From 6b45f632759293fc9f2a28317fae2e224ac53020 Mon Sep 17 00:00:00 2001 From: E Deon Lackey Date: Wed, 10 Oct 2012 23:09:31 +0200 Subject: Fix language errors in the sssd-krb5.conf man page --- src/man/sssd-krb5.5.xml | 141 ++++++++++++++++++++++++------------------------ 1 file changed, 71 insertions(+), 70 deletions(-) diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index 2e2e638d..597628e8 100644 --- a/src/man/sssd-krb5.5.xml +++ b/src/man/sssd-krb5.5.xml @@ -30,11 +30,11 @@ sssd.conf 5 - manual page + manual page. The Kerberos 5 authentication backend contains auth and chpass - providers. It must be paired with identity provider in + providers. It must be paired with an identity provider in order to function properly (for example, id_provider = ldap). Some information required by the Kerberos 5 authentication backend must be provided by the identity provider, such as the user's Kerberos @@ -48,11 +48,11 @@ file in the home directory of the user. See .k5login5 for more details. Please note that an empty .k5login - file will deny all access to this user. To activate this feature - use 'access_provider = krb5' in your sssd configuration. + file will deny all access to this user. To activate this feature, + use 'access_provider = krb5' in your SSSD configuration. - In the case where the UPN is not available in the identity backend + In the case where the UPN is not available in the identity backend, sssd will construct a UPN using the format username@krb5_realm. @@ -62,13 +62,13 @@ CONFIGURATION OPTIONS - If the auth-module krb5 is used in a SSSD domain, the following + If the auth-module krb5 is used in an SSSD domain, the following options must be used. See the sssd.conf 5 - manual page, section DOMAIN SECTIONS - for details on the configuration of a SSSD domain. + manual page, section DOMAIN SECTIONS, + for details on the configuration of an SSSD domain. krb5_server, krb5_backup_server (string) @@ -76,12 +76,12 @@ Specifies the comma-separated list of IP addresses or hostnames of the Kerberos servers to which SSSD should - connect in the order of preference. For more + connect, in the order of preference. For more information on failover and server redundancy, see the FAILOVER section. An optional port number (preceded by a colon) may be appended to the addresses or hostnames. - If empty, service discovery is enabled - + If empty, service discovery is enabled; for more information, refer to the SERVICE DISCOVERY section. @@ -114,15 +114,15 @@ If the change password service is not running on the - KDC alternative servers can be defined here. An + KDC, alternative servers can be defined here. An optional port number (preceded by a colon) may be appended to the addresses or hostnames. For more information on failover and server redundancy, see the FAILOVER section. - Please note that even if there are no more kpasswd - servers to try the back end is not switch to offline + NOTE: Even if there are no more kpasswd + servers to try, the backend is not switched to operate offline if authentication against the KDC is still possible. @@ -138,10 +138,11 @@ Directory to store credential caches. All the substitution sequences of krb5_ccname_template can be used here, too, except %d and %P. If the - directory does not exist it will be created. If %u, - %U, %p or %h are used a private directory belonging - to the user is created. Otherwise a public directory - with restricted deletion flag (aka sticky bit, see + directory does not exist, it will be created. If %u, + %U, %p or %h are used, a private directory belonging + to the user is created. Otherwise, a public directory + with restricted deletion flag (aka sticky bit, as + described in chmod 1 @@ -158,11 +159,11 @@ Location of the user's credential cache. Two credential - cache types are currently supported - FILE - and DIR. The cache can either be specified - as TYPE:RESIDUAL, or an absolute + cache types are currently supported: FILE + and DIR. The cache can be specified either + as TYPE:RESIDUAL, or as an absolute path, which implies the FILE type. In the - template the following sequences are substituted: + template, the following sequences are substituted: %u @@ -194,7 +195,7 @@ %P - the process ID of the sssd + the process ID of the SSSD client @@ -217,8 +218,8 @@ krb5_auth_timeout (integer) - Timeout in seconds after an online authentication or - change password request is aborted. If possible the + Timeout in seconds after an online authentication request + or change password request is aborted. If possible, the authentication request is continued offline. @@ -233,11 +234,11 @@ Verify with the help of krb5_keytab that the TGT obtained has not been spoofed. The keytab is checked for - entries sequentially, and the first entry with matching - realm is used for validation. If no entry matches the last - one is used. This can be utilized to achieve validation in - enviroments with cross-realm trust by placing appropriate - keytab entry as the last one or the only one. + entries sequentially, and the first entry with a matching + realm is used for validation. If no entry matches the realm, the last + entry in the keytab is used. This process can be used to validate + environments using cross-realm trust by placing the appropriate + keytab entry as the last entry or the only entry in the keytab file. Default: false @@ -264,14 +265,14 @@ Store the password of the user if the provider is offline and use it to request a TGT when the - provider gets online again. + provider comes online again. - Please note that this feature currently only - available on a Linux platform. Passwords stored in - this way are kept in plaintext in the kernel - keyring and are potentially accessible by the root - user (with difficulty). + NOTE: this feature is only available on Linux. + Passwords stored in this way are kept in + plaintext in the kernel keyring and are + potentially accessible by the root user + (with difficulty). Default: false @@ -284,30 +285,29 @@ Request a renewable ticket with a total - lifetime given by an integer immediately followed - by one of the following delimiters: + lifetime, given as an integer immediately followed + by a time unit: - s seconds + s for seconds - m minutes + m for minutes - h hours + h for hours - d days. + d for days. - If there is no delimiter s is + If there is no unit given, s is assumed. - Please note that it is not possible to mix units. - If you want to set the renewable lifetime to one - and a half hours please use '90m' instead of - '1h30m'. + NOTE: It is not possible to mix units. To set + the renewable lifetime to one and a half hours, + use '90m' instead of '1h30m'. Default: not set, i.e. the TGT is not renewable @@ -319,29 +319,28 @@ krb5_lifetime (string) - Request ticket with a with a lifetime given by an - integer immediately followed by one of the following - delimiters: + Request ticket with a with a lifetime, given as an + integer immediately followed by a time unit: - s seconds + s for seconds - m minutes + m for minutes - h hours + h for hours - d days. + d for days. - If there is no delimiter s is + If there is no unit given s is assumed. - Please note that it is not possible to mix units. - If you want to set the lifetime to one and a half + NOTE: It is not possible to mix units. + To set the lifetime to one and a half hours please use '90m' instead of '1h30m'. @@ -360,7 +359,7 @@ of their lifetime is exceeded. - If this option is not set or 0 the automatic + If this option is not set or is 0 the automatic renewal is disabled. @@ -378,28 +377,30 @@ following options are supported: - never use FAST, this is - equivalent to not set this option at all. + never use FAST. This is + equivalent to not setting this option at all. - try to use FAST, if the server - does not support fast continue without. + try to use FAST. If the server + does not support FAST, continue the + authentication without it. - demand to use FAST, fail if the - server does not require fast. + demand to use FAST. The + authentication fails if the server does not + require fast. Default: not set, i.e. FAST is not used. - Please note that a keytab is required to use fast. + NOTE: a keytab is required to use FAST. - Please note also that sssd supports fast only with - MIT Kerberos version 1.8 and above. If sssd used - with an older version using this option is a - configuration error. + NOTE: SSSD supports FAST only with + MIT Kerberos version 1.8 and later. If SSSD is used + with an older version of MIT Kerberos, using this + option is a configuration error. @@ -419,7 +420,7 @@ Specifies if the host and user principal should be canonicalized. This feature is available with MIT - Kerberos >= 1.7 + Kerberos 1.7 and later versions. @@ -442,7 +443,7 @@ The following example assumes that SSSD is correctly configured and FOO is one of the domains in the [sssd] section. This example shows - only configuration of Kerberos authentication, it does not include + only configuration of Kerberos authentication; it does not include any identity provider. -- cgit