msgid "" "WARNING! Forged/garbled request: %s, claimed client = %.*s%s, server = %.*s" "%s, addr = %s" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:292 +#: ../../src/kadmin/server/ovsec_kadmd.c:288 #, c-format msgid "" "WARNING! Forged/garbled request: %d, claimed client = %.*s%s, server = %.*s" "%s, addr = %s" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:306 +#: ../../src/kadmin/server/ovsec_kadmd.c:302 #, c-format msgid "Miscellaneous RPC error: %s, %s" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:322 +#: ../../src/kadmin/server/ovsec_kadmd.c:318 #, c-format msgid "%s Cannot decode status %d" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:340 +#: ../../src/kadmin/server/ovsec_kadmd.c:336 #, c-format msgid "Authentication attempt failed: %s, GSS-API error strings are:" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:345 +#: ../../src/kadmin/server/ovsec_kadmd.c:341 msgid " GSS-API error strings complete." msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:383 +#: ../../src/kadmin/server/ovsec_kadmd.c:379 #, c-format msgid "%s: cannot initialize. Not enough memory\n" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:455 +#: ../../src/kadmin/server/ovsec_kadmd.c:451 #, c-format msgid "%s: %s while initializing context, aborting\n" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:466 +#: ../../src/kadmin/server/ovsec_kadmd.c:462 msgid "initializing" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:470 +#: ../../src/kadmin/server/ovsec_kadmd.c:466 msgid "getting config parameters" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:472 +#: ../../src/kadmin/server/ovsec_kadmd.c:468 msgid "Missing required realm configuration" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:474 +#: ../../src/kadmin/server/ovsec_kadmd.c:470 msgid "Missing required ACL file configuration" msgstr "" +#: ../../src/kadmin/server/ovsec_kadmd.c:472 +msgid "-proponly can only be used when iprop_enable is true" +msgstr "" + #: ../../src/kadmin/server/ovsec_kadmd.c:478 msgid "initializing network" msgstr "" @@ -3325,7 +3350,7 @@ msgstr "" msgid "starting" msgstr "" -#: ../../src/kadmin/server/ovsec_kadmd.c:546 ../../src/kdc/main.c:1069 +#: ../../src/kadmin/server/ovsec_kadmd.c:546 ../../src/kdc/main.c:1047 #, c-format msgid "%s: starting...\n" msgstr "" @@ -3344,7 +3369,7 @@ msgstr "" msgid "chpw request from %s for %.*s%s: %s" msgstr "" -#: ../../src/kadmin/server/schpw.c:444 +#: ../../src/kadmin/server/schpw.c:446 #, c-format msgid "chpw: Couldn't open admin keytab %s" msgstr "" @@ -3392,11 +3417,11 @@ msgstr "" msgid "AS_REQ : handle_authdata (%d)" msgstr "" -#: ../../src/kdc/do_tgs_req.c:659 +#: ../../src/kdc/do_tgs_req.c:643 msgid "not checking transit path" msgstr "" -#: ../../src/kdc/do_tgs_req.c:682 +#: ../../src/kdc/do_tgs_req.c:666 #, c-format msgid "TGS_REQ : handle_authdata (%d)" msgstr "" @@ -3455,56 +3480,56 @@ msgstr "" msgid "AS_REQ (%s) %s: %s: %s for %s%s%s" msgstr "" -#: ../../src/kdc/kdc_log.c:162 +#: ../../src/kdc/kdc_log.c:154 #, c-format msgid "TGS_REQ (%s) %s: %s: authtime %u, %s%s %s for %s%s%s" msgstr "" -#: ../../src/kdc/kdc_log.c:169 +#: ../../src/kdc/kdc_log.c:161 #, c-format msgid "... PROTOCOL-TRANSITION s4u-client=%s" msgstr "" -#: ../../src/kdc/kdc_log.c:173 +#: ../../src/kdc/kdc_log.c:165 #, c-format msgid "... CONSTRAINED-DELEGATION s4u-client=%s" msgstr "" -#: ../../src/kdc/kdc_log.c:177 +#: ../../src/kdc/kdc_log.c:169 #, c-format msgid "TGS_REQ %s: %s: authtime %u, %s for %s, 2nd tkt client %s" msgstr "" -#: ../../src/kdc/kdc_log.c:211 +#: ../../src/kdc/kdc_log.c:203 #, c-format msgid "bad realm transit path from '%s' to '%s' via '%.*s%s'" msgstr "" -#: ../../src/kdc/kdc_log.c:217 +#: ../../src/kdc/kdc_log.c:209 #, c-format msgid "unexpected error checking transit from '%s' to '%s' via '%.*s%s': %s" msgstr "" -#: ../../src/kdc/kdc_log.c:235 +#: ../../src/kdc/kdc_log.c:227 msgid "TGS_REQ: issuing alternate <un-unparseable> TGT" msgstr "" -#: ../../src/kdc/kdc_log.c:238 +#: ../../src/kdc/kdc_log.c:230 #, c-format msgid "TGS_REQ: issuing TGT %s" msgstr "" -#: ../../src/kdc/kdc_preauth.c:310 +#: ../../src/kdc/kdc_preauth.c:215 #, c-format msgid "preauth %s failed to initialize: %s" msgstr "" -#: ../../src/kdc/kdc_preauth.c:321 +#: ../../src/kdc/kdc_preauth.c:226 #, c-format msgid "preauth %s failed to setup loop: %s" msgstr "" -#: ../../src/kdc/kdc_preauth.c:804 +#: ../../src/kdc/kdc_preauth.c:914 #, c-format msgid "%spreauth required but hint list is empty" msgstr "" @@ -3535,71 +3560,71 @@ msgstr "" msgid "Required auth indicators not present in ticket: %s" msgstr "" -#: ../../src/kdc/main.c:234 +#: ../../src/kdc/main.c:230 #, c-format msgid "while getting context for realm %s" msgstr "" -#: ../../src/kdc/main.c:342 +#: ../../src/kdc/main.c:338 #, c-format msgid "while setting default realm to %s" msgstr "" -#: ../../src/kdc/main.c:350 +#: ../../src/kdc/main.c:346 #, c-format msgid "while initializing database for realm %s" msgstr "" -#: ../../src/kdc/main.c:359 +#: ../../src/kdc/main.c:355 #, c-format msgid "while setting up master key name %s for realm %s" msgstr "" -#: ../../src/kdc/main.c:372 +#: ../../src/kdc/main.c:368 #, c-format msgid "while fetching master key %s for realm %s" msgstr "" -#: ../../src/kdc/main.c:380 +#: ../../src/kdc/main.c:376 #, c-format msgid "while fetching master keys list for realm %s" msgstr "" -#: ../../src/kdc/main.c:389 +#: ../../src/kdc/main.c:385 #, c-format msgid "while resolving kdb keytab for realm %s" msgstr "" -#: ../../src/kdc/main.c:398 +#: ../../src/kdc/main.c:394 #, c-format msgid "while building TGS name for realm %s" msgstr "" -#: ../../src/kdc/main.c:516 +#: ../../src/kdc/main.c:512 #, c-format msgid "creating %d worker processes" msgstr "" -#: ../../src/kdc/main.c:526 +#: ../../src/kdc/main.c:522 msgid "Unable to reinitialize main loop" msgstr "" -#: ../../src/kdc/main.c:531 +#: ../../src/kdc/main.c:527 #, c-format msgid "Unable to initialize signal handlers in pid %d" msgstr "" -#: ../../src/kdc/main.c:561 +#: ../../src/kdc/main.c:557 #, c-format msgid "worker %ld exited with status %d" msgstr "" -#: ../../src/kdc/main.c:585 +#: ../../src/kdc/main.c:581 #, c-format msgid "signal %d received in supervisor" msgstr "" -#: ../../src/kdc/main.c:604 +#: ../../src/kdc/main.c:593 #, c-format msgid "" "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n" @@ -3613,90 +3638,86 @@ msgid "" "arguments\n" msgstr "" -#: ../../src/kdc/main.c:679 ../../src/kdc/main.c:686 ../../src/kdc/main.c:800 +#: ../../src/kdc/main.c:668 ../../src/kdc/main.c:675 ../../src/kdc/main.c:790 #, c-format msgid " KDC cannot initialize. Not enough memory\n" msgstr "" -#: ../../src/kdc/main.c:705 ../../src/kdc/main.c:748 ../../src/kdc/main.c:759 +#: ../../src/kdc/main.c:694 ../../src/kdc/main.c:737 ../../src/kdc/main.c:748 #, c-format msgid "%s: KDC cannot initialize. Not enough memory\n" msgstr "" -#: ../../src/kdc/main.c:725 ../../src/kdc/main.c:842 +#: ../../src/kdc/main.c:714 ../../src/kdc/main.c:827 #, c-format msgid "%s: cannot initialize realm %s - see log file for details\n" msgstr "" -#: ../../src/kdc/main.c:736 +#: ../../src/kdc/main.c:725 #, c-format msgid "%s: cannot initialize realm %s. Not enough memory\n" msgstr "" -#: ../../src/kdc/main.c:787 +#: ../../src/kdc/main.c:776 #, c-format msgid "invalid enctype %s" msgstr "" -#: ../../src/kdc/main.c:830 +#: ../../src/kdc/main.c:815 msgid "while attempting to retrieve default realm" msgstr "" -#: ../../src/kdc/main.c:832 +#: ../../src/kdc/main.c:817 #, c-format msgid "%s: %s, attempting to retrieve default realm\n" msgstr "" -#: ../../src/kdc/main.c:940 +#: ../../src/kdc/main.c:925 #, c-format msgid "%s: cannot get memory for realm list\n" msgstr "" -#: ../../src/kdc/main.c:975 +#: ../../src/kdc/main.c:960 msgid "while initializing lookaside cache" msgstr "" -#: ../../src/kdc/main.c:983 +#: ../../src/kdc/main.c:968 msgid "while creating main loop" msgstr "" -#: ../../src/kdc/main.c:992 +#: ../../src/kdc/main.c:977 msgid "while loading KDC policy plugin" msgstr "" -#: ../../src/kdc/main.c:999 -msgid "while initializing SAM" -msgstr "" - -#: ../../src/kdc/main.c:1024 +#: ../../src/kdc/main.c:1002 msgid "while initializing signal handlers" msgstr "" -#: ../../src/kdc/main.c:1032 +#: ../../src/kdc/main.c:1010 msgid "while initializing network" msgstr "" -#: ../../src/kdc/main.c:1037 +#: ../../src/kdc/main.c:1015 msgid "while detaching from tty" msgstr "" -#: ../../src/kdc/main.c:1044 +#: ../../src/kdc/main.c:1022 msgid "while creating PID file" msgstr "" -#: ../../src/kdc/main.c:1053 +#: ../../src/kdc/main.c:1031 msgid "creating worker processes" msgstr "" -#: ../../src/kdc/main.c:1063 +#: ../../src/kdc/main.c:1041 msgid "while loading audit plugin module(s)" msgstr "" -#: ../../src/kdc/main.c:1067 +#: ../../src/kdc/main.c:1045 msgid "commencing operation" msgstr "" -#: ../../src/kdc/main.c:1075 +#: ../../src/kdc/main.c:1053 msgid "shutting down" msgstr "" @@ -3705,6 +3726,978 @@ msgstr "" msgid "while loading policy module %s" msgstr "" +#: ../../src/kprop/kprop.c:85 +#, c-format +msgid "" +"\n" +"Usage: %s [-r realm] [-f file] [-d] [-P port] [-s srvtab] replica_host\n" +"\n" +msgstr "" + +#: ../../src/kprop/kprop.c:114 +#, c-format +msgid "Database propagation to %s: SUCCEEDED\n" +msgstr "" + +#: ../../src/kprop/kprop.c:175 +msgid "while setting client principal name" +msgstr "" + +#: ../../src/kprop/kprop.c:184 +msgid "while setting server principal name" +msgstr "" + +#: ../../src/kprop/kprop.c:197 +msgid "while resolving keytab" +msgstr "" + +#: ../../src/kprop/kprop.c:205 +msgid "while getting initial credentials\n" +msgstr "" + +#: ../../src/kprop/kprop.c:241 +msgid "while creating socket" +msgstr "" + +#: ../../src/kprop/kprop.c:257 +msgid "while converting server address" +msgstr "" + +#: ../../src/kprop/kprop.c:267 +msgid "while connecting to server" +msgstr "" + +#: ../../src/kprop/kprop.c:274 ../../src/kprop/kpropd.c:1199 +msgid "while getting local socket address" +msgstr "" + +#: ../../src/kprop/kprop.c:279 +msgid "while converting local address" +msgstr "" + +#: ../../src/kprop/kprop.c:302 +msgid "in krb5_auth_con_setaddrs" +msgstr "" + +#: ../../src/kprop/kprop.c:310 +msgid "while authenticating to server" +msgstr "" + +#: ../../src/kprop/kprop.c:314 ../../src/kprop/kprop.c:513 +#: ../../src/kprop/kpropd.c:1505 +#, c-format +msgid "Generic remote error: %s\n" +msgstr "" + +#: ../../src/kprop/kprop.c:320 ../../src/kprop/kprop.c:519 +msgid "signalled from server" +msgstr "" + +#: ../../src/kprop/kprop.c:322 ../../src/kprop/kprop.c:521 +#, c-format +msgid "Error text from server: %s\n" +msgstr "" + +#: ../../src/kprop/kprop.c:350 +#, c-format +msgid "allocating database file name '%s'" +msgstr "" + +#: ../../src/kprop/kprop.c:356 +#, c-format +msgid "while trying to open %s" +msgstr "" + +#: ../../src/kprop/kprop.c:363 +msgid "database locked" +msgstr "" + +#: ../../src/kprop/kprop.c:366 ../../src/kprop/kpropd.c:552 +#, c-format +msgid "while trying to lock '%s'" +msgstr "" + +#: ../../src/kprop/kprop.c:370 ../../src/kprop/kprop.c:378 +#, c-format +msgid "while trying to stat %s" +msgstr "" + +#: ../../src/kprop/kprop.c:374 +msgid "while trying to malloc data_ok_fn" +msgstr "" + +#: ../../src/kprop/kprop.c:383 +#, c-format +msgid "'%s' more recent than '%s'." +msgstr "" + +#: ../../src/kprop/kprop.c:399 +#, c-format +msgid "while unlocking database '%s'" +msgstr "" + +#: ../../src/kprop/kprop.c:432 ../../src/kprop/kprop.c:433 +msgid "while encoding database size" +msgstr "" + +#: ../../src/kprop/kprop.c:441 +msgid "while sending database size" +msgstr "" + +#: ../../src/kprop/kprop.c:451 +msgid "while allocating i_vector" +msgstr "" + +#: ../../src/kprop/kprop.c:474 +#, c-format +msgid "while sending database block starting at %d" +msgstr "" + +#: ../../src/kprop/kprop.c:484 +msgid "Premature EOF found for database file!" +msgstr "" + +#: ../../src/kprop/kprop.c:497 +msgid "while reading response from server" +msgstr "" + +#: ../../src/kprop/kprop.c:508 +msgid "while decoding error response from server" +msgstr "" + +#: ../../src/kprop/kprop.c:539 +#, c-format +msgid "Kpropd sent database size %d, expecting %d" +msgstr "" + +#: ../../src/kprop/kprop.c:584 +msgid "while allocating filename for update_last_prop_file" +msgstr "" + +#: ../../src/kprop/kprop.c:589 +#, c-format +msgid "while creating 'last_prop' file, '%s'" +msgstr "" + +#: ../../src/kprop/kpropd.c:171 +#, c-format +msgid "" +"\n" +"Usage: %s [-r realm] [-s srvtab] [-dS] [-f replica_file]\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:173 +#, c-format +msgid "\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:174 +#, c-format +msgid "\t[-x db_args]* [-P port] [-a acl_file]\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:175 +#, c-format +msgid "\t[-A admin_server] [--pid-file=pid_file]\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:231 +#, c-format +msgid "Killing fullprop child (%d)\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:260 +msgid "while checking if stdin is a socket" +msgstr "" + +#: ../../src/kprop/kpropd.c:278 +#, c-format +msgid "ready\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:284 +#, c-format +msgid "Could not write pid file %s: %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:296 +#, c-format +msgid "Could not open /dev/null: %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:303 +#, c-format +msgid "Could not dup the inetd socket: %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:338 ../../src/kprop/kpropd.c:351 +msgid "do_iprop failed.\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:390 +#, c-format +msgid "getaddrinfo: %s\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:396 +msgid "while obtaining socket" +msgstr "" + +#: ../../src/kprop/kpropd.c:402 +msgid "while setting SO_REUSEADDR option" +msgstr "" + +#: ../../src/kprop/kpropd.c:410 +msgid "while unsetting IPV6_V6ONLY option" +msgstr "" + +#: ../../src/kprop/kpropd.c:415 +msgid "while binding listener socket" +msgstr "" + +#: ../../src/kprop/kpropd.c:426 +#, c-format +msgid "waiting for a kprop connection\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:432 +msgid "while accepting connection" +msgstr "" + +#: ../../src/kprop/kpropd.c:438 +msgid "while forking" +msgstr "" + +#: ../../src/kprop/kpropd.c:453 +#, c-format +msgid "waitpid() failed to wait for doit() (%d %s)\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:457 +msgid "while waiting to receive database" +msgstr "" + +#: ../../src/kprop/kpropd.c:461 +#, c-format +msgid "Database load process for full propagation completed.\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:499 +#, c-format +msgid "" +"%s: Standard input does not appear to be a network socket.\n" +"\t(Not run from inetd, and missing the -S option?)\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:512 +msgid "while attempting setsockopt (SO_KEEPALIVE)" +msgstr "" + +#: ../../src/kprop/kpropd.c:517 +#, c-format +msgid "Connection from %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:537 +#, c-format +msgid "Rejected connection from unauthorized principal %s\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:541 +#, c-format +msgid "Rejected connection from unauthorized principal %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:558 +#, c-format +msgid "while opening database file, '%s'" +msgstr "" + +#: ../../src/kprop/kpropd.c:564 +#, c-format +msgid "while renaming %s to %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:570 +#, c-format +msgid "while downgrading lock on '%s'" +msgstr "" + +#: ../../src/kprop/kpropd.c:577 +#, c-format +msgid "while unlocking '%s'" +msgstr "" + +#: ../../src/kprop/kpropd.c:589 +msgid "while sending # of received bytes" +msgstr "" + +#: ../../src/kprop/kpropd.c:595 +msgid "while trying to close database file" +msgstr "" + +#: ../../src/kprop/kpropd.c:650 +#, c-format +msgid "Incremental propagation enabled\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:661 +#, c-format +msgid "%s: unable to get kiprop host based service name for realm %s\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:672 +msgid "while trying to construct host service principal" +msgstr "" + +#: ../../src/kprop/kpropd.c:691 +#, c-format +msgid "Initializing kadm5 as client %s\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:705 +#, c-format +msgid "kadm5 initialization failed!\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:714 +msgid "while attempting to connect to master KDC ... retrying" +msgstr "" + +#: ../../src/kprop/kpropd.c:718 +#, c-format +msgid "Sleeping %d seconds to re-initialize kadm5 (RPC ERROR)\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:734 +#, c-format +msgid "while initializing %s interface, retrying" +msgstr "" + +#: ../../src/kprop/kpropd.c:738 +#, c-format +msgid "Sleeping %d seconds to re-initialize kadm5 (krb5kdc not running?)\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:748 +#, c-format +msgid "kadm5 initialization succeeded\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:770 +msgid "reading update log header" +msgstr "" + +#: ../../src/kprop/kpropd.c:781 +#, c-format +msgid "Calling iprop_get_updates_1 (sno=%u sec=%u usec=%u)\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:791 +msgid "iprop_get_updates call failed" +msgstr "" + +#: ../../src/kprop/kpropd.c:797 +#, c-format +msgid "Reinitializing iprop because get updates failed\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:818 +#, c-format +msgid "Still waiting for full resync\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:823 +#, c-format +msgid "Full resync needed\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:824 +msgid "kpropd: Full resync needed." +msgstr "" + +#: ../../src/kprop/kpropd.c:829 +msgid "iprop_full_resync call failed" +msgstr "" + +#: ../../src/kprop/kpropd.c:840 +#, c-format +msgid "Full resync request granted\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:841 +msgid "Full resync request granted." +msgstr "" + +#: ../../src/kprop/kpropd.c:850 +#, c-format +msgid "Exponential backoff\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:856 +#, c-format +msgid "Full resync permission denied\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:857 +msgid "Full resync, permission denied." +msgstr "" + +#: ../../src/kprop/kpropd.c:862 +#, c-format +msgid "Full resync error from master\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:863 +msgid " Full resync, error returned from master KDC." +msgstr "" + +#: ../../src/kprop/kpropd.c:871 +#, c-format +msgid "Full resync invalid result from master\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:873 +msgid "Full resync, invalid return from master KDC." +msgstr "" + +#: ../../src/kprop/kpropd.c:889 +#, c-format +msgid "Got incremental updates (sno=%u sec=%u usec=%u)\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:901 +#, c-format +msgid "ulog_replay failed (%s), updates not registered\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:904 +#, c-format +msgid "ulog_replay failed (%s), updates not registered." +msgstr "" + +#: ../../src/kprop/kpropd.c:913 +#, c-format +msgid "Incremental updates: %d updates / %lu us" +msgstr "" + +#: ../../src/kprop/kpropd.c:916 +#, c-format +msgid "Incremental updates: %d updates / %lu us\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:924 +#, c-format +msgid "get_updates permission denied\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:925 +msgid "get_updates, permission denied." +msgstr "" + +#: ../../src/kprop/kpropd.c:930 +#, c-format +msgid "get_updates error from master\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:931 +msgid "get_updates, error returned from master KDC." +msgstr "" + +#: ../../src/kprop/kpropd.c:939 +#, c-format +msgid "get_updates master busy; backoff\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:948 +#, c-format +msgid "KDC is synchronized with master.\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:956 +#, c-format +msgid "get_updates invalid result from master\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:957 +msgid "get_updates, invalid return from master KDC." +msgstr "" + +#: ../../src/kprop/kpropd.c:972 +#, c-format +msgid "Busy signal received from master, backoff for %d secs\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:979 +#, c-format +msgid "Waiting for %d seconds before checking for updates again\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:990 +#, c-format +msgid "ERROR returned by master, bailing\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:991 +msgid "ERROR returned by master KDC, bailing.\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:1108 +msgid "copying db args" +msgstr "" + +#: ../../src/kprop/kpropd.c:1133 +msgid "Unable to get default realm" +msgstr "" + +#: ../../src/kprop/kpropd.c:1140 +msgid "Unable to set default realm" +msgstr "" + +#: ../../src/kprop/kpropd.c:1150 +msgid "while trying to construct my service name" +msgstr "" + +#: ../../src/kprop/kpropd.c:1157 +msgid "while allocating filename for temp file" +msgstr "" + +#: ../../src/kprop/kpropd.c:1165 +msgid "while initializing" +msgstr "" + +#: ../../src/kprop/kpropd.c:1173 +msgid "Unable to map log!\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:1219 +#, c-format +msgid "Error in krb5_auth_con_ini: %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:1227 +#, c-format +msgid "Error in krb5_auth_con_setflags: %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:1235 +#, c-format +msgid "Error in krb5_auth_con_setaddrs: %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:1243 +#, c-format +msgid "Error in krb5_kt_resolve: %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:1252 +#, c-format +msgid "Error in krb5_recvauth: %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:1259 +#, c-format +msgid "Error in krb5_copy_prinicpal: %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:1275 +msgid "while unparsing ticket etype" +msgstr "" + +#: ../../src/kprop/kpropd.c:1279 +#, c-format +msgid "authenticated client: %s (etype == %s)\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:1358 +msgid "while reading size of database from client" +msgstr "" + +#: ../../src/kprop/kpropd.c:1368 +msgid "while decoding database size from client" +msgstr "" + +#: ../../src/kprop/kpropd.c:1381 +msgid "while initializing i_vector" +msgstr "" + +#: ../../src/kprop/kpropd.c:1386 +#, c-format +msgid "Full propagation transfer started.\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:1439 +#, c-format +msgid "Full propagation transfer finished.\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:1500 +msgid "while decoding error packet from client" +msgstr "" + +#: ../../src/kprop/kpropd.c:1509 +msgid "signaled from server" +msgstr "" + +#: ../../src/kprop/kpropd.c:1511 +#, c-format +msgid "Error text from client: %s\n" +msgstr "" + +#: ../../src/kprop/kpropd.c:1560 +#, c-format +msgid "while trying to fork %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:1564 +#, c-format +msgid "while trying to exec %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:1571 +#, c-format +msgid "while waiting for %s" +msgstr "" + +#: ../../src/kprop/kpropd.c:1577 +#, c-format +msgid "%s load terminated" +msgstr "" + +#: ../../src/kprop/kpropd.c:1583 +#, c-format +msgid "%s returned a bad exit status (%d)" +msgstr "" + +#: ../../src/kprop/kproplog.c:28 +#, c-format +msgid "" +"\n" +"Usage: %s [-h] [-v] [-v] [-e num]\n" +"\t%s -R\n" +"\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:132 +#, c-format +msgid "" +"\n" +"Couldn't allocate memory" +msgstr "" + +#: ../../src/kprop/kproplog.c:226 +#, c-format +msgid "\t\tAttribute flags\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:231 +#, c-format +msgid "\t\tMaximum ticket life\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:236 +#, c-format +msgid "\t\tMaximum renewable life\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:241 +#, c-format +msgid "\t\tPrincipal expiration\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:246 +#, c-format +msgid "\t\tPassword expiration\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:251 +#, c-format +msgid "\t\tLast successful auth\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:256 +#, c-format +msgid "\t\tLast failed auth\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:261 +#, c-format +msgid "\t\tFailed passwd attempt\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:266 +#, c-format +msgid "\t\tPrincipal\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:271 +#, c-format +msgid "\t\tKey data\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:278 +#, c-format +msgid "\t\tTL data\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:285 +#, c-format +msgid "\t\tLength\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:290 +#, c-format +msgid "\t\tPassword last changed\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:295 +#, c-format +msgid "\t\tModifying principal\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:300 +#, c-format +msgid "\t\tModification time\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:305 +#, c-format +msgid "\t\tModified where\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:310 +#, c-format +msgid "\t\tPassword policy\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:315 +#, c-format +msgid "\t\tPassword policy switch\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:320 +#, c-format +msgid "\t\tPassword history KVNO\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:325 +#, c-format +msgid "\t\tPassword history\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:359 +#, c-format +msgid "" +"Corrupt update entry\n" +"\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:364 +#, c-format +msgid "Update Entry\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:366 +#, c-format +msgid "\tUpdate serial # : %u\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:370 +#, c-format +msgid "\tDummy entry\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:378 +#, c-format +msgid "" +"Entry data decode failure\n" +"\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:382 +#, c-format +msgid "\tUpdate operation : " +msgstr "" + +#: ../../src/kprop/kproplog.c:384 +#, c-format +msgid "Delete\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:386 +#, c-format +msgid "Add\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:390 +#, c-format +msgid "" +"Could not allocate principal name\n" +"\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:396 +#, c-format +msgid "\tUpdate principal : %s\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:398 +#, c-format +msgid "\tUpdate size : %u\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:399 +#, c-format +msgid "\tUpdate committed : %s\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:403 +#, c-format +msgid "\tUpdate time stamp : None\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:405 +#, c-format +msgid "\tUpdate time stamp : %s" +msgstr "" + +#: ../../src/kprop/kproplog.c:409 +#, c-format +msgid "\tAttributes changed : %d\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:474 +#, c-format +msgid "" +"Unable to initialize Kerberos\n" +"\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:481 +#, c-format +msgid "" +"Couldn't read database_name\n" +"\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:485 +#, c-format +msgid "" +"\n" +"Kerberos update log (%s)\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:489 ../../src/kprop/kproplog.c:505 +#, c-format +msgid "" +"Unable to map log file %s\n" +"\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:494 +#, c-format +msgid "" +"Couldn't reinitialize ulog file %s\n" +"\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:498 +#, c-format +msgid "Reinitialized the ulog.\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:511 +#, c-format +msgid "" +"Corrupt header log, exiting\n" +"\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:515 +#, c-format +msgid "Update log dump :\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:516 +#, c-format +msgid "\tLog version # : %u\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:517 +#, c-format +msgid "\tLog state : " +msgstr "" + +#: ../../src/kprop/kproplog.c:520 +#, c-format +msgid "Stable\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:523 +#, c-format +msgid "Unstable\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:526 +#, c-format +msgid "Corrupt\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:529 +#, c-format +msgid "Unknown state: %d\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:532 +#, c-format +msgid "\tEntry block size : %u\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:533 +#, c-format +msgid "\tNumber of entries : %u\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:536 +#, c-format +msgid "\tLast serial # : None\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:539 +#, c-format +msgid "\tFirst serial # : None\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:541 +#, c-format +msgid "\tFirst serial # : " +msgstr "" + +#: ../../src/kprop/kproplog.c:545 +#, c-format +msgid "\tLast serial # : " +msgstr "" + +#: ../../src/kprop/kproplog.c:550 +#, c-format +msgid "\tLast time stamp : None\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:553 +#, c-format +msgid "\tFirst time stamp : None\n" +msgstr "" + +#: ../../src/kprop/kproplog.c:555 +#, c-format +msgid "\tFirst time stamp : %s" +msgstr "" + +#: ../../src/kprop/kproplog.c:559 +#, c-format +msgid "\tLast time stamp : %s\n" +msgstr "" + #: ../../src/lib/apputils/net-server.c:221 msgid "Got signal to request exit" msgstr "" @@ -3888,53 +4881,43 @@ msgstr "" msgid "while receiving from network" msgstr "" -#: ../../src/lib/apputils/net-server.c:1070 -#, c-format -msgid "pktinfo says local addr is %s" -msgstr "" - -#: ../../src/lib/apputils/net-server.c:1108 +#: ../../src/lib/apputils/net-server.c:1097 msgid "too many connections" msgstr "" -#: ../../src/lib/apputils/net-server.c:1131 +#: ../../src/lib/apputils/net-server.c:1115 #, c-format msgid "dropping %s fd %d from %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:1205 +#: ../../src/lib/apputils/net-server.c:1185 #, c-format msgid "allocating buffer for new TCP session from %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:1237 +#: ../../src/lib/apputils/net-server.c:1217 msgid "while dispatching (tcp)" msgstr "" -#: ../../src/lib/apputils/net-server.c:1269 +#: ../../src/lib/apputils/net-server.c:1249 msgid "error allocating tcp dispatch private!" msgstr "" -#: ../../src/lib/apputils/net-server.c:1316 +#: ../../src/lib/apputils/net-server.c:1296 #, c-format msgid "TCP client %s wants %lu bytes, cap is %lu" msgstr "" -#: ../../src/lib/apputils/net-server.c:1324 +#: ../../src/lib/apputils/net-server.c:1304 #, c-format msgid "error constructing KRB_ERR_FIELD_TOOLONG error! %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:1363 +#: ../../src/lib/apputils/net-server.c:1343 #, c-format msgid "getsockname failed: %s" msgstr "" -#: ../../src/lib/apputils/net-server.c:1507 -#, c-format -msgid "accepted RPC connection on socket %d from %s" -msgstr "" - #: ../../src/lib/crypto/krb/prng_fortuna.c:428 msgid "Random number generator could not be seeded" msgstr "" @@ -4206,7 +5189,7 @@ msgstr "" msgid "debug" msgstr "" -#: ../../src/lib/kadm5/logger.c:926 +#: ../../src/lib/kadm5/logger.c:784 #, c-format msgid "Couldn't open log file %s: %s\n" msgstr "" @@ -4312,11 +5295,11 @@ msgstr "" msgid "Unable to decrypt latest master key with the provided master key\n" msgstr "" -#: ../../src/lib/kdb/kdb_log.c:70 +#: ../../src/lib/kdb/kdb_log.c:87 msgid "could not sync ulog update to disk" msgstr "" -#: ../../src/lib/kdb/kdb_log.c:84 +#: ../../src/lib/kdb/kdb_log.c:101 msgid "could not sync ulog header to disk" msgstr "" @@ -4351,6 +5334,11 @@ msgid "" "collection" msgstr "" +#: ../../src/lib/krb5/ccache/cc_kcm.c:757 +#, c-format +msgid "Credentials cache 'KCM:%s' not found" +msgstr "" + #: ../../src/lib/krb5/ccache/cc_keyring.c:1151 msgid "" "Can't create new subsidiary cache because default cache is already a " @@ -4487,12 +5475,12 @@ msgstr "" msgid "Ticket modified in KDC reply" msgstr "" -#: ../../src/lib/krb5/krb/gc_via_tkt.c:208 +#: ../../src/lib/krb5/krb/gc_via_tkt.c:198 #, c-format msgid "KDC returned error string: %.*s" msgstr "" -#: ../../src/lib/krb5/krb/gc_via_tkt.c:217 +#: ../../src/lib/krb5/krb/gc_via_tkt.c:207 #, c-format msgid "Server %s not found in Kerberos database" msgstr "" @@ -4501,11 +5489,11 @@ msgstr "" msgid "Reply has wrong form of session key for anonymous request" msgstr "" -#: ../../src/lib/krb5/krb/get_in_tkt.c:1679 +#: ../../src/lib/krb5/krb/get_in_tkt.c:1704 msgid "Failed to store credentials" msgstr "" -#: ../../src/lib/krb5/krb/get_in_tkt.c:1768 +#: ../../src/lib/krb5/krb/get_in_tkt.c:1793 #, c-format msgid "Client '%s' not found in Kerberos database" msgstr "" @@ -4569,23 +5557,27 @@ msgstr "" msgid "Could not find %s plugin module named '%s'" msgstr "" -#: ../../src/lib/krb5/krb/preauth2.c:319 +#: ../../src/lib/krb5/krb/preauth2.c:309 msgid "krb5_init_creds calls must use same library context" msgstr "" -#: ../../src/lib/krb5/krb/preauth2.c:713 +#: ../../src/lib/krb5/krb/preauth2.c:717 msgid "Pre-authentication failed" msgstr "" -#: ../../src/lib/krb5/krb/preauth2.c:1094 +#: ../../src/lib/krb5/krb/preauth2.c:1098 msgid "Unable to initialize preauth context" msgstr "" -#: ../../src/lib/krb5/krb/preauth2.c:1107 +#: ../../src/lib/krb5/krb/preauth2.c:1111 #, c-format msgid "Preauth module %s" msgstr "" +#: ../../src/lib/krb5/krb/preauth_encts.c:71 +msgid "Encrypted timestamp is disabled" +msgstr "" + #: ../../src/lib/krb5/krb/preauth_otp.c:515 msgid "Please choose from the following:\n" msgstr "" @@ -4719,7 +5711,7 @@ msgid "" "decrypt ticket" msgstr "" -#: ../../src/lib/krb5/krb/rd_req_dec.c:898 +#: ../../src/lib/krb5/krb/rd_req_dec.c:871 #, c-format msgid "Encryption type %s not permitted" msgstr "" @@ -4738,12 +5730,12 @@ msgstr "" msgid "variable missing }" msgstr "" -#: ../../src/lib/krb5/os/locate_kdc.c:822 +#: ../../src/lib/krb5/os/locate_kdc.c:813 #, c-format msgid "Cannot find KDC for realm \"%.*s\"" msgstr "" -#: ../../src/lib/krb5/os/sendto_kdc.c:515 +#: ../../src/lib/krb5/os/sendto_kdc.c:519 #, c-format msgid "Cannot contact any KDC for realm '%.*s'" msgstr "" @@ -4760,44 +5752,44 @@ msgid "" "program with umask 077" msgstr "" -#: ../../src/lib/krb5/rcache/rc_io.c:144 +#: ../../src/lib/krb5/rcache/rc_io.c:140 #, c-format msgid "Cannot %s replay cache file %s: %s" msgstr "" -#: ../../src/lib/krb5/rcache/rc_io.c:149 +#: ../../src/lib/krb5/rcache/rc_io.c:145 #, c-format msgid "Cannot %s replay cache: %s" msgstr "" -#: ../../src/lib/krb5/rcache/rc_io.c:272 +#: ../../src/lib/krb5/rcache/rc_io.c:268 #, c-format msgid "Insecure file mode for replay cache file %s" msgstr "" -#: ../../src/lib/krb5/rcache/rc_io.c:278 +#: ../../src/lib/krb5/rcache/rc_io.c:274 #, c-format msgid "rcache not owned by %d" msgstr "" -#: ../../src/lib/krb5/rcache/rc_io.c:402 ../../src/lib/krb5/rcache/rc_io.c:406 -#: ../../src/lib/krb5/rcache/rc_io.c:411 +#: ../../src/lib/krb5/rcache/rc_io.c:398 ../../src/lib/krb5/rcache/rc_io.c:402 +#: ../../src/lib/krb5/rcache/rc_io.c:407 #, c-format msgid "Can't write to replay cache: %s" msgstr "" -#: ../../src/lib/krb5/rcache/rc_io.c:432 +#: ../../src/lib/krb5/rcache/rc_io.c:428 #, c-format msgid "Cannot sync replay cache file: %s" msgstr "" -#: ../../src/lib/krb5/rcache/rc_io.c:451 +#: ../../src/lib/krb5/rcache/rc_io.c:447 #, c-format msgid "Can't read from replay cache: %s" msgstr "" -#: ../../src/lib/krb5/rcache/rc_io.c:482 ../../src/lib/krb5/rcache/rc_io.c:488 -#: ../../src/lib/krb5/rcache/rc_io.c:493 +#: ../../src/lib/krb5/rcache/rc_io.c:478 ../../src/lib/krb5/rcache/rc_io.c:484 +#: ../../src/lib/krb5/rcache/rc_io.c:489 #, c-format msgid "Can't destroy replay cache: %s" msgstr "" @@ -5020,7 +6012,7 @@ msgstr "" msgid "** Database of '%s' destroyed.\n" msgstr "" -#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:78 +#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:79 msgid "ldap_service_password_file not configured" msgstr "" @@ -5029,7 +6021,7 @@ msgstr "" #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:139 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:145 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:173 -#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:252 +#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:243 msgid "while setting service object password" msgstr "" @@ -5053,28 +6045,28 @@ msgstr "" msgid "%s: Invalid password\n" msgstr "" -#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:195 +#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:189 msgid "Failed to convert the password to hexadecimal" msgstr "" -#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:208 +#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:199 #, c-format msgid "Failed to open file %s: %s" msgstr "" -#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:230 +#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:221 +#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:263 #: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:272 -#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:281 -#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:308 +#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:299 msgid "Failed to write service object password to file" msgstr "" -#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:236 -#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:293 +#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:227 +#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:284 msgid "Error reading service object password file" msgstr "" -#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:261 +#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:252 #, c-format msgid "Error creating file %s" msgstr "" @@ -5260,77 +6252,76 @@ msgstr "" msgid "%s option value missing" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:696 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:671 +msgid "DN is out of the realm subtree" +msgstr "" + +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:703 +msgid "ldap object is already kerberized" +msgstr "" + +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:797 msgid "Principal does not belong to the default realm" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:764 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:865 #, c-format msgid "" "operation can not continue, more than one entry with principal name \"%s\" " "found" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:827 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:928 #, c-format msgid "'%s' not found" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:904 -msgid "DN is out of the realm subtree" -msgstr "" - -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:960 -#, c-format -msgid "ldap object is already kerberized" -msgstr "" - -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:980 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:992 #, c-format msgid "" "link information can not be set/updated as the kerberos principal belongs to " "an ldap object" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:995 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1007 #, c-format msgid "Failed getting object references" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1002 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1014 #, c-format msgid "kerberos principal is already linked to a ldap object" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1340 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1352 msgid "ticket policy object value: " msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1388 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1400 #, c-format msgid "Principal delete failed (trying to replace entry): %s" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1398 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1410 #, c-format msgid "Principal add failed: %s" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1436 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1448 #, c-format msgid "User modification failed: %s" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1509 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1521 #: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:294 msgid "Error reading ticket policy" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1639 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1651 msgid "unable to decode stored principal key data" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1697 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1709 msgid "unable to decode stored principal pw history" msgstr "" @@ -5379,16 +6370,15 @@ msgid "Not a hexadecimal password" msgstr "" #: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:55 -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:66 msgid "Password corrupt" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:93 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:78 #, c-format msgid "Cannot open LDAP password file '%s': %s" msgstr "" -#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:123 +#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:108 #, c-format msgid "Bind DN entry '%s' missing in LDAP password file '%s'" msgstr "" @@ -5419,1104 +6409,234 @@ msgstr "" msgid "Error reading container object" msgstr "" -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:498 -#, c-format -msgid "%s: %s" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:528 -#, c-format -msgid "%s (depth %d): %s" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:771 -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4318 -msgid "Pass phrase for" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1101 -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1111 -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1378 -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1388 -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1929 -msgid "Failed to DER encode PKCS7" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1202 -msgid "Failed to verify own certificate" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1362 -msgid "Failed to add digest attribute" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1490 -msgid "Failed to decode CMS message" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1508 -msgid "Invalid pkinit packet: octet string expected" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1526 -msgid "wrong oid\n" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1678 -msgid "Failed to verify received certificate" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1716 -msgid "Failed to verify CMS message" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1904 -msgid "Failed to encrypt PKCS7 object" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1979 -msgid "Failed to decode PKCS7" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1996 -msgid "Failed to decrypt PKCS7 message" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4438 -#, c-format -msgid "Cannot read certificate file '%s'" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4445 -#, c-format -msgid "Cannot read key file '%s'" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5358 -#, c-format -msgid "Cannot open file '%s'" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5365 -#, c-format -msgid "Cannot read file '%s'" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:6040 -#, c-format -msgid "unknown code 0x%x" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:410 -#, c-format -msgid "Unsupported type while processing '%s'\n" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:444 -msgid "Internal error parsing X509_user_identity\n" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:535 -msgid "No user identity options specified" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:523 -msgid "Pkinit request not signed, but client not anonymous." -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:561 -msgid "Anonymous pkinit without DH public value not supported." -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1270 -#, c-format -msgid "No pkinit_identity supplied for realm %s" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1281 -#, c-format -msgid "No pkinit_anchors supplied for realm %s" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1301 -#, c-format -msgid "OCSP is not supported: (realm: %s)" -msgstr "" - -#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1691 -msgid "No realms configured correctly for pkinit support" -msgstr "" - -#: ../../src/slave/kprop.c:85 -#, c-format -msgid "" -"\n" -"Usage: %s [-r realm] [-f file] [-d] [-P port] [-s srvtab] slave_host\n" -"\n" -msgstr "" - -#: ../../src/slave/kprop.c:114 -#, c-format -msgid "Database propagation to %s: SUCCEEDED\n" -msgstr "" - -#: ../../src/slave/kprop.c:175 -msgid "while setting client principal name" -msgstr "" - -#: ../../src/slave/kprop.c:184 -msgid "while setting server principal name" -msgstr "" - -#: ../../src/slave/kprop.c:197 -msgid "while resolving keytab" -msgstr "" - -#: ../../src/slave/kprop.c:205 -msgid "while getting initial credentials\n" -msgstr "" - -#: ../../src/slave/kprop.c:241 -msgid "while creating socket" -msgstr "" - -#: ../../src/slave/kprop.c:257 -msgid "while converting server address" -msgstr "" - -#: ../../src/slave/kprop.c:267 -msgid "while connecting to server" -msgstr "" - -#: ../../src/slave/kprop.c:274 ../../src/slave/kpropd.c:1199 -msgid "while getting local socket address" -msgstr "" - -#: ../../src/slave/kprop.c:279 -msgid "while converting local address" -msgstr "" - -#: ../../src/slave/kprop.c:302 -msgid "in krb5_auth_con_setaddrs" -msgstr "" - -#: ../../src/slave/kprop.c:310 -msgid "while authenticating to server" -msgstr "" - -#: ../../src/slave/kprop.c:314 ../../src/slave/kprop.c:513 -#: ../../src/slave/kpropd.c:1505 -#, c-format -msgid "Generic remote error: %s\n" -msgstr "" - -#: ../../src/slave/kprop.c:320 ../../src/slave/kprop.c:519 -msgid "signalled from server" -msgstr "" - -#: ../../src/slave/kprop.c:322 ../../src/slave/kprop.c:521 -#, c-format -msgid "Error text from server: %s\n" -msgstr "" - -#: ../../src/slave/kprop.c:350 -#, c-format -msgid "allocating database file name '%s'" -msgstr "" - -#: ../../src/slave/kprop.c:356 -#, c-format -msgid "while trying to open %s" -msgstr "" - -#: ../../src/slave/kprop.c:363 -msgid "database locked" -msgstr "" - -#: ../../src/slave/kprop.c:366 ../../src/slave/kpropd.c:552 -#, c-format -msgid "while trying to lock '%s'" -msgstr "" - -#: ../../src/slave/kprop.c:370 ../../src/slave/kprop.c:378 -#, c-format -msgid "while trying to stat %s" -msgstr "" - -#: ../../src/slave/kprop.c:374 -msgid "while trying to malloc data_ok_fn" -msgstr "" - -#: ../../src/slave/kprop.c:383 -#, c-format -msgid "'%s' more recent than '%s'." -msgstr "" - -#: ../../src/slave/kprop.c:399 -#, c-format -msgid "while unlocking database '%s'" -msgstr "" - -#: ../../src/slave/kprop.c:432 ../../src/slave/kprop.c:433 -msgid "while encoding database size" -msgstr "" - -#: ../../src/slave/kprop.c:441 -msgid "while sending database size" -msgstr "" - -#: ../../src/slave/kprop.c:451 -msgid "while allocating i_vector" -msgstr "" - -#: ../../src/slave/kprop.c:474 -#, c-format -msgid "while sending database block starting at %d" -msgstr "" - -#: ../../src/slave/kprop.c:484 -msgid "Premature EOF found for database file!" -msgstr "" - -#: ../../src/slave/kprop.c:497 -msgid "while reading response from server" -msgstr "" - -#: ../../src/slave/kprop.c:508 -msgid "while decoding error response from server" -msgstr "" - -#: ../../src/slave/kprop.c:539 -#, c-format -msgid "Kpropd sent database size %d, expecting %d" -msgstr "" - -#: ../../src/slave/kprop.c:584 -msgid "while allocating filename for update_last_prop_file" -msgstr "" - -#: ../../src/slave/kprop.c:589 -#, c-format -msgid "while creating 'last_prop' file, '%s'" -msgstr "" - -#: ../../src/slave/kpropd.c:171 -#, c-format -msgid "" -"\n" -"Usage: %s [-r realm] [-s srvtab] [-dS] [-f slave_file]\n" -msgstr "" - -#: ../../src/slave/kpropd.c:173 -#, c-format -msgid "\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n" -msgstr "" - -#: ../../src/slave/kpropd.c:174 -#, c-format -msgid "\t[-x db_args]* [-P port] [-a acl_file]\n" -msgstr "" - -#: ../../src/slave/kpropd.c:175 -#, c-format -msgid "\t[-A admin_server] [--pid-file=pid_file]\n" -msgstr "" - -#: ../../src/slave/kpropd.c:231 -#, c-format -msgid "Killing fullprop child (%d)\n" -msgstr "" - -#: ../../src/slave/kpropd.c:260 -msgid "while checking if stdin is a socket" -msgstr "" - -#: ../../src/slave/kpropd.c:278 -#, c-format -msgid "ready\n" -msgstr "" - -#: ../../src/slave/kpropd.c:284 -#, c-format -msgid "Could not write pid file %s: %s" -msgstr "" - -#: ../../src/slave/kpropd.c:296 -#, c-format -msgid "Could not open /dev/null: %s" -msgstr "" - -#: ../../src/slave/kpropd.c:303 -#, c-format -msgid "Could not dup the inetd socket: %s" -msgstr "" - -#: ../../src/slave/kpropd.c:338 ../../src/slave/kpropd.c:351 -msgid "do_iprop failed.\n" -msgstr "" - -#: ../../src/slave/kpropd.c:390 -#, c-format -msgid "getaddrinfo: %s\n" -msgstr "" - -#: ../../src/slave/kpropd.c:396 -msgid "while obtaining socket" -msgstr "" - -#: ../../src/slave/kpropd.c:402 -msgid "while setting SO_REUSEADDR option" -msgstr "" - -#: ../../src/slave/kpropd.c:410 -msgid "while unsetting IPV6_V6ONLY option" -msgstr "" - -#: ../../src/slave/kpropd.c:415 -msgid "while binding listener socket" -msgstr "" - -#: ../../src/slave/kpropd.c:426 -#, c-format -msgid "waiting for a kprop connection\n" -msgstr "" - -#: ../../src/slave/kpropd.c:432 -msgid "while accepting connection" -msgstr "" - -#: ../../src/slave/kpropd.c:438 -msgid "while forking" -msgstr "" - -#: ../../src/slave/kpropd.c:453 -#, c-format -msgid "waitpid() failed to wait for doit() (%d %s)\n" -msgstr "" - -#: ../../src/slave/kpropd.c:457 -msgid "while waiting to receive database" -msgstr "" - -#: ../../src/slave/kpropd.c:461 -#, c-format -msgid "Database load process for full propagation completed.\n" -msgstr "" - -#: ../../src/slave/kpropd.c:499 -#, c-format -msgid "" -"%s: Standard input does not appear to be a network socket.\n" -"\t(Not run from inetd, and missing the -S option?)\n" -msgstr "" - -#: ../../src/slave/kpropd.c:512 -msgid "while attempting setsockopt (SO_KEEPALIVE)" -msgstr "" - -#: ../../src/slave/kpropd.c:517 -#, c-format -msgid "Connection from %s" -msgstr "" - -#: ../../src/slave/kpropd.c:537 -#, c-format -msgid "Rejected connection from unauthorized principal %s\n" -msgstr "" - -#: ../../src/slave/kpropd.c:541 -#, c-format -msgid "Rejected connection from unauthorized principal %s" -msgstr "" - -#: ../../src/slave/kpropd.c:558 -#, c-format -msgid "while opening database file, '%s'" -msgstr "" - -#: ../../src/slave/kpropd.c:564 -#, c-format -msgid "while renaming %s to %s" -msgstr "" - -#: ../../src/slave/kpropd.c:570 -#, c-format -msgid "while downgrading lock on '%s'" -msgstr "" - -#: ../../src/slave/kpropd.c:577 -#, c-format -msgid "while unlocking '%s'" -msgstr "" - -#: ../../src/slave/kpropd.c:589 -msgid "while sending # of received bytes" -msgstr "" - -#: ../../src/slave/kpropd.c:595 -msgid "while trying to close database file" -msgstr "" - -#: ../../src/slave/kpropd.c:650 -#, c-format -msgid "Incremental propagation enabled\n" -msgstr "" - -#: ../../src/slave/kpropd.c:661 -#, c-format -msgid "%s: unable to get kiprop host based service name for realm %s\n" -msgstr "" - -#: ../../src/slave/kpropd.c:672 -msgid "while trying to construct host service principal" -msgstr "" - -#: ../../src/slave/kpropd.c:691 -#, c-format -msgid "Initializing kadm5 as client %s\n" -msgstr "" - -#: ../../src/slave/kpropd.c:705 -#, c-format -msgid "kadm5 initialization failed!\n" -msgstr "" - -#: ../../src/slave/kpropd.c:714 -msgid "while attempting to connect to master KDC ... retrying" -msgstr "" - -#: ../../src/slave/kpropd.c:718 -#, c-format -msgid "Sleeping %d seconds to re-initialize kadm5 (RPC ERROR)\n" -msgstr "" - -#: ../../src/slave/kpropd.c:734 -#, c-format -msgid "while initializing %s interface, retrying" -msgstr "" - -#: ../../src/slave/kpropd.c:738 -#, c-format -msgid "Sleeping %d seconds to re-initialize kadm5 (krb5kdc not running?)\n" -msgstr "" - -#: ../../src/slave/kpropd.c:748 -#, c-format -msgid "kadm5 initialization succeeded\n" -msgstr "" - -#: ../../src/slave/kpropd.c:770 -msgid "reading update log header" -msgstr "" - -#: ../../src/slave/kpropd.c:781 -#, c-format -msgid "Calling iprop_get_updates_1 (sno=%u sec=%u usec=%u)\n" -msgstr "" - -#: ../../src/slave/kpropd.c:791 -msgid "iprop_get_updates call failed" -msgstr "" - -#: ../../src/slave/kpropd.c:797 -#, c-format -msgid "Reinitializing iprop because get updates failed\n" -msgstr "" - -#: ../../src/slave/kpropd.c:818 -#, c-format -msgid "Still waiting for full resync\n" -msgstr "" - -#: ../../src/slave/kpropd.c:823 -#, c-format -msgid "Full resync needed\n" -msgstr "" - -#: ../../src/slave/kpropd.c:824 -msgid "kpropd: Full resync needed." -msgstr "" - -#: ../../src/slave/kpropd.c:829 -msgid "iprop_full_resync call failed" -msgstr "" - -#: ../../src/slave/kpropd.c:840 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:132 #, c-format -msgid "Full resync request granted\n" -msgstr "" - -#: ../../src/slave/kpropd.c:841 -msgid "Full resync request granted." +msgid "%s (path: %s): %s" msgstr "" -#: ../../src/slave/kpropd.c:850 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:164 #, c-format -msgid "Exponential backoff\n" +msgid "Unsupported argument \"%s\" for LMDB" msgstr "" -#: ../../src/slave/kpropd.c:856 -#, c-format -msgid "Full resync permission denied\n" +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:294 +msgid "LMDB environment open failure" msgstr "" -#: ../../src/slave/kpropd.c:857 -msgid "Full resync, permission denied." +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:319 +msgid "LMDB read failure" msgstr "" -#: ../../src/slave/kpropd.c:862 -#, c-format -msgid "Full resync error from master\n" -msgstr "" - -#: ../../src/slave/kpropd.c:863 -msgid " Full resync, error returned from master KDC." -msgstr "" - -#: ../../src/slave/kpropd.c:871 -#, c-format -msgid "Full resync invalid result from master\n" -msgstr "" - -#: ../../src/slave/kpropd.c:873 -msgid "Full resync, invalid return from master KDC." +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:394 +msgid "LMDB write failure" msgstr "" -#: ../../src/slave/kpropd.c:889 -#, c-format -msgid "Got incremental updates (sno=%u sec=%u usec=%u)\n" +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:418 +msgid "LMDB delete failure" msgstr "" -#: ../../src/slave/kpropd.c:901 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:521 #, c-format -msgid "ulog_replay failed (%s), updates not registered\n" +msgid "LMDB file %s does not exist" msgstr "" -#: ../../src/slave/kpropd.c:904 -#, c-format -msgid "ulog_replay failed (%s), updates not registered." +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:566 +msgid "LMDB open failure" msgstr "" -#: ../../src/slave/kpropd.c:913 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:593 #, c-format -msgid "Incremental updates: %d updates / %lu us" +msgid "LMDB file %s already exists" msgstr "" -#: ../../src/slave/kpropd.c:916 -#, c-format -msgid "Incremental updates: %d updates / %lu us\n" +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:658 +msgid "LMDB create error" msgstr "" -#: ../../src/slave/kpropd.c:924 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:676 #, c-format -msgid "get_updates permission denied\n" +msgid "Could not unlink %s" msgstr "" -#: ../../src/slave/kpropd.c:925 -msgid "get_updates, permission denied." -msgstr "" - -#: ../../src/slave/kpropd.c:930 +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:760 #, c-format -msgid "get_updates error from master\n" +msgid "Unsupported argument \"%s\" for lmdb" msgstr "" -#: ../../src/slave/kpropd.c:931 -msgid "get_updates, error returned from master KDC." +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:806 +msgid "LMDB lockout write failure" msgstr "" -#: ../../src/slave/kpropd.c:939 -#, c-format -msgid "get_updates master busy; backoff\n" +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:882 +msgid "LMDB principal iteration failure" msgstr "" -#: ../../src/slave/kpropd.c:948 -#, c-format -msgid "KDC is synchronized with master.\n" +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:985 +msgid "LMDB policy iteration failure" msgstr "" -#: ../../src/slave/kpropd.c:956 -#, c-format -msgid "get_updates invalid result from master\n" +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1016 +msgid "LMDB transaction commit failure" msgstr "" -#: ../../src/slave/kpropd.c:957 -msgid "get_updates, invalid return from master KDC." +#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1115 +msgid "LMDB lockout update failure" msgstr "" -#: ../../src/slave/kpropd.c:972 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:500 #, c-format -msgid "Busy signal received from master, backoff for %d secs\n" -msgstr "" - -#: ../../src/slave/kpropd.c:979 -#, c-format -msgid "Waiting for %d seconds before checking for updates again\n" -msgstr "" - -#: ../../src/slave/kpropd.c:990 -#, c-format -msgid "ERROR returned by master, bailing\n" -msgstr "" - -#: ../../src/slave/kpropd.c:991 -msgid "ERROR returned by master KDC, bailing.\n" -msgstr "" - -#: ../../src/slave/kpropd.c:1108 -msgid "copying db args" -msgstr "" - -#: ../../src/slave/kpropd.c:1133 -msgid "Unable to get default realm" -msgstr "" - -#: ../../src/slave/kpropd.c:1140 -msgid "Unable to set default realm" -msgstr "" - -#: ../../src/slave/kpropd.c:1150 -msgid "while trying to construct my service name" -msgstr "" - -#: ../../src/slave/kpropd.c:1157 -msgid "while allocating filename for temp file" -msgstr "" - -#: ../../src/slave/kpropd.c:1165 -msgid "while initializing" -msgstr "" - -#: ../../src/slave/kpropd.c:1173 -msgid "Unable to map log!\n" -msgstr "" - -#: ../../src/slave/kpropd.c:1219 -#, c-format -msgid "Error in krb5_auth_con_ini: %s" -msgstr "" - -#: ../../src/slave/kpropd.c:1227 -#, c-format -msgid "Error in krb5_auth_con_setflags: %s" -msgstr "" - -#: ../../src/slave/kpropd.c:1235 -#, c-format -msgid "Error in krb5_auth_con_setaddrs: %s" -msgstr "" - -#: ../../src/slave/kpropd.c:1243 -#, c-format -msgid "Error in krb5_kt_resolve: %s" -msgstr "" - -#: ../../src/slave/kpropd.c:1252 -#, c-format -msgid "Error in krb5_recvauth: %s" -msgstr "" - -#: ../../src/slave/kpropd.c:1259 -#, c-format -msgid "Error in krb5_copy_prinicpal: %s" -msgstr "" - -#: ../../src/slave/kpropd.c:1275 -msgid "while unparsing ticket etype" -msgstr "" - -#: ../../src/slave/kpropd.c:1279 -#, c-format -msgid "authenticated client: %s (etype == %s)\n" -msgstr "" - -#: ../../src/slave/kpropd.c:1358 -msgid "while reading size of database from client" -msgstr "" - -#: ../../src/slave/kpropd.c:1368 -msgid "while decoding database size from client" -msgstr "" - -#: ../../src/slave/kpropd.c:1381 -msgid "while initializing i_vector" -msgstr "" - -#: ../../src/slave/kpropd.c:1386 -#, c-format -msgid "Full propagation transfer started.\n" -msgstr "" - -#: ../../src/slave/kpropd.c:1439 -#, c-format -msgid "Full propagation transfer finished.\n" -msgstr "" - -#: ../../src/slave/kpropd.c:1500 -msgid "while decoding error packet from client" -msgstr "" - -#: ../../src/slave/kpropd.c:1509 -msgid "signaled from server" -msgstr "" - -#: ../../src/slave/kpropd.c:1511 -#, c-format -msgid "Error text from client: %s\n" -msgstr "" - -#: ../../src/slave/kpropd.c:1560 -#, c-format -msgid "while trying to fork %s" -msgstr "" - -#: ../../src/slave/kpropd.c:1564 -#, c-format -msgid "while trying to exec %s" -msgstr "" - -#: ../../src/slave/kpropd.c:1571 -#, c-format -msgid "while waiting for %s" -msgstr "" - -#: ../../src/slave/kpropd.c:1577 -#, c-format -msgid "%s load terminated" -msgstr "" - -#: ../../src/slave/kpropd.c:1583 -#, c-format -msgid "%s returned a bad exit status (%d)" -msgstr "" - -#: ../../src/slave/kproplog.c:27 -#, c-format -msgid "" -"\n" -"Usage: %s [-h] [-v] [-v] [-e num]\n" -"\t%s -R\n" -"\n" -msgstr "" - -#: ../../src/slave/kproplog.c:129 -#, c-format -msgid "" -"\n" -"Couldn't allocate memory" -msgstr "" - -#: ../../src/slave/kproplog.c:223 -#, c-format -msgid "\t\tAttribute flags\n" -msgstr "" - -#: ../../src/slave/kproplog.c:228 -#, c-format -msgid "\t\tMaximum ticket life\n" -msgstr "" - -#: ../../src/slave/kproplog.c:233 -#, c-format -msgid "\t\tMaximum renewable life\n" -msgstr "" - -#: ../../src/slave/kproplog.c:238 -#, c-format -msgid "\t\tPrincipal expiration\n" -msgstr "" - -#: ../../src/slave/kproplog.c:243 -#, c-format -msgid "\t\tPassword expiration\n" -msgstr "" - -#: ../../src/slave/kproplog.c:248 -#, c-format -msgid "\t\tLast successful auth\n" -msgstr "" - -#: ../../src/slave/kproplog.c:253 -#, c-format -msgid "\t\tLast failed auth\n" -msgstr "" - -#: ../../src/slave/kproplog.c:258 -#, c-format -msgid "\t\tFailed passwd attempt\n" -msgstr "" - -#: ../../src/slave/kproplog.c:263 -#, c-format -msgid "\t\tPrincipal\n" -msgstr "" - -#: ../../src/slave/kproplog.c:268 -#, c-format -msgid "\t\tKey data\n" -msgstr "" - -#: ../../src/slave/kproplog.c:275 -#, c-format -msgid "\t\tTL data\n" -msgstr "" - -#: ../../src/slave/kproplog.c:282 -#, c-format -msgid "\t\tLength\n" -msgstr "" - -#: ../../src/slave/kproplog.c:287 -#, c-format -msgid "\t\tPassword last changed\n" -msgstr "" - -#: ../../src/slave/kproplog.c:292 -#, c-format -msgid "\t\tModifying principal\n" -msgstr "" - -#: ../../src/slave/kproplog.c:297 -#, c-format -msgid "\t\tModification time\n" -msgstr "" - -#: ../../src/slave/kproplog.c:302 -#, c-format -msgid "\t\tModified where\n" -msgstr "" - -#: ../../src/slave/kproplog.c:307 -#, c-format -msgid "\t\tPassword policy\n" -msgstr "" - -#: ../../src/slave/kproplog.c:312 -#, c-format -msgid "\t\tPassword policy switch\n" -msgstr "" - -#: ../../src/slave/kproplog.c:317 -#, c-format -msgid "\t\tPassword history KVNO\n" -msgstr "" - -#: ../../src/slave/kproplog.c:322 -#, c-format -msgid "\t\tPassword history\n" -msgstr "" - -#: ../../src/slave/kproplog.c:356 -#, c-format -msgid "" -"Corrupt update entry\n" -"\n" -msgstr "" - -#: ../../src/slave/kproplog.c:361 -#, c-format -msgid "Update Entry\n" -msgstr "" - -#: ../../src/slave/kproplog.c:363 -#, c-format -msgid "\tUpdate serial # : %u\n" -msgstr "" - -#: ../../src/slave/kproplog.c:367 -#, c-format -msgid "\tDummy entry\n" -msgstr "" - -#: ../../src/slave/kproplog.c:375 -#, c-format -msgid "" -"Entry data decode failure\n" -"\n" -msgstr "" - -#: ../../src/slave/kproplog.c:379 -#, c-format -msgid "\tUpdate operation : " +msgid "%s: %s" msgstr "" -#: ../../src/slave/kproplog.c:381 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:530 #, c-format -msgid "Delete\n" +msgid "%s (depth %d): %s" msgstr "" -#: ../../src/slave/kproplog.c:383 -#, c-format -msgid "Add\n" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:773 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4324 +msgid "Pass phrase for" msgstr "" -#: ../../src/slave/kproplog.c:387 -#, c-format -msgid "" -"Could not allocate principal name\n" -"\n" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1103 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1113 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1380 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1390 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1931 +msgid "Failed to DER encode PKCS7" msgstr "" -#: ../../src/slave/kproplog.c:393 -#, c-format -msgid "\tUpdate principal : %s\n" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1204 +msgid "Failed to verify own certificate" msgstr "" -#: ../../src/slave/kproplog.c:395 -#, c-format -msgid "\tUpdate size : %u\n" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1364 +msgid "Failed to add digest attribute" msgstr "" -#: ../../src/slave/kproplog.c:396 -#, c-format -msgid "\tUpdate committed : %s\n" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1492 +msgid "Failed to decode CMS message" msgstr "" -#: ../../src/slave/kproplog.c:400 -#, c-format -msgid "\tUpdate time stamp : None\n" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1510 +msgid "Invalid pkinit packet: octet string expected" msgstr "" -#: ../../src/slave/kproplog.c:402 -#, c-format -msgid "\tUpdate time stamp : %s" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1528 +msgid "wrong oid\n" msgstr "" -#: ../../src/slave/kproplog.c:406 -#, c-format -msgid "\tAttributes changed : %d\n" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1680 +msgid "Failed to verify received certificate" msgstr "" -#: ../../src/slave/kproplog.c:471 -#, c-format -msgid "" -"Unable to initialize Kerberos\n" -"\n" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1718 +msgid "Failed to verify CMS message" msgstr "" -#: ../../src/slave/kproplog.c:478 -#, c-format -msgid "" -"Couldn't read database_name\n" -"\n" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1906 +msgid "Failed to encrypt PKCS7 object" msgstr "" -#: ../../src/slave/kproplog.c:482 -#, c-format -msgid "" -"\n" -"Kerberos update log (%s)\n" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1981 +msgid "Failed to decode PKCS7" msgstr "" -#: ../../src/slave/kproplog.c:486 ../../src/slave/kproplog.c:501 -#, c-format -msgid "" -"Unable to map log file %s\n" -"\n" +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1998 +msgid "Failed to decrypt PKCS7 message" msgstr "" -#: ../../src/slave/kproplog.c:491 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4444 #, c-format -msgid "" -"Couldn't reinitialize ulog file %s\n" -"\n" +msgid "Cannot read certificate file '%s'" msgstr "" -#: ../../src/slave/kproplog.c:495 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4451 #, c-format -msgid "Reinitialized the ulog.\n" +msgid "Cannot read key file '%s'" msgstr "" -#: ../../src/slave/kproplog.c:507 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5313 #, c-format -msgid "" -"Corrupt header log, exiting\n" -"\n" +msgid "Cannot open file '%s'" msgstr "" -#: ../../src/slave/kproplog.c:511 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5320 #, c-format -msgid "Update log dump :\n" +msgid "Cannot read file '%s'" msgstr "" -#: ../../src/slave/kproplog.c:512 +#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5995 #, c-format -msgid "\tLog version # : %u\n" +msgid "unknown code 0x%x" msgstr "" -#: ../../src/slave/kproplog.c:513 +#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:419 #, c-format -msgid "\tLog state : " +msgid "Unsupported type while processing '%s'\n" msgstr "" -#: ../../src/slave/kproplog.c:516 -#, c-format -msgid "Stable\n" +#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:453 +msgid "Internal error parsing X509_user_identity\n" msgstr "" -#: ../../src/slave/kproplog.c:519 -#, c-format -msgid "Unstable\n" +#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:544 +msgid "No user identity options specified" msgstr "" -#: ../../src/slave/kproplog.c:522 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:405 #, c-format -msgid "Corrupt\n" +msgid "PKINIT: no freshness token, rejecting auth from %s" msgstr "" -#: ../../src/slave/kproplog.c:525 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:409 #, c-format -msgid "Unknown state: %d\n" +msgid "PKINIT: freshness token received from %s" msgstr "" -#: ../../src/slave/kproplog.c:528 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:411 #, c-format -msgid "\tEntry block size : %u\n" +msgid "PKINIT: no freshness token received from %s" msgstr "" -#: ../../src/slave/kproplog.c:529 -#, c-format -msgid "\tNumber of entries : %u\n" +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:542 +msgid "Pkinit request not signed, but client not anonymous." msgstr "" -#: ../../src/slave/kproplog.c:532 -#, c-format -msgid "\tLast serial # : None\n" +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:580 +msgid "Anonymous pkinit without DH public value not supported." msgstr "" -#: ../../src/slave/kproplog.c:535 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1304 #, c-format -msgid "\tFirst serial # : None\n" +msgid "No pkinit_identity supplied for realm %s" msgstr "" -#: ../../src/slave/kproplog.c:537 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1315 #, c-format -msgid "\tFirst serial # : " +msgid "No pkinit_anchors supplied for realm %s" msgstr "" -#: ../../src/slave/kproplog.c:541 +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1335 #, c-format -msgid "\tLast serial # : " +msgid "OCSP is not supported: (realm: %s)" msgstr "" -#: ../../src/slave/kproplog.c:546 -#, c-format -msgid "\tLast time stamp : None\n" +#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1736 +msgid "No realms configured correctly for pkinit support" msgstr "" -#: ../../src/slave/kproplog.c:549 -#, c-format -msgid "\tFirst time stamp : None\n" +#: ../../src/plugins/preauth/spake/groups.c:237 +msgid "No SPAKE preauth groups configured" msgstr "" -#: ../../src/slave/kproplog.c:551 +#: ../../src/plugins/preauth/spake/groups.c:257 #, c-format -msgid "\tFirst time stamp : %s" +msgid "SPAKE challenge group not a permitted group: %s" msgstr "" -#: ../../src/slave/kproplog.c:555 -#, c-format -msgid "\tLast time stamp : %s\n" +#: ../../src/plugins/preauth/spake/spake_kdc.c:536 +msgid "Unknown SPAKE request type" msgstr "" #: ../../src/util/support/errors.c:77 diff --git a/src/tests/gssapi/deps b/src/tests/gssapi/deps index 0b50d9e..c8905c9 100644 --- a/src/tests/gssapi/deps +++ b/src/tests/gssapi/deps @@ -29,6 +29,10 @@ $(OUTPRE)t_accname.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ common.h t_accname.c +$(OUTPRE)t_add_cred.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ + common.h t_add_cred.c $(OUTPRE)t_ccselect.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ diff --git a/src/util/ss/deps b/src/util/ss/deps index f30420f..7705e25 100644 --- a/src/util/ss/deps +++ b/src/util/ss/deps @@ -63,7 +63,7 @@ utils.so utils.po $(OUTPRE)utils.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ ss_internal.h utils.c options.so options.po $(OUTPRE)options.$(OBJEXT): $(BUILDTOP)/include/ss/ss_err.h \ $(COM_ERR_DEPS) copyright.h options.c ss.h -cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.h +cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.o: $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) \ ct.tab.c ss.h ss_err.so ss_err.po $(OUTPRE)ss_err.$(OBJEXT): $(COM_ERR_DEPS) \ |