diff options
| author | Russ Allbery <rra@stanford.edu> | 2007-09-27 03:22:46 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2007-09-27 03:22:46 +0000 |
| commit | e0f6e1222ede4a7545ca995a8aacaae0b591cb9c (patch) | |
| tree | 2af9d140d13ee321c6fdb81c4444ca2e0e93c4a3 /server | |
| parent | 7ec47028dbfe6df70d4c07e9546ae1680cf4e91f (diff) | |
Initial cut at srvtab support in the wallet client. This still requires
additional work and cleanup, particularly support for the sync attribute.
Diffstat (limited to 'server')
| -rwxr-xr-x | server/wallet-backend | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/server/wallet-backend b/server/wallet-backend index 2ab3daf..b6c0dfb 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -238,6 +238,8 @@ object that change data except the C<flags> commands, nor can the C<get> command be used on that object. C<show>, C<getacl>, and C<owner> or C<expires> without an argument can still be used on that object. +For more information on attributes, see L<ATTRIBUTES>. + =over 4 =item acl add <id> <scheme> <identifier> @@ -359,8 +361,6 @@ particular object type, and <attr> must be an attribute type known to the underlying object implementation. To clear the attribute for this object, pass in a <value> of the empty string (C<''>). -Currently, no object attributes are implemented. - =item show <type> <name> Displays the current object metadata for the object identified by <type> @@ -381,6 +381,41 @@ will be lifted in the future. =back +=head1 ATTRIBUTES + +Object attributes store additional properties and configuration +information for objects stored in the wallet. They are displayed as part +of the object data with C<show>, retrieved with C<getattr>, and set with +C<setattr>. + +=head1 Keytab Attributes + +Keytab objects support the following attributes: + +=over 4 + +=item sync + +Sets the external systems to which the key of a given principal is +synchronized. The only supported value for this attribute is C<kaserver>, +which says to synchronize the key with an AFS Kerberos v4 kaserver. + +If this attribute is set on a keytab, whenever the C<get> command is run for +that keytab, the DES key will be extracted from that keytab and set in the +configured AFS kaserver. The Kerberos v4 principal name will be the same as +the Kerberos v5 principal name except that the components are separated by +C<.> instead of C</>; the second component is truncated after the first C<.> +if the first component is one of C<host>, C<ident>, C<imap>, C<pop>, or +C<smtp>; and the first component is C<rcmd> if the Kerberos v5 principal +component is C<host>. The principal name must not contain more than two +components. + +If this attribute is set, calling C<destroy> will also destroy the +principal from the AFS kaserver, with a principal mapping determined as +above. + +=back + =head1 SEE ALSO Wallet::Server(3), remctld(8) |