diff options
| author | Russ Allbery <eagle@eyrie.org> | 2014-07-16 13:43:17 -0700 |
|---|---|---|
| committer | Russ Allbery <eagle@eyrie.org> | 2014-07-16 13:43:17 -0700 |
| commit | 6409733ee3b7b1910dc1c166a392cc628834146c (patch) | |
| tree | e9460f8f2ca0f3676afeed2a9dcf549acfc39b53 /docs | |
| parent | 334ed844cbb5c8f7ea82a94c701a3016dd6950b9 (diff) | |
| parent | f8963ceb19cd2b503b981f43a3f8c0f45649989f (diff) | |
Imported Upstream version 1.1
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/objects-and-schemes | 14 | ||||
| -rw-r--r-- | docs/stanford-naming | 19 |
2 files changed, 24 insertions, 9 deletions
diff --git a/docs/objects-and-schemes b/docs/objects-and-schemes index 57c2f9f..97e6289 100644 --- a/docs/objects-and-schemes +++ b/docs/objects-and-schemes @@ -10,6 +10,18 @@ Introduction Object Types + duo + + Stores the configuration for a Duo Security integration. Duo is a + cloud provider of multifactor authentication services. A Duo + integration consists of some local configuration and a secret key that + permits verification of a second factor using the Duo cloud service. + Currently, only UNIX integrations are supported. In the future, this + object type will likely be split into several object types + corresponding to the supported types of Duo integrations. + + Implemented via Wallet::Object::Duo. + file Stores an arbitrary file and allows retrieval of that file. The file @@ -91,7 +103,7 @@ ACL Schemes License - Copyright 2012, 2013 + Copyright 2012, 2013, 2014 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, diff --git a/docs/stanford-naming b/docs/stanford-naming index 81c752c..c86c820 100644 --- a/docs/stanford-naming +++ b/docs/stanford-naming @@ -126,10 +126,13 @@ Object Naming for Apache, Postfix, LDAP, and similar cases where the certificate should match the host name. The public certificate we manage external to wallet since it doesn't need to be protected or - encrypted. <server> here should be the CN of the certificate, - which may be different than the hostname (for hosts with multiple - virtual hosts, for example, or because the certificate is for a - load-balanced name). + encrypted. <server> here should be the fully-qualified DNS name + from the CN of the certificate, which may be different than the + hostname (for hosts with multiple virtual hosts, for example, or + because the certificate is for a load-balanced name). For example, + ssl-key/ldap.stanford.edu for the X.509 private key for the + SSL certificate used across the ldap.stanford.edu load-balanced + pool. An optional <application> component may be added if there are multiple certificates with the same host name as the CN but with @@ -154,10 +157,10 @@ Object Naming tivoli-key/<server> - The Tivoli password or backup encryption key for this server. - Both the password and the encryption key, if used, are stored in - the same file, so both are stored together. This file is found at - /etc/adsm/TSM.PWD. + The Tivoli encryption key for this server. We previously stored + the whole /etc/adsm/TSM.PWD file in this object, but now we store + only the encryption key in password form, since the file contains + both it and the server password and the latter keeps changing. (OLD: <group>-<server>-tivoli-key) |